github/didyouexpectthat_zerotierone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Imported Upstream version 1.2.4

Browse source
This commit is contained in:
didyouexpectthat 2018-01-12 18:20:00 -08:00
commit 4722a0b75a
398 changed files with 38633 additions and 24919 deletions
Download patch file Download diff file Expand all files Collapse all files

474
node/Packet.hpp
View file

@ -34,11 +34,11 @@
#include "Utils.hpp"
#include "Buffer.hpp"
#ifdef ZT_USE_SYSTEM_LZ4
#include <lz4.h>
#else
#include "../ext/lz4/lz4.h"
#endif
//#ifdef ZT_USE_SYSTEM_LZ4
//#include <lz4.h>
//#else
//#include "../ext/lz4/lz4.h"
//#endif
/**
* Protocol version -- incremented only for major changes
@ -51,19 +51,25 @@
* + Yet another multicast redesign
* + New crypto completely changes key agreement cipher
* 4 - 0.6.0 ... 1.0.6
* + New identity format based on hashcash design
* + BREAKING CHANGE: New identity format based on hashcash design
* 5 - 1.1.0 ... 1.1.5
* + Supports circuit test, proof of work, and echo
* + Supports in-band world (root server definition) updates
* + Clustering! (Though this will work with protocol v4 clients.)
* + Otherwise backward compatible with protocol v4
* 6 - 1.1.5 ... 1.1.10
* + Deprecate old dictionary-based network config format
* + Introduce new binary serialized network config and meta-data
* 7 - 1.1.10 -- CURRENT
* + Network configuration format revisions including binary values
* 7 - 1.1.10 ... 1.1.17
* + Introduce trusted paths for local SDN use
* 8 - 1.1.17 ... 1.2.0
* + Multipart network configurations for large network configs
* + Tags and Capabilities
* + Inline push of CertificateOfMembership deprecated
* + Certificates of representation for federation and mesh
* 9 - 1.2.0 ... CURRENT
* + In-band encoding of packet counter for link quality measurement
*/
#define ZT_PROTO_VERSION 7
#define ZT_PROTO_VERSION 9
/**
* Minimum supported protocol version
@ -303,6 +309,7 @@
#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_FLAGS + 1)
#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC + 6)
#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_GATHER_LIMIT (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI + 4)
#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_COM (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_GATHER_LIMIT + 4)
// Note: COM, GATHER_LIMIT, and SOURCE_MAC are optional, and so are specified without size
#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
@ -346,7 +353,7 @@ namespace ZeroTier {
* ZeroTier packet
*
* Packet format:
* <[8] 64-bit random packet ID and crypto initialization vector>
* <[8] 64-bit packet ID / crypto IV / packet counter>
* <[5] destination ZT address>
* <[5] source ZT address>
* <[1] flags/cipher/hops>
@ -357,6 +364,14 @@ namespace ZeroTier {
*
* Packets smaller than 28 bytes are invalid and silently discarded.
*
* The 64-bit packet ID is a strongly random value used as a crypto IV.
* Its least significant 3 bits are also used as a monotonically increasing
* (and looping) counter for sending packets to a particular recipient. This
* can be used for link quality monitoring and reporting and has no crypto
* impact as it does not increase the likelihood of an IV collision. (The
* crypto we use is not sensitive to the nature of the IV, only that it does
* not repeat.)
*
* The flags/cipher/hops bit field is: FFCCCHHH where C is a 3-bit cipher
* selection allowing up to 7 cipher suites, F is outside-envelope flags,
* and H is hop count.
@ -523,50 +538,60 @@ public:
/**
* No operation (ignored, no reply)
*/
VERB_NOP = 0,
VERB_NOP = 0x00,
/**
* Announcement of a node's existence:
* Announcement of a node's existence and vitals:
* <[1] protocol version>
* <[1] software major version>
* <[1] software minor version>
* <[2] software revision>
* <[8] timestamp (ms since epoch)>
* <[8] timestamp for determining latency>
* <[...] binary serialized identity (see Identity)>
* <[1] destination address type>
* [<[...] destination address>]
* <[8] 64-bit world ID of current world>
* <[8] 64-bit timestamp of current world>
* <[...] physical destination address of packet>
* <[8] 64-bit world ID of current planet>
* <[8] 64-bit timestamp of current planet>
* [... remainder if packet is encrypted using cryptField() ...]
* <[2] 16-bit number of moons>
* [<[1] 8-bit type ID of moon>]
* [<[8] 64-bit world ID of moon>]
* [<[8] 64-bit timestamp of moon>]
* [... additional moon type/ID/timestamp tuples ...]
* <[2] 16-bit length of certificate of representation>
* [... certificate of representation ...]
*
* This is the only message that ever must be sent in the clear, since it
* is used to push an identity to a new peer.
* HELLO is sent in the clear as it is how peers share their identity
* public keys. A few additional fields are sent in the clear too, but
* these are things that are public info or are easy to determine. As
* of 1.2.0 we have added a few more fields, but since these could have
* the potential to be sensitive we introduced the encryption of the
* remainder of the packet. See cryptField(). Packet MAC is still
* performed of course, so authentication occurs as normal.
*
* The destination address is the wire address to which this packet is
* being sent, and in OK is *also* the destination address of the OK
* packet. This can be used by the receiver to detect NAT, learn its real
* external address if behind NAT, and detect changes to its external
* address that require re-establishing connectivity.
*
* Destination address types and formats (not all of these are used now):
* 0x00 - None -- no destination address data present
* 0x01 - Ethernet address -- format: <[6] Ethernet MAC>
* 0x04 - 6-byte IPv4 UDP address/port -- format: <[4] IP>, <[2] port>
* 0x06 - 18-byte IPv6 UDP address/port -- format: <[16] IP>, <[2] port>
* Destination address is the actual wire address to which the packet
* was sent. See InetAddress::serialize() for format.
*
* OK payload:
* <[8] timestamp (echoed from original HELLO)>
* <[1] protocol version (of responder)>
* <[1] software major version (of responder)>
* <[1] software minor version (of responder)>
* <[2] software revision (of responder)>
* <[1] destination address type (for this OK, not copied from HELLO)>
* [<[...] destination address>]
* <[2] 16-bit length of world update or 0 if none>
* [[...] world update]
* <[8] HELLO timestamp field echo>
* <[1] protocol version>
* <[1] software major version>
* <[1] software minor version>
* <[2] software revision>
* <[...] physical destination address of packet>
* <[2] 16-bit length of world update(s) or 0 if none>
* [[...] updates to planets and/or moons]
* <[2] 16-bit length of certificate of representation>
* [... certificate of representation ...]
*
* With the exception of the timestamp, the other fields pertain to the
* respondent who is sending OK and are not echoes.
*
* Note that OK is fully encrypted so no selective cryptField() of
* potentially sensitive fields is needed.
*
* ERROR has no payload.
*/
VERB_HELLO = 1,
VERB_HELLO = 0x01,
/**
* Error response:
@ -575,7 +600,7 @@ public:
* <[1] error code>
* <[...] error-dependent payload>
*/
VERB_ERROR = 2,
VERB_ERROR = 0x02,
/**
* Success response:
@ -583,50 +608,43 @@ public:
* <[8] in-re packet ID>
* <[...] request-specific payload>
*/
VERB_OK = 3,
VERB_OK = 0x03,
/**
* Query an identity by address:
* <[5] address to look up>
* [<[...] additional addresses to look up>
*
* OK response payload:
* <[...] binary serialized identity>
* [<[...] additional binary serialized identities>]
*
* If querying a cluster, duplicate OK responses may occasionally occur.
* These should be discarded.
