updated core to 1.2.4, fixed pico_device init bug

2017-05-04 15:33:33 -07:00
parent 890e32e88b
commit 307d164938
143 changed files with 14284 additions and 4176 deletions
--- a/zto/node/Membership.hpp
+++ b/zto/node/Membership.hpp
@@ -1,6 +1,6 @@
 /*
 * ZeroTier One - Network Virtualization Everywhere
- * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ * Copyright (C) 2011-2017  ZeroTier, Inc.  https://www.zerotier.com/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -14,6 +14,14 @@
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * You can be released from the requirements of the license by purchasing
+ * a commercial license. Buying such a license is mandatory as soon as you
+ * develop commercial closed-source software that incorporates or links
+ * directly against ZeroTier software without disclosing the source code
+ * of your own application.
 */

 #ifndef ZT_MEMBERSHIP_HPP
@@ -23,6 +31,8 @@

 #include "Constants.hpp"
 #include "../include/ZeroTierOne.h"
+#include "Credential.hpp"
+#include "Hashtable.hpp"
 #include "CertificateOfMembership.hpp"
 #include "Capability.hpp"
 #include "Tag.hpp"
@@ -45,35 +55,6 @@ class Network;
 */
 class Membership
 {
-private:
-	template<typename T>
-	struct _RemoteCredential
-	{
-		_RemoteCredential() : id(ZT_MEMBERSHIP_CRED_ID_UNUSED),lastReceived(0),revocationThreshold(0) {}
-		uint64_t id;
-		uint64_t lastReceived; // last time we got this credential
-		uint64_t revocationThreshold; // credentials before this time are invalid
-		T credential;
-		inline bool operator<(const _RemoteCredential &c) const { return (id < c.id); }
-	};
-
-	template<typename T>
-	struct _RemoteCredentialComp
-	{
-		inline bool operator()(const _RemoteCredential<T> *a,const _RemoteCredential<T> *b) const { return (a->id < b->id); }
-		inline bool operator()(const uint64_t a,const _RemoteCredential<T> *b) const { return (a < b->id); }
-		inline bool operator()(const _RemoteCredential<T> *a,const uint64_t b) const { return (a->id < b); }
-		inline bool operator()(const uint64_t a,const uint64_t b) const { return (a < b); }
-	};
-
-	// Used to track push state for network config tags[] and capabilities[] entries
-	struct _LocalCredentialPushState
-	{
-		_LocalCredentialPushState() : lastPushed(0),id(0) {}
-		uint64_t lastPushed; // last time we sent our own copy of this credential
-		uint64_t id;
-	};
-
 public:
 	enum AddCredentialResult
 	{
@@ -83,72 +64,6 @@ public:
 		ADD_DEFERRED_FOR_WHOIS
 	};

-	/**
-	 * Iterator to scan forward through capabilities in ascending order of ID
-	 */
-	class CapabilityIterator
-	{
-	public:
-		CapabilityIterator(const Membership &m,const NetworkConfig &nconf) :
-			_m(&m),
-			_c(&nconf),
-			_i(&(m._remoteCaps[0])) {}
-
-		inline const Capability *next()
-		{
-			for(;;) {
-				if ((_i != &(_m->_remoteCaps[ZT_MAX_NETWORK_CAPABILITIES]))&&((*_i)->id != ZT_MEMBERSHIP_CRED_ID_UNUSED)) {
-					const Capability *tmp = &((*_i)->credential);
-					if (_m->_isCredentialTimestampValid(*_c,**_i)) {
-						++_i;
-						return tmp;
-					} else ++_i;
-				} else {
-					return (const Capability *)0;
-				}
-			}
-		}
-
-	private:
-		const Membership *_m;
-		const NetworkConfig *_c;
-		const _RemoteCredential<Capability> *const *_i;
-	};
-	friend class CapabilityIterator;
-
-	/**
-	 * Iterator to scan forward through tags in ascending order of ID
-	 */
-	class TagIterator
-	{
-	public:
-		TagIterator(const Membership &m,const NetworkConfig &nconf) :
-			_m(&m),
-			_c(&nconf),
-			_i(&(m._remoteTags[0])) {}
-
-		inline const Tag *next()
-		{
-			for(;;) {
-				if ((_i != &(_m->_remoteTags[ZT_MAX_NETWORK_TAGS]))&&((*_i)->id != ZT_MEMBERSHIP_CRED_ID_UNUSED)) {
-					const Tag *tmp = &((*_i)->credential);
-					if (_m->_isCredentialTimestampValid(*_c,**_i)) {
-						++_i;
-						return tmp;
-					} else ++_i;
-				} else {
-					return (const Tag *)0;
-				}
-			}
-		}
-
-	private:
-		const Membership *_m;
-		const NetworkConfig *_c;
-		const _RemoteCredential<Tag> *const *_i;
-	};
-	friend class TagIterator;
-
 	Membership();

