Merge branch 'dev' into netbsd-support
This commit is contained in:
commit
42ec780a6f
682 changed files with 119343 additions and 39556 deletions
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* ZeroTier One - Network Virtualization Everywhere
|
||||
* Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/
|
||||
* Copyright (C) 2011-2018 ZeroTier, Inc. https://www.zerotier.com/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -14,6 +14,14 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* --
|
||||
*
|
||||
* You can be released from the requirements of the license by purchasing
|
||||
* a commercial license. Buying such a license is mandatory as soon as you
|
||||
* develop commercial closed-source software that incorporates or links
|
||||
* directly against ZeroTier software without disclosing the source code
|
||||
* of your own application.
|
||||
*/
|
||||
|
||||
#ifndef ZT_CONSTANTS_HPP
|
||||
|
@ -52,6 +60,8 @@
|
|||
#endif
|
||||
|
||||
#ifdef __APPLE__
|
||||
#define likely(x) __builtin_expect((x),1)
|
||||
#define unlikely(x) __builtin_expect((x),0)
|
||||
#include <TargetConditionals.h>
|
||||
#ifndef __UNIX_LIKE__
|
||||
#define __UNIX_LIKE__
|
||||
|
@ -128,6 +138,28 @@
|
|||
#define RTF_MULTICAST 0x20000000
|
||||
#endif
|
||||
|
||||
#if (defined(__GNUC__) && (__GNUC__ >= 3)) || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 800)) || defined(__clang__)
|
||||
#ifndef likely
|
||||
#define likely(x) __builtin_expect((x),1)
|
||||
#endif
|
||||
#ifndef unlikely
|
||||
#define unlikely(x) __builtin_expect((x),0)
|
||||
#endif
|
||||
#else
|
||||
#ifndef likely
|
||||
#define likely(x) (x)
|
||||
#endif
|
||||
#ifndef unlikely
|
||||
#define unlikely(x) (x)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef __WINDOWS__
|
||||
#define ZT_PACKED_STRUCT(D) __pragma(pack(push,1)) D __pragma(pack(pop))
|
||||
#else
|
||||
#define ZT_PACKED_STRUCT(D) D __attribute__((packed))
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Length of a ZeroTier address in bytes
|
||||
*/
|
||||
|
@ -143,27 +175,15 @@
|
|||
*/
|
||||
#define ZT_ADDRESS_RESERVED_PREFIX 0xff
|
||||
|
||||
/**
|
||||
* Default payload MTU for UDP packets
|
||||
*
|
||||
* In the future we might support UDP path MTU discovery, but for now we
|
||||
* set a maximum that is equal to 1500 minus 8 (for PPPoE overhead, common
|
||||
* in some markets) minus 48 (IPv6 UDP overhead).
|
||||
*/
|
||||
#define ZT_UDP_DEFAULT_PAYLOAD_MTU 1444
|
||||
|
||||
/**
|
||||
* Default MTU used for Ethernet tap device
|
||||
*/
|
||||
#define ZT_IF_MTU ZT_MAX_MTU
|
||||
#define ZT_DEFAULT_MTU 2800
|
||||
|
||||
/**
|
||||
* Maximum number of packet fragments we'll support
|
||||
*
|
||||
* The actual spec allows 16, but this is the most we'll support right
|
||||
* now. Packets with more than this many fragments are dropped.
|
||||
* Maximum number of packet fragments we'll support (protocol max: 16)
|
||||
*/
|
||||
#define ZT_MAX_PACKET_FRAGMENTS 4
|
||||
#define ZT_MAX_PACKET_FRAGMENTS 7
|
||||
|
||||
/**
|
||||
* Size of RX queue
|
||||
|
@ -173,50 +193,40 @@
|
|||
*/
|
||||
#define ZT_RX_QUEUE_SIZE 64
|
||||
|
||||
/**
|
||||
* RX queue entries older than this do not "exist"
|
||||
*/
|
||||
#define ZT_RX_QUEUE_EXPIRE 4000
|
||||
|
||||
/**
|
||||
* Length of secret key in bytes -- 256-bit -- do not change
|
||||
*/
|
||||
#define ZT_PEER_SECRET_KEY_LENGTH 32
|
||||
|
||||
/**
|
||||
* How often Topology::clean() and Network::clean() and similar are called, in ms
|
||||
*/
|
||||
#define ZT_HOUSEKEEPING_PERIOD 120000
|
||||
|
||||
/**
|
||||
* Overriding granularity for timer tasks to prevent CPU-intensive thrashing on every packet
|
||||
* Minimum delay between timer task checks to prevent thrashing
|
||||
*/
|
||||
#define ZT_CORE_TIMER_TASK_GRANULARITY 500
|
||||
|
||||
/**
|
||||
* How long to remember peer records in RAM if they haven't been used
|
||||
* How often Topology::clean() and Network::clean() and similar are called, in ms
|
||||
*/
|
||||
#define ZT_PEER_IN_MEMORY_EXPIRATION 600000
|
||||
#define ZT_HOUSEKEEPING_PERIOD 60000
|
||||
|
||||
/**
|
||||
* Delay between WHOIS retries in ms
|
||||
*/
|
||||
#define ZT_WHOIS_RETRY_DELAY 1000
|
||||
|
||||
/**
|
||||
* Maximum identity WHOIS retries (each attempt tries consulting a different peer)
|
||||
*/
|
||||
#define ZT_MAX_WHOIS_RETRIES 3
|
||||
#define ZT_WHOIS_RETRY_DELAY 500
|
||||
|
||||
/**
|
||||
* Transmit queue entry timeout
|
||||
*/
|
||||
#define ZT_TRANSMIT_QUEUE_TIMEOUT (ZT_WHOIS_RETRY_DELAY * (ZT_MAX_WHOIS_RETRIES + 1))
|
||||
#define ZT_TRANSMIT_QUEUE_TIMEOUT 5000
|
||||
|
||||
/**
|
||||
* Receive queue entry timeout
|
||||
*/
|
||||
#define ZT_RECEIVE_QUEUE_TIMEOUT (ZT_WHOIS_RETRY_DELAY * (ZT_MAX_WHOIS_RETRIES + 1))
|
||||
#define ZT_RECEIVE_QUEUE_TIMEOUT 5000
|
||||
|
||||
/**
|
||||
* Maximum latency to allow for OK(HELLO) before packet is discarded
|
||||
*/
|
||||
#define ZT_HELLO_MAX_ALLOWABLE_LATENCY 120000
|
||||
|
||||
/**
|
||||
* Maximum number of ZT hops allowed (this is not IP hops/TTL)
|
||||
|
@ -230,11 +240,21 @@
|
|||
*/
|
||||
#define ZT_MULTICAST_LIKE_EXPIRE 600000
|
||||
|
||||
/**
|
||||
* Period for multicast LIKE announcements
|
||||
*/
|
||||
#define ZT_MULTICAST_ANNOUNCE_PERIOD 120000
|
||||
|
||||
/**
|
||||
* Delay between explicit MULTICAST_GATHER requests for a given multicast channel
|
||||
*/
|
||||
#define ZT_MULTICAST_EXPLICIT_GATHER_DELAY (ZT_MULTICAST_LIKE_EXPIRE / 10)
|
||||
|
||||
/**
|
||||
* Expiration for credentials presented for MULTICAST_LIKE or MULTICAST_GATHER (for non-network-members)
|
||||
*/
|
||||
#define ZT_MULTICAST_CREDENTIAL_EXPIRATON ZT_MULTICAST_LIKE_EXPIRE
|
||||
|
||||
/**
|
||||
* Timeout for outgoing multicasts
|
||||
*
|
||||
|
@ -243,30 +263,34 @@
|
|||
#define ZT_MULTICAST_TRANSMIT_TIMEOUT 5000
|
||||
|
||||
/**
|
||||
* Default maximum number of peers to address with a single multicast (if unspecified in network config)
|
||||
* Delay between checks of peer pings, etc., and also related housekeeping tasks
|
||||
*/
|
||||
#define ZT_MULTICAST_DEFAULT_LIMIT 32
|
||||
#define ZT_PING_CHECK_INVERVAL 5000
|
||||
|
||||
/**
|
||||
* How frequently to send a zero-byte UDP keepalive packet
|
||||
*
|
||||
* There are NATs with timeouts as short as 20 seconds, so this turns out
|
||||
* to be needed.
|
||||
* How frequently to send heartbeats over in-use paths
|
||||
*/
|
||||
#define ZT_NAT_KEEPALIVE_DELAY 19000
|
||||
#define ZT_PATH_HEARTBEAT_PERIOD 14000
|
||||
|
||||
/**
|
||||
* Delay between scans of the topology active peer DB for peers that need ping
|
||||
*
|
||||
* This is also how often pings will be retried to upstream peers (relays, roots)
|
||||
* constantly until something is heard.
|
||||
* Do not accept HELLOs over a given path more often than this
|
||||
*/
|
||||
#define ZT_PING_CHECK_INVERVAL 9500
|
||||
#define ZT_PATH_HELLO_RATE_LIMIT 1000
|
||||
|
||||
/**
|
||||
* Delay between ordinary case pings of direct links
|
||||
* Delay between full-fledge pings of directly connected peers
|
||||
*/
|
||||
#define ZT_PEER_DIRECT_PING_DELAY 60000
|
||||
#define ZT_PEER_PING_PERIOD 60000
|
||||
|
||||
/**
|
||||
* Paths are considered expired if they have not sent us a real packet in this long
|
||||
*/
|
||||
#define ZT_PEER_PATH_EXPIRATION ((ZT_PEER_PING_PERIOD * 4) + 3000)
|
||||
|
||||
/**
|
||||
* How often to retry expired paths that we're still remembering
|
||||
*/
|
||||
#define ZT_PEER_EXPIRED_PATH_TRIAL_PERIOD (ZT_PEER_PING_PERIOD * 10)
|
||||
|
||||
/**
|
||||
* Timeout for overall peer activity (measured from last receive)
|
||||
|
@ -274,19 +298,14 @@
|
|||
#define ZT_PEER_ACTIVITY_TIMEOUT 500000
|
||||
|
||||
/**
|
||||
* Timeout for path activity
|
||||
* General rate limit timeout for multiple packet types (HELLO, etc.)
|
||||
*/
|
||||
#define ZT_PATH_ACTIVITY_TIMEOUT ZT_PEER_ACTIVITY_TIMEOUT
|
||||
#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 500
|
||||
|
||||
/**
|
||||
* No answer timeout to trigger dead path detection
|
||||
* General limit for max RTT for requests over the network
|
||||
*/
|
||||
#define ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT 2000
|
||||
|
||||
/**
|
||||
* Probation threshold after which a path becomes dead
|
||||
*/
|
||||
#define ZT_PEER_DEAD_PATH_DETECTION_MAX_PROBATION 3
|
||||
#define ZT_GENERAL_RTT_LIMIT 5000
|
||||
|
||||
/**
|
||||
* Delay between requests for updated network autoconf information
|
||||
|
@ -306,19 +325,9 @@
|
|||
#define ZT_MIN_UNITE_INTERVAL 30000
|
||||
|
||||
/**
|
||||
* Delay between initial direct NAT-t packet and more aggressive techniques
|
||||
*
|
||||
* This may also be a delay before sending the first packet if we determine
|
||||
* that we should wait for the remote to initiate rendezvous first.
|
||||
* How often should peers try memorized or statically defined paths?
|
||||
*/
|
||||
#define ZT_NAT_T_TACTICAL_ESCALATION_DELAY 1000
|
||||
|
||||
/**
|
||||
* How long (max) to remember network certificates of membership?
|
||||
*
|
||||
* This only applies to networks we don't belong to.
|
||||
*/
|
||||
#define ZT_PEER_NETWORK_COM_EXPIRATION 3600000
|
||||
#define ZT_TRY_MEMORIZED_PATH_INTERVAL 30000
|
||||
|
||||
/**
|
||||
* Sanity limit on maximum bridge routes
|
||||
|
@ -334,7 +343,7 @@
|
|||
/**
|
||||
* If there is no known route, spam to up to this many active bridges
|
||||
*/
|
||||
#define ZT_MAX_BRIDGE_SPAM 16
|
||||
#define ZT_MAX_BRIDGE_SPAM 32
|
||||
|
||||
/**
|
||||
* Interval between direct path pushes in milliseconds
|
||||
|
@ -344,7 +353,7 @@
|
|||
/**
|
||||
* Time horizon for push direct paths cutoff
|
||||
*/
|
||||
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 60000
|
||||
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 30000
|
||||
|
||||
/**
|
||||
* Maximum number of direct path pushes within cutoff time
|
||||
|
@ -353,31 +362,63 @@
|
|||
* per CUTOFF_TIME milliseconds per peer to prevent this from being
|
||||
* useful for DOS amplification attacks.