* These must be tolerated, which is easy since they'll have info you
* already have.
*
* If the address is not found, no response is generated. WHOIS requests
* will time out much like ARP requests and similar do in L2.
* If the address is not found, no response is generated. The semantics
* of WHOIS is similar to ARP and NDP in that persistent retrying can
* be performed.
*/
VERB_WHOIS = 4,
VERB_WHOIS = 0x04,
/**
* Meet another node at a given protocol address:
* Relay-mediated NAT traversal or firewall punching initiation:
* <[1] flags (unused, currently 0)>
* <[5] ZeroTier address of peer that might be found at this address>
* <[2] 16-bit protocol address port>
* <[1] protocol address length (4 for IPv4, 16 for IPv6)>
* <[...] protocol address (network byte order)>
*
* This is sent by a relaying node to initiate NAT traversal between two
* peers that are communicating by way of indirect relay. The relay will
* send this to both peers at the same time on a periodic basis, telling
* each where it might find the other on the network.
* An upstream node can send this to inform both sides of a relay of
* information they might use to establish a direct connection.
*
* Upon receipt a peer sends HELLO to establish a direct link.
*
* Nodes should implement rate control, limiting the rate at which they
* respond to these packets to prevent their use in DDOS attacks. Nodes
* may also ignore these messages if a peer is not known or is not being
* actively communicated with.
*
* Unfortunately the physical address format in this message pre-dates
* InetAddress's serialization format. :( ZeroTier is four years old and
* yes we've accumulated a tiny bit of cruft here and there.
*
* No OK or ERROR is generated.
*/
VERB_RENDEZVOUS = 5,
VERB_RENDEZVOUS = 0x05,
/**
* ZT-to-ZT unicast ethernet frame (shortened EXT_FRAME):
@ -642,31 +660,44 @@ public:
* ERROR may be generated if a membership certificate is needed for a
* closed network. Payload will be network ID.
*/
VERB_FRAME = 6,
VERB_FRAME = 0x06,
/**
* Full Ethernet frame with MAC addressing and optional fields:
* <[8] 64-bit network ID>
* <[1] flags>
* [<[...] certificate of network membership>]
* <[6] destination MAC or all zero for destination node>
* <[6] source MAC or all zero for node of origin>
* <[2] 16-bit ethertype>
* <[...] ethernet payload>
*
* Flags:
* 0x01 - Certificate of network membership is attached
* 0x01 - Certificate of network membership attached (DEPRECATED)
* 0x02 - Most significant bit of subtype (see below)
* 0x04 - Middle bit of subtype (see below)
* 0x08 - Least significant bit of subtype (see below)
* 0x10 - ACK requested in the form of OK(EXT_FRAME)
*
* An extended frame carries full MAC addressing, making them a
* superset of VERB_FRAME. They're used for bridging or when we
* want to attach a certificate since FRAME does not support that.
* Subtypes (0..7):
* 0x0 - Normal frame (bridging can be determined by checking MAC)
* 0x1 - TEEd outbound frame
* 0x2 - REDIRECTed outbound frame
* 0x3 - WATCHed outbound frame (TEE with ACK, ACK bit also set)
* 0x4 - TEEd inbound frame
* 0x5 - REDIRECTed inbound frame
* 0x6 - WATCHed inbound frame
* 0x7 - (reserved for future use)
*
* An extended frame carries full MAC addressing, making it a
* superset of VERB_FRAME. It is used for bridged traffic,
* redirected or observed traffic via rules, and can in theory
* be used for multicast though MULTICAST_FRAME exists for that
* purpose and has additional options and capabilities.
*
* Multicast frames may not be sent as EXT_FRAME.
*
* ERROR may be generated if a membership certificate is needed for a
* closed network. Payload will be network ID.
* OK payload (if ACK flag is set):
* <[8] 64-bit network ID>
*/
VERB_EXT_FRAME = 7,
VERB_EXT_FRAME = 0x07,
/**
* ECHO request (a.k.a. ping):
@ -676,7 +707,7 @@ public:
* is generated. Response to ECHO requests is optional and ECHO may be
* ignored if a node detects a possible flood.
*/
VERB_ECHO = 8,
VERB_ECHO = 0x08,
/**
* Announce interest in multicast group(s):
@ -690,77 +721,117 @@ public:
* controllers and root servers. In the current network, root servers
* will provide the service of final multicast cache.
*
* It is recommended that NETWORK_MEMBERSHIP_CERTIFICATE pushes be sent
* along with MULTICAST_LIKE when pushing LIKEs to peers that do not
* share a network membership (such as root servers), since this can be
* used to authenticate GATHER requests and limit responses to peers
* authorized to talk on a network. (Should be an optional field here,
* but saving one or two packets every five minutes is not worth an
* ugly hack or protocol rev.)
* VERB_NETWORK_CREDENTIALS should be pushed along with this, especially
* if using upstream (e.g. root) nodes as multicast databases. This allows
* GATHERs to be authenticated.
*
* OK/ERROR are not generated.
*/
VERB_MULTICAST_LIKE = 9,
VERB_MULTICAST_LIKE = 0x09,
/**
* Network member certificate replication/push:
* <[...] serialized certificate of membership>
* [ ... additional certificates may follow ...]
* Network credentials push:
* [<[...] one or more certificates of membership>]
* <[1] 0x00, null byte marking end of COM array>
* <[2] 16-bit number of capabilities>
* <[...] one or more serialized Capability>
* <[2] 16-bit number of tags>
* <[...] one or more serialized Tags>
* <[2] 16-bit number of revocations>
* <[...] one or more serialized Revocations>
* <[2] 16-bit number of certificates of ownership>
* <[...] one or more serialized CertificateOfOwnership>
*
* This is sent in response to ERROR_NEED_MEMBERSHIP_CERTIFICATE and may
* be pushed at any other time to keep exchanged certificates up to date.
* This can be sent by anyone at any time to push network credentials.
* These will of course only be accepted if they are properly signed.
* Credentials can be for any number of networks.
*
* The use of a zero byte to terminate the COM section is for legacy
* backward compatiblity. Newer fields are prefixed with a length.
*
* OK/ERROR are not generated.
*/
VERB_NETWORK_MEMBERSHIP_CERTIFICATE = 10,
VERB_NETWORK_CREDENTIALS = 0x0a,
/**
* Network configuration request:
* <[8] 64-bit network ID>
* <[2] 16-bit length of request meta-data dictionary>
* <[...] string-serialized request meta-data>
* [<[8] 64-bit revision of netconf we currently have>]
* <[8] 64-bit revision of netconf we currently have>
* <[8] 64-bit timestamp of netconf we currently have>
*
* This message requests network configuration from a node capable of
* providing it. If the optional revision is included, a response is
* only generated if there is a newer network configuration available.
* providing it.
*
* Respones to this are always whole configs intended for the recipient.
* For patches and other updates a NETWORK_CONFIG is sent instead.
*
* It would be valid and correct as of 1.2.0 to use NETWORK_CONFIG always,
* but OK(NTEWORK_CONFIG_REQUEST) should be sent for compatibility.
*
* OK response payload:
* <[8] 64-bit network ID>
* <[2] 16-bit length of network configuration dictionary>
* <[...] network configuration dictionary>
* <[2] 16-bit length of network configuration dictionary chunk>
* <[...] network configuration dictionary (may be incomplete)>
* [ ... end of legacy single chunk response ... ]
* <[1] 8-bit flags>
* <[8] 64-bit config update ID (should never be 0)>
* <[4] 32-bit total length of assembled dictionary>
* <[4] 32-bit index of chunk>
* [ ... end signed portion ... ]
* <[1] 8-bit chunk signature type>
* <[2] 16-bit length of chunk signature>
* <[...] chunk signature>
*
* OK returns a Dictionary (string serialized) containing the network's
* configuration and IP address assignment information for the querying
* node. It also contains a membership certificate that the querying
* node can push to other peers to demonstrate its right to speak on
* a given network.