 	/**
@@ -168,19 +83,19 @@ public:
 	void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const uint64_t now,const Address &peerAddress,const NetworkConfig &nconf,int localCapabilityIndex,const bool force);

 	/**
-	 * Check whether we should push MULTICAST_LIKEs to this peer
+	 * Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true
 	 *
 	 * @param now Current time
 	 * @return True if we should update multicasts
 	 */
-	inline bool shouldLikeMulticasts(const uint64_t now) const { return ((now - _lastUpdatedMulticast) >= ZT_MULTICAST_ANNOUNCE_PERIOD); }
-
-	/**
-	 * Set time we last updated multicasts for this peer
-	 *
-	 * @param now Current time
-	 */
-	inline void likingMulticasts(const uint64_t now) { _lastUpdatedMulticast = now; }
+	inline bool multicastLikeGate(const uint64_t now)
+	{
+		if ((now - _lastUpdatedMulticast) >= ZT_MULTICAST_ANNOUNCE_PERIOD) {
+			_lastUpdatedMulticast = now;
+			return true;
+		}
+		return false;
+	}

 	/**
 	 * Check whether the peer represented by this Membership should be allowed on this network at all
@@ -190,10 +105,8 @@ public:
 	 */
 	inline bool isAllowedOnNetwork(const NetworkConfig &nconf) const
 	{
-		if (nconf.isPublic())
-			return true;
-		if (_com.timestamp().first <= _comRevocationThreshold)
-			return false;
+		if (nconf.isPublic()) return true;
+		if (_com.timestamp() <= _comRevocationThreshold) return false;
 		return nconf.com.agreesWith(_com);
 	}

@@ -208,21 +121,28 @@ public:
 	template<typename T>
 	inline bool hasCertificateOfOwnershipFor(const NetworkConfig &nconf,const T &r) const
 	{
-		for(unsigned int i=0;i<ZT_MAX_CERTIFICATES_OF_OWNERSHIP;++i) {
-			if (_remoteCoos[i]->id == ZT_MEMBERSHIP_CRED_ID_UNUSED)
-				break;
-			if ((_isCredentialTimestampValid(nconf,*_remoteCoos[i]))&&(_remoteCoos[i]->credential.owns(r)))
+		uint32_t *k = (uint32_t *)0;
+		CertificateOfOwnership *v = (CertificateOfOwnership *)0;
+		Hashtable< uint32_t,CertificateOfOwnership >::Iterator i(*(const_cast< Hashtable< uint32_t,CertificateOfOwnership> *>(&_remoteCoos)));
+		while (i.next(k,v)) {
+			if (_isCredentialTimestampValid(nconf,*v)&&(v->owns(r)))
 				return true;
 		}
 		return false;
 	}

 	/**
+	 * Get a remote member's tag (if we have it)
+	 *
 	 * @param nconf Network configuration
 	 * @param id Tag ID
 	 * @return Pointer to tag or NULL if not found
 	 */
-	const Tag *getTag(const NetworkConfig &nconf,const uint32_t id) const;
+	inline const Tag *getTag(const NetworkConfig &nconf,const uint32_t id) const
+	{
+		const Tag *const t = _remoteTags.get(id);
+		return (((t)&&(_isCredentialTimestampValid(nconf,*t))) ? t : (Tag *)0);
+	}

 	/**
 	 * Validate and add a credential if signature is okay and it's otherwise good
@@ -242,29 +162,59 @@ public:
 	/**
 	 * Validate and add a credential if signature is okay and it's otherwise good
 	 */
-	AddCredentialResult addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const Revocation &rev);
+	AddCredentialResult addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfOwnership &coo);

 	/**
 	 * Validate and add a credential if signature is okay and it's otherwise good
 	 */
-	AddCredentialResult addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfOwnership &coo);
+	AddCredentialResult addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const Revocation &rev);
+
+	/**
+	 * Clean internal databases of stale entries
+	 *
+	 * @param now Current time
+	 * @param nconf Current network configuration
+	 */
+	void clean(const uint64_t now,const NetworkConfig &nconf);
+
+	/**
+	 * Reset last pushed time for local credentials
+	 *
+	 * This is done when we update our network configuration and our credentials have changed
+	 */
+	inline void resetPushState()
+	{
+		_lastPushedCom = 0;
+		memset(&_localCredLastPushed,0,sizeof(_localCredLastPushed));
+	}
+
+	/**
+	 * Generates a key for the internal use in indexing credentials by type and credential ID
+	 */
+	static uint64_t credentialKey(const Credential::Type &t,const uint32_t i) { return (((uint64_t)t << 32) | (uint64_t)i); }

 private:
-	_RemoteCredential<Tag> *_newTag(const uint64_t id);
-	_RemoteCredential<Capability> *_newCapability(const uint64_t id);
-	_RemoteCredential<CertificateOfOwnership> *_newCoo(const uint64_t id);
-	bool _revokeCom(const Revocation &rev);
-	bool _revokeCap(const Revocation &rev,const uint64_t now);
-	bool _revokeTag(const Revocation &rev,const uint64_t now);
-	bool _revokeCoo(const Revocation &rev,const uint64_t now);
+	template<typename C>
+	inline bool _isCredentialTimestampValid(const NetworkConfig &nconf,const C &remoteCredential) const
+	{
+		const uint64_t ts = remoteCredential.timestamp();
+		if (((ts >= nconf.timestamp) ? (ts - nconf.timestamp) : (nconf.timestamp - ts)) <= nconf.credentialTimeMaxDelta) {
+			const uint64_t *threshold = _revocations.get(credentialKey(C::credentialType(),remoteCredential.id()));
+			return ((!threshold)||(ts > *threshold));
+		}
+		return false;
+	}

 	template<typename C>
-	inline bool _isCredentialTimestampValid(const NetworkConfig &nconf,const _RemoteCredential<C> &remoteCredential) const
+	void _cleanCredImpl(const NetworkConfig &nconf,Hashtable<uint32_t,C> &remoteCreds)
 	{
-		if (!remoteCredential.lastReceived)
-			return false;
-		const uint64_t ts = remoteCredential.credential.timestamp();
-		return ( (((ts >= nconf.timestamp) ? (ts - nconf.timestamp) : (nconf.timestamp - ts)) <= nconf.credentialTimeMaxDelta) && (ts > remoteCredential.revocationThreshold) );
+		uint32_t *k = (uint32_t *)0;
+		C *v = (C *)0;
+		typename Hashtable<uint32_t,C>::Iterator i(remoteCreds);
+		while (i.next(k,v)) {
+			if (!_isCredentialTimestampValid(nconf,*v))
+				remoteCreds.erase(*k);
+		}
 	}

 	// Last time we pushed MULTICAST_LIKE(s)
@@ -279,20 +229,50 @@ private:
 	// Remote member's latest network COM
 	CertificateOfMembership _com;

-	// Sorted (in ascending order of ID) arrays of pointers to remote credentials
-	_RemoteCredential<Tag> *_remoteTags[ZT_MAX_NETWORK_TAGS];
-	_RemoteCredential<Capability> *_remoteCaps[ZT_MAX_NETWORK_CAPABILITIES];
-	_RemoteCredential<CertificateOfOwnership> *_remoteCoos[ZT_MAX_CERTIFICATES_OF_OWNERSHIP];
+	// Revocations by credentialKey()
+	Hashtable< uint64_t,uint64_t > _revocations;

-	// This is the RAM allocated for remote credential cache objects
-	_RemoteCredential<Tag> _tagMem[ZT_MAX_NETWORK_TAGS];
-	_RemoteCredential<Capability> _capMem[ZT_MAX_NETWORK_CAPABILITIES];
-	_RemoteCredential<CertificateOfOwnership> _cooMem[ZT_MAX_CERTIFICATES_OF_OWNERSHIP];
+	// Remote credentials that we have received from this member (and that are valid)
+	Hashtable< uint32_t,Tag > _remoteTags;
+	Hashtable< uint32_t,Capability > _remoteCaps;
+	Hashtable< uint32_t,CertificateOfOwnership > _remoteCoos;

-	// Local credential push state tracking
-	_LocalCredentialPushState _localTags[ZT_MAX_NETWORK_TAGS];
-	_LocalCredentialPushState _localCaps[ZT_MAX_NETWORK_CAPABILITIES];
-	_LocalCredentialPushState _localCoos[ZT_MAX_CERTIFICATES_OF_OWNERSHIP];
+	// Time we last pushed our local credentials to this member
+	struct {
+		uint64_t tag[ZT_MAX_NETWORK_TAGS];
+		uint64_t cap[ZT_MAX_NETWORK_CAPABILITIES];
+		uint64_t coo[ZT_MAX_CERTIFICATES_OF_OWNERSHIP];
+	} _localCredLastPushed;
+
+public:
+	class CapabilityIterator
+	{
+	public:
+		CapabilityIterator(Membership &m,const NetworkConfig &nconf) :
+			_hti(m._remoteCaps),
+			_k((uint32_t *)0),
+			_c((Capability *)0),
+			_m(m),
+			_nconf(nconf)
+		{
+		}
+
+		inline Capability *next()
+		{
+			while (_hti.next(_k,_c)) {
+				if (_m._isCredentialTimestampValid(_nconf,*_c))
+					return _c;
+			}
+			return (Capability *)0;
+		}
+
+	private:
+		Hashtable< uint32_t,Capability >::Iterator _hti;
+		uint32_t *_k;
+		Capability *_c;
+		Membership &_m;
+		const NetworkConfig &_nconf;
+	};
 };

 } // namespace ZeroTier