|
||||
*/
|
||||
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT 5
|
||||
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT 8
|
||||
|
||||
/**
|
||||
* Maximum number of paths per IP scope (e.g. global, link-local) and family (e.g. v4/v6)
|
||||
*/
|
||||
#define ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY 4
|
||||
#define ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY 8
|
||||
|
||||
/**
|
||||
* Enable support for old Dictionary based network configs
|
||||
* Time horizon for VERB_NETWORK_CREDENTIALS cutoff
|
||||
*/
|
||||
#define ZT_PEER_CREDENTIALS_CUTOFF_TIME 60000
|
||||
|
||||
/**
|
||||
* Maximum number of VERB_NETWORK_CREDENTIALS within cutoff time
|
||||
*/
|
||||
#define ZT_PEER_CREDEITIALS_CUTOFF_LIMIT 15
|
||||
|
||||
/**
|
||||
* WHOIS rate limit (we allow these to be pretty fast)
|
||||
*/
|
||||
#define ZT_PEER_WHOIS_RATE_LIMIT 100
|
||||
|
||||
/**
|
||||
* General rate limit for other kinds of rate-limited packets (HELLO, credential request, etc.) both inbound and outbound
|
||||
*/
|
||||
#define ZT_PEER_GENERAL_RATE_LIMIT 1000
|
||||
|
||||
/**
|
||||
* Don't do expensive identity validation more often than this
|
||||
*
|
||||
* IPv4 and IPv6 address prefixes are hashed down to 14-bit (0-16383) integers
|
||||
* using the first 24 bits for IPv4 or the first 48 bits for IPv6. These are
|
||||
* then rate limited to one identity validation per this often milliseconds.
|
||||
*/
|
||||
#if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__) || defined(_M_X64) || defined(_M_AMD64))
|
||||
// AMD64 machines can do anywhere from one every 50ms to one every 10ms. This provides plenty of margin.
|
||||
#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 2000
|
||||
#else
|
||||
#if (defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(_X86_) || defined(__I86__))
|
||||
// 32-bit Intel machines usually average about one every 100ms
|
||||
#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 5000
|
||||
#else
|
||||
// This provides a safe margin for ARM, MIPS, etc. that usually average one every 250-400ms
|
||||
#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 10000
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/**
|
||||
* How long is a path or peer considered to have a trust relationship with us (for e.g. relay policy) since last trusted established packet?
|
||||
*/
|
||||
#define ZT_TRUST_EXPIRATION 600000
|
||||
|
||||
/**
|
||||
* Enable support for older network configurations from older (pre-1.1.6) controllers
|
||||
*/
|
||||
#define ZT_SUPPORT_OLD_STYLE_NETCONF 1
|
||||
|
||||
/**
|
||||
* A test pseudo-network-ID that can be joined
|
||||
*
|
||||
* Joining this network ID will result in a network with no IP addressing
|
||||
* and default parameters. No network configuration master will be consulted
|
||||
* and instead a static config will be used. This is used in built-in testnet
|
||||
* scenarios and can also be used for external testing.
|
||||
*
|
||||
* This is an impossible real network ID since 0xff is a reserved address
|
||||
* prefix.
|
||||
*/
|
||||
#define ZT_TEST_NETWORK_ID 0xffffffffffffffffULL
|
||||
|
||||
/**
|
||||
* Desired buffer size for UDP sockets (used in service and osdep but defined here)
|
||||
*/
|
||||
|
@ -387,6 +428,11 @@
|
|||
#define ZT_UDP_DESIRED_BUF_SIZE 131072
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Desired / recommended min stack size for threads (used on some platforms to reset thread stack size)
|
||||
*/
|
||||
#define ZT_THREAD_MIN_STACK_SIZE 1048576
|
||||
|
||||
/* Ethernet frame types that might be relevant to us */
|
||||
#define ZT_ETHERTYPE_IPV4 0x0800
|
||||
#define ZT_ETHERTYPE_ARP 0x0806
|
||||
|
@ -397,4 +443,13 @@
|
|||
#define ZT_ETHERTYPE_IPX_B 0x8138
|
||||
#define ZT_ETHERTYPE_IPV6 0x86dd
|
||||
|
||||
#define ZT_EXCEPTION_OUT_OF_BOUNDS 100
|
||||
#define ZT_EXCEPTION_OUT_OF_MEMORY 101
|
||||
#define ZT_EXCEPTION_PRIVATE_KEY_REQUIRED 102
|
||||
#define ZT_EXCEPTION_INVALID_ARGUMENT 103
|
||||
#define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_TYPE 200
|
||||
#define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_OVERFLOW 201
|
||||
#define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN 202
|
||||
#define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_BAD_ENCODING 203
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue