Fix several things:
(1) The changes to path learning in the two previous releases were poorly thought out, and this version should remedy that by introducing PROBE. This is basically a kind of ECHO request and is used to authenticate endpoints that are not learned via a valid request/response pair. Thus we will still passively learn endpoints, but securely. (2) Turns out there was a security oversight in _doHELLO() that could have permitted... well... I'm not sure it was exploitable to do anything particularly interesting since a bad identity would be discarded anyway, but fix it just the same.
This commit is contained in:
Adam Ierymenko
parent
8055635e85
commit
10df5dcf70
8 changed files with 145 additions and 36 deletions
|
|
@ -49,7 +49,7 @@
|
|||
#include "Mutex.hpp"
|
||||
|
||||
// Increment if serialization has changed
|
||||
#define ZT_PEER_SERIALIZATION_VERSION 5
|
||||
#define ZT_PEER_SERIALIZATION_VERSION 6
|
||||
|
||||
namespace ZeroTier {
|
||||
|
||||
|
|
@ -129,7 +129,7 @@ public:
|
|||
uint64_t now);
|
||||
|
||||
/**
|
||||
* Send a UDP packet to this peer
|
||||
* Send a UDP packet to this peer directly (not via relaying)
|
||||
*
|
||||
* @param _r Runtime environment
|
||||
* @param data Data to send
|
||||
|
|
@ -236,9 +236,19 @@ public:
|
|||
}
|
||||
|
||||
/**
|
||||
* @return Lowest of measured latencies of all paths or 0 if unknown
|
||||
* @return Current latency or 0 if unknown (max: 65535)
|
||||
*/
|
||||
inline unsigned int latency() const throw() { return _latency; }
|
||||
inline unsigned int latency() const
|
||||
throw()
|
||||
{
|
||||
uint64_t now = Utils::now();
|
||||
uint64_t latestOutstandingReq = 0;
|
||||
for(unsigned int p=0;p<ZT_PEER_REQUEST_HISTORY_LENGTH;++p)
|
||||
latestOutstandingReq = std::max(latestOutstandingReq,_requestHistory[p].timestamp);
|
||||
if (latestOutstandingReq)
|
||||
return std::min(std::max((unsigned int)(now - latestOutstandingReq),(unsigned int)_latency),(unsigned int)0xffff);
|
||||
else return _latency;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return True if this peer has at least one direct IP address path
|
||||
|
|
@ -513,12 +523,12 @@ private:
|
|||
WanPath _ipv4p;
|
||||
WanPath _ipv6p;
|
||||
|
||||
uint64_t _lastUsed;
|
||||
uint64_t _lastUnicastFrame;
|
||||
uint64_t _lastMulticastFrame;
|
||||
uint64_t _lastAnnouncedTo;
|
||||
unsigned int _latency; // milliseconds, 0 if not known
|
||||
volatile uint64_t _lastUsed;
|
||||
volatile uint64_t _lastUnicastFrame;
|
||||
volatile uint64_t _lastMulticastFrame;
|
||||
volatile uint64_t _lastAnnouncedTo;
|
||||
unsigned int _vMajor,_vMinor,_vRevision;
|
||||
volatile unsigned int _latency;
|
||||
|
||||
// not persisted
|
||||
RequestHistoryItem _requestHistory[ZT_PEER_REQUEST_HISTORY_LENGTH];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue