(1) Disable firewall openers (its easy to re-enable), (2) Do some prep work for making supernode topology hot-updatable.

2014-08-05 14:05:50 -07:00 · 2014-08-05 14:05:50 -07:00 · 8a804b5257
commit 8a804b5257
parent e3c5ada3a7
12 changed files with 48 additions and 3 deletions
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@ -228,7 +228,7 @@
 /**
 * Default number of bits in multicast propagation prefix
 */
-#define ZT_DEFAULT_MULTICAST_PREFIX_BITS 1
+#define ZT_DEFAULT_MULTICAST_PREFIX_BITS 2

 /**
 * Default max depth (TTL) for multicast propagation
@ -272,8 +272,10 @@
 *
 * This should be lower than the UDP conversation entry timeout in most
 * stateful firewalls.
+ *
+ * Uncomment to disable firewall openers.
 */
-#define ZT_FIREWALL_OPENER_DELAY 30000
+//#define ZT_FIREWALL_OPENER_DELAY 30000

 /**
 * Number of hops to open via firewall opener packets
@ -284,7 +286,7 @@
 * 2 should permit traversal of double-NAT configurations, such as from inside
 * a VM running behind local NAT on a host that is itself behind NAT.
 */
-#define ZT_FIREWALL_OPENER_HOPS 2
+//#define ZT_FIREWALL_OPENER_HOPS 2

 /**
 * Delay between requests for updated network autoconf information
@ -363,6 +365,9 @@

 /**
 * Delay in milliseconds between firewall opener and real packet for NAT-t
+ *
+ * If firewall openers are disbled, it just waits this long before sending
+ * NAT-t packets.
 */
 #define ZT_RENDEZVOUS_NAT_T_DELAY 500

--- a/node/Node.cpp
+++ b/node/Node.cpp
@ -656,7 +656,9 @@ Node::ReasonForTermination Node::run()
 					lastPingCheck = now;
 					try {
 						_r->topology->eachPeer(Topology::PingPeersThatNeedPing(_r,now));
+#ifdef ZT_FIREWALL_OPENER_DELAY
 						_r->topology->eachPeer(Topology::OpenPeersThatNeedFirewallOpener(_r,now));
+#endif
 					} catch (std::exception &exc) {
 						LOG("unexpected exception running ping check cycle: %s",exc.what());
 					} catch ( ... ) {
--- a/node/Peer.cpp
+++ b/node/Peer.cpp
@ -25,6 +25,7 @@
 * LLC. Start here: http://www.zerotier.com/
 */

+#include "Constants.hpp"
 #include "Peer.hpp"
 #include "Switch.hpp"
 #include "AntiRecursion.hpp"
@ -180,6 +181,7 @@ Path::Type Peer::send(const RuntimeEnvironment *_r,const void *data,unsigned int
 	return Path::PATH_TYPE_NULL;
 }

+#ifdef ZT_FIREWALL_OPENER_DELAY
 bool Peer::sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now)
 {
 	bool sent = false;
@ -194,6 +196,7 @@ bool Peer::sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now)

 	return sent;
 }
+#endif

 bool Peer::sendPing(const RuntimeEnvironment *_r,uint64_t now)
 {
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@ -142,6 +142,7 @@ public:
 	 */
 	Path::Type send(const RuntimeEnvironment *_r,const void *data,unsigned int len,uint64_t now);

+#ifdef ZT_FIREWALL_OPENER_DELAY
 	/**
 	 * Send firewall opener to all UDP paths
 	 * 
@ -150,6 +151,7 @@ public:
 	 * @return True if send appears successful for at least one address type
 	 */
 	bool sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now);
+#endif

 	/**
 	 * Send HELLO to a peer via all direct paths available
--- a/node/SocketManager.cpp
+++ b/node/SocketManager.cpp
@ -463,6 +463,7 @@ bool SocketManager::send(const InetAddress &to,bool tcp,bool autoConnectTcp,cons
 	return false;
 }

+#ifdef ZT_FIREWALL_OPENER_DELAY
 bool SocketManager::sendFirewallOpener(const InetAddress &to,int hopLimit)
 {
 	if (to.isV4()) {
@ -474,6 +475,7 @@ bool SocketManager::sendFirewallOpener(const InetAddress &to,int hopLimit)
 	}
 	return false;
 }
+#endif

 void SocketManager::poll(unsigned long timeout)
 {
--- a/node/SocketManager.hpp
+++ b/node/SocketManager.hpp
@ -35,6 +35,7 @@
 #include <stdexcept>

 #include "Constants.hpp"
+
 #include "SharedPtr.hpp"
 #include "InetAddress.hpp"
 #include "Socket.hpp"
@ -108,7 +109,9 @@ public:
 	 * @param to Destination address
 	 * @param hopLimit IP TTL
 	 */
+#ifdef ZT_FIREWALL_OPENER_DELAY
 	bool sendFirewallOpener(const InetAddress &to,int hopLimit);
+#endif

 	/**
 	 * Perform I/O polling operation (e.g. select())
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@ -461,7 +461,9 @@ bool Switch::unite(const Address &p1,const Address &p2,bool force)

 void Switch::contact(const SharedPtr<Peer> &peer,const InetAddress &atAddr)
 {
+#ifdef ZT_FIREWALL_OPENER_HOPS
 	_r->sm->sendFirewallOpener(atAddr,ZT_FIREWALL_OPENER_HOPS);
+#endif

 	{
 		Mutex::Lock _l(_contactQueue_m);
--- a/node/Topology.hpp
+++ b/node/Topology.hpp
@ -194,6 +194,7 @@ public:
 			f(*this,*p);
 	}

+#ifdef ZT_FIREWALL_OPENER_DELAY
 	/**
 	 * Function object to collect peers that need a firewall opener sent
 	 */
@ -214,6 +215,7 @@ public:
 		uint64_t _now;
 		const RuntimeEnvironment *_r;
 	};
+#endif

 	/**
 	 * Pings all peers that need a ping sent, excluding supernodes