* The chunk signature signs the entire payload of the OK response.
* Currently only one signature type is supported: ed25519 (1).
*
* When a new network configuration is received, another config request
* should be sent with the new netconf's revision. This confirms receipt
* and also causes any subsequent changes to rapidly propagate as this
* cycle will repeat until there are no changes. This is optional but
* recommended behavior.
* Each config chunk is signed to prevent memory exhaustion or
* traffic crowding DOS attacks against config fragment assembly.
*
* If the packet is from the network controller it is permitted to end
* before the config update ID or other chunking related or signature
* fields. This is to support older controllers that don't include
* these fields and may be removed in the future.
*
* ERROR response payload:
* <[8] 64-bit network ID>
*
* UNSUPPORTED_OPERATION is returned if this service is not supported,
* and OBJ_NOT_FOUND if the queried network ID was not found.
*/
VERB_NETWORK_CONFIG_REQUEST = 11,
VERB_NETWORK_CONFIG_REQUEST = 0x0b,
/**
* Network configuration refresh request:
* <[...] array of 64-bit network IDs>
* Network configuration data push:
* <[8] 64-bit network ID>
* <[2] 16-bit length of network configuration dictionary chunk>
* <[...] network configuration dictionary (may be incomplete)>
* <[1] 8-bit flags>
* <[8] 64-bit config update ID (should never be 0)>
* <[4] 32-bit total length of assembled dictionary>
* <[4] 32-bit index of chunk>
* [ ... end signed portion ... ]
* <[1] 8-bit chunk signature type>
* <[2] 16-bit length of chunk signature>
* <[...] chunk signature>
*
* This can be sent by the network controller to inform a node that it
* should now make a NETWORK_CONFIG_REQUEST.
* This is a direct push variant for network config updates. It otherwise
* carries the same payload as OK(NETWORK_CONFIG_REQUEST) and has the same
* semantics.
*
* It does not generate an OK or ERROR message, and is treated only as
* a hint to refresh now.
* The legacy mode missing the additional chunking fields is not supported
* here.
*
* Flags:
* 0x01 - Use fast propagation
*
* An OK should be sent if the config is successfully received and
* accepted.
*
* OK payload:
* <[8] 64-bit network ID>
* <[8] 64-bit config update ID>
*/
VERB_NETWORK_CONFIG_REFRESH = 12,
VERB_NETWORK_CONFIG = 0x0c,
/**
* Request endpoints for multicast distribution:
@ -769,10 +840,10 @@ public:
* <[6] MAC address of multicast group being queried>
* <[4] 32-bit ADI for multicast group being queried>
* <[4] 32-bit requested max number of multicast peers>
* [<[...] network certificate of membership>]
* [<[...] network certificate of membership>]
*
* Flags:
* 0x01 - Network certificate of membership is attached
* 0x01 - COM is attached
*
* This message asks a peer for additional known endpoints that have
* LIKEd a given multicast group. It's sent when the sender wishes
@ -782,6 +853,9 @@ public:
* More than one OK response can occur if the response is broken up across
* multiple packets or if querying a clustered node.
*
* The COM should be included so that upstream nodes that are not
* members of our network can validate our request.
*
* OK response payload:
* <[8] 64-bit network ID>
* <[6] MAC address of multicast group being queried>
@ -793,13 +867,12 @@ public:
*
* ERROR is not generated; queries that return no response are dropped.
*/
VERB_MULTICAST_GATHER = 13,
VERB_MULTICAST_GATHER = 0x0d,
/**
* Multicast frame:
* <[8] 64-bit network ID>
* <[1] flags>
* [<[...] network certificate of membership>]
* [<[4] 32-bit implicit gather limit>]
* [<[6] source MAC>]
* <[6] destination MAC (multicast address)>
@ -808,7 +881,7 @@ public:
* <[...] ethernet payload>
*
* Flags:
* 0x01 - Network certificate of membership is attached
* 0x01 - Network certificate of membership attached (DEPRECATED)
* 0x02 - Implicit gather limit field is present
* 0x04 - Source MAC is specified -- otherwise it's computed from sender
*
@ -823,11 +896,11 @@ public:
* <[6] MAC address of multicast group>
* <[4] 32-bit ADI for multicast group>
* <[1] flags>
* [<[...] network certficate of membership>]
* [<[...] network certficate of membership (DEPRECATED)>]
* [<[...] implicit gather results if flag 0x01 is set>]
*
* OK flags (same bits as request flags):
* 0x01 - OK includes certificate of network membership
* 0x01 - OK includes certificate of network membership (DEPRECATED)
* 0x02 - OK includes implicit gather results
*
* ERROR response payload:
@ -835,7 +908,7 @@ public:
* <[6] multicast group MAC>
* <[4] 32-bit multicast group ADI>
*/
VERB_MULTICAST_FRAME = 14,
VERB_MULTICAST_FRAME = 0x0e,
/**
* Push of potential endpoints for direct communication:
@ -871,7 +944,7 @@ public:
*
* OK and ERROR are not generated.
*/
VERB_PUSH_DIRECT_PATHS = 16,
VERB_PUSH_DIRECT_PATHS = 0x10,
/**
* Source-routed circuit test message:
@ -887,21 +960,17 @@ public:
* [ ... end of signed portion of request ... ]
* <[2] 16-bit length of signature of request>
* <[...] signature of request by originator>
* <[2] 16-bit previous hop credential length (including type)>
* [[1] previous hop credential type]
* [[...] previous hop credential]
* <[2] 16-bit length of additional fields>
* [[...] additional fields]
* <[...] next hop(s) in path>
*
* Flags:
* 0x01 - Report back to originator at middle hops
* 0x01 - Report back to originator at all hops
* 0x02 - Report back to originator at last hop
*
* Originator credential types:
* 0x01 - 64-bit network ID for which originator is controller
*
* Previous hop credential types:
* 0x01 - Certificate of network membership
*
* Path record format:
* <[1] 8-bit flags (unused, must be zero)>
* <[1] 8-bit breadth (number of next hops)>
@ -950,29 +1019,28 @@ public:
* <[8] 64-bit timestamp (echoed from original>
* <[8] 64-bit test ID (echoed from original)>
*/
VERB_CIRCUIT_TEST = 17,
VERB_CIRCUIT_TEST = 0x11,
/**
* Circuit test hop report:
* <[8] 64-bit timestamp (from original test)>
* <[8] 64-bit test ID (from original test)>
* <[8] 64-bit timestamp (echoed from original test)>
* <[8] 64-bit test ID (echoed from original test)>
* <[8] 64-bit reserved field (set to 0, currently unused)>
* <[1] 8-bit vendor ID (set to 0, currently unused)>
* <[1] 8-bit reporter protocol version>
* <[1] 8-bit reporter major version>
* <[1] 8-bit reporter minor version>
* <[2] 16-bit reporter revision>
* <[2] 16-bit reporter OS/platform>
* <[2] 16-bit reporter architecture>
* <[1] 8-bit reporter software major version>
* <[1] 8-bit reporter software minor version>
* <[2] 16-bit reporter software revision>
* <[2] 16-bit reporter OS/platform or 0 if not specified>
* <[2] 16-bit reporter architecture or 0 if not specified>
* <[2] 16-bit error code (set to 0, currently unused)>
* <[8] 64-bit report flags (set to 0, currently unused)>
* <[8] 64-bit source packet ID>
* <[5] upstream ZeroTier address from which test was received>
* <[1] 8-bit source packet hop count (ZeroTier hop count)>
* <[8] 64-bit report flags>
* <[8] 64-bit packet ID of received CIRCUIT_TEST packet>
* <[5] upstream ZeroTier address from which CIRCUIT_TEST was received>
* <[1] 8-bit packet hop count of received CIRCUIT_TEST>
* <[...] local wire address on which packet was received>
* <[...] remote wire address from which packet was received>
* <[2] 16-bit length of additional fields>
* <[...] additional fields>
* <[2] 16-bit path link quality of path over which packet was received>
* <[1] 8-bit number of next hops (breadth)>
* <[...] next hop information>
*
@ -980,6 +1048,9 @@ public:
* <[5] ZeroTier address of next hop>
* <[...] current best direct path address, if any, 0 if none>
*
* Report flags:
* 0x1 - Upstream peer in circuit test path allowed in path (e.g. network COM valid)
*
* Circuit test reports can be sent by hops in a circuit test to report
* back results. They should include information about the sender as well
* as about the paths to which next hops are being sent.
@ -987,50 +1058,22 @@ public:
* If a test report is received and no circuit test was sent, it should be
* ignored. This message generates no OK or ERROR response.
*/
VERB_CIRCUIT_TEST_REPORT = 18,
VERB_CIRCUIT_TEST_REPORT = 0x12,
/**
* Request proof of work:
* <[1] 8-bit proof of work type>
* <[1] 8-bit proof of work difficulty>
* <[2] 16-bit length of proof of work challenge>
* <[...] proof of work challenge>
* A message with arbitrary user-definable content:
* <[8] 64-bit arbitrary message type ID>
* [<[...] message payload>]
*
* This requests that a peer perform a proof of work calucation. It can be
* sent by highly trusted peers (e.g. root servers, network controllers)
* under suspected denial of service conditions in an attempt to filter
* out "non-serious" peers and remain responsive to those proving their
* intent to actually communicate.
* This can be used to send arbitrary messages over VL1. It generates no
* OK or ERROR and has no special semantics outside of whatever the user
* (via the ZeroTier core API) chooses to give it.
*
* If the peer obliges to perform the work, it does so and responds with
* an OK containing the result. Otherwise it may ignore the message or
* response with an ERROR_INVALID_REQUEST or ERROR_UNSUPPORTED_OPERATION.
*
* Proof of work type IDs:
* 0x01 - Salsa20/12+SHA512 hashcash function
*
* Salsa20/12+SHA512 is based on the following composite hash function:
*
* (1) Compute SHA512(candidate)
* (2) Use the first 256 bits of the result of #1 as a key to encrypt
* 131072 zero bytes with Salsa20/12 (with a zero IV).
* (3) Compute SHA512(the result of step #2)
* (4) Accept this candiate if the first [difficulty] bits of the result
* from step #3 are zero. Otherwise generate a new candidate and try
* again.
*
* This is performed repeatedly on candidates generated by appending the
* supplied challenge to an arbitrary nonce until a valid candidate
* is found. This chosen prepended nonce is then returned as the result
* in OK.
*
* OK payload:
* <[2] 16-bit length of result>
* <[...] computed proof of work>
*
* ERROR has no payload.
* Message type IDs less than or equal to 65535 are reserved for use by
* ZeroTier, Inc. itself. We recommend making up random ones for your own
* implementations.
*/
VERB_REQUEST_PROOF_OF_WORK = 19
VERB_USER_MESSAGE = 0x14
};
/**
@ -1039,39 +1082,37 @@ public:
enum ErrorCode
{
/* No error, not actually used in transit */
ERROR_NONE = 0,
ERROR_NONE = 0x00,
/* Invalid request */
ERROR_INVALID_REQUEST = 1,
ERROR_INVALID_REQUEST = 0x01,
/* Bad/unsupported protocol version */
ERROR_BAD_PROTOCOL_VERSION = 2,
ERROR_BAD_PROTOCOL_VERSION = 0x02,
/* Unknown object queried */
ERROR_OBJ_NOT_FOUND = 3,
ERROR_OBJ_NOT_FOUND = 0x03,
/* HELLO pushed an identity whose address is already claimed */
ERROR_IDENTITY_COLLISION = 4,
ERROR_IDENTITY_COLLISION = 0x04,
/* Verb or use case not supported/enabled by this node */
ERROR_UNSUPPORTED_OPERATION = 5,
ERROR_UNSUPPORTED_OPERATION = 0x05,
/* Message to private network rejected -- no unexpired certificate on file */
ERROR_NEED_MEMBERSHIP_CERTIFICATE = 6,
/* Network membership certificate update needed */
ERROR_NEED_MEMBERSHIP_CERTIFICATE = 0x06,
/* Tried to join network, but you're not a member */
ERROR_NETWORK_ACCESS_DENIED_ = 7, /* extra _ to avoid Windows name conflict */
ERROR_NETWORK_ACCESS_DENIED_ = 0x07, /* extra _ at end to avoid Windows name conflict */
/* Multicasts to this group are not wanted */
ERROR_UNWANTED_MULTICAST = 8
ERROR_UNWANTED_MULTICAST = 0x08
};
//#ifdef ZT_TRACE
static const char *verbString(Verb v)
throw();
static const char *errorString(ErrorCode e)
throw();
//#endif
#ifdef ZT_TRACE
static const char *verbString(Verb v);
static const char *errorString(ErrorCode e);
#endif
template<unsigned int C2>
Packet(const Buffer<C2> &b) :
@ -1268,10 +1309,21 @@ public:
/**
* Get this packet's unique ID (the IV field interpreted as uint64_t)
*
* Note that the least significant 3 bits of this ID will change when armor()
* is called to armor the packet for transport. This is because armor() will
* mask the last 3 bits against the send counter for QoS monitoring use prior
* to actually using the IV to encrypt and MAC the packet. Be aware of this
* when grabbing the packetId of a new packet prior to armor/send.
*
* @return Packet ID
*/
inline uint64_t packetId() const { return at<uint64_t>(ZT_PACKET_IDX_IV); }
/**
* @return Value of link quality counter extracted from this packet's ID, range 0 to 7 (3 bits)
*/
inline unsigned int linkQualityCounter() const { return (unsigned int)(reinterpret_cast<const uint8_t *>(data())[7] & 0x07); }
/**
* Set packet verb
*
@ -1302,8 +1354,9 @@ public:
*
* @param key 32-byte key
* @param encryptPayload If true, encrypt packet payload, else just MAC
* @param counter Packet send counter for destination peer -- only least significant 3 bits are used
*/
void armor(const void *key,bool encryptPayload);
void armor(const void *key,bool encryptPayload,unsigned int counter);
/**
* Verify and (if encrypted) decrypt packet
@ -1317,6 +1370,27 @@ public:
*/
bool dearmor(const void *key);
/**
* Encrypt/decrypt a separately armored portion of a packet
*
* This currently uses Salsa20/12, but any message that uses this should
* incorporate a cipher selector to permit this to be changed later. To
* ensure that key stream is not reused, the key is slightly altered for
* this use case and the same initial 32 keystream bytes that are taken
* for MAC in ordinary armor() are also skipped here.
*
* This is currently only used to mask portions of HELLO as an extra
* security precation since most of that message is sent in the clear.
*
* This must NEVER be used more than once in the same packet, as doing
* so will result in re-use of the same key stream.
*
* @param key 32-byte key
* @param start Start of encrypted portion
* @param len Length of encrypted portion
*/
void cryptField(const void *key,unsigned int start,unsigned int len);
/**
* Attempt to compress payload if not already (must be unencrypted)
*