mirror of
https://gitlab.com/veilid/veilid.git
synced 2025-01-23 05:01:12 -05:00
more refactor
This commit is contained in:
parent
f11dc8aaac
commit
8f9b9b58d5
@ -134,7 +134,7 @@ struct RouteHopData @0x8ce231f9d1b7adf2 {
|
||||
|
||||
struct RouteHop @0xf8f672d75cce0c3b {
|
||||
node :union {
|
||||
nodeId @0 :TypedKey; # node id only for established routes
|
||||
nodeId @0 :PublicKey; # node id key only for established routes (kind is the same as the pr or sr it is part of)
|
||||
peerInfo @1 :PeerInfo; # full peer info for this hop to establish the route
|
||||
}
|
||||
nextHop @2 :RouteHopData; # optional: If this the end of a private route, this field will not exist
|
||||
|
@ -36,9 +36,14 @@ pub fn best_crypto_kind() -> CryptoKind {
|
||||
VALID_CRYPTO_KINDS[0]
|
||||
}
|
||||
|
||||
/// Envelope versions in order of preference, best envelope version is the first one, worst is the last one
|
||||
// Version number of envelope format
|
||||
pub type EnvelopeVersion = u8;
|
||||
|
||||
/// Envelope versions in order of preference, best envelope version is the first one, worst is the last one
|
||||
pub const VALID_ENVELOPE_VERSIONS: [EnvelopeVersion; 1] = [0u8];
|
||||
/// Number of envelope versions to keep on structures if many are present beyond the ones we consider valid
|
||||
pub const MAX_ENVELOPE_VERSIONS: usize = 3;
|
||||
/// Return the best envelope version we support
|
||||
pub fn best_envelope_version() -> EnvelopeVersion {
|
||||
VALID_ENVELOPE_VERSIONS[0]
|
||||
}
|
||||
@ -218,17 +223,19 @@ impl Crypto {
|
||||
node_ids: &[TypedKey],
|
||||
data: &[u8],
|
||||
typed_signatures: &[TypedSignature],
|
||||
) -> Result<(), VeilidAPIError> {
|
||||
) -> Result<Vec<CryptoKind>, VeilidAPIError> {
|
||||
let mut out = Vec::with_capacity(node_ids.len());
|
||||
for sig in typed_signatures {
|
||||
for nid in node_ids {
|
||||
if nid.kind == sig.kind {
|
||||
if let Some(vcrypto) = self.get(sig.kind) {
|
||||
vcrypto.verify(&nid.key, data, &sig.signature)?;
|
||||
out.push(nid.kind);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
Ok(out)
|
||||
}
|
||||
|
||||
/// Signature set generation
|
||||
|
@ -27,6 +27,17 @@ pub fn compare_crypto_kind(a: &CryptoKind, b: &CryptoKind) -> cmp::Ordering {
|
||||
}
|
||||
}
|
||||
|
||||
/// Intersection of crypto kind vectors
|
||||
pub fn common_crypto_kinds(a: &[CryptoKind], b: &[CryptoKind]) -> Vec<CryptoKind> {
|
||||
let mut out = Vec::new();
|
||||
for ack in a {
|
||||
if b.contains(ack) {
|
||||
out.push(*ack);
|
||||
}
|
||||
}
|
||||
out
|
||||
}
|
||||
|
||||
#[derive(
|
||||
Clone,
|
||||
Copy,
|
||||
@ -42,7 +53,7 @@ pub fn compare_crypto_kind(a: &CryptoKind, b: &CryptoKind) -> cmp::Ordering {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct KeyPair {
|
||||
pub key: PublicKey,
|
||||
pub secret: SecretKey,
|
||||
@ -67,7 +78,7 @@ impl KeyPair {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct TypedKey {
|
||||
pub kind: CryptoKind,
|
||||
pub key: PublicKey,
|
||||
@ -126,7 +137,7 @@ impl FromStr for TypedKey {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct TypedKeySet {
|
||||
items: Vec<TypedKey>,
|
||||
}
|
||||
@ -178,6 +189,11 @@ impl TypedKeySet {
|
||||
self.items.remove(idx);
|
||||
}
|
||||
}
|
||||
pub fn remove_all(&self, kinds: &[CryptoKind]) {
|
||||
for k in kinds {
|
||||
self.remove(*k);
|
||||
}
|
||||
}
|
||||
pub fn best(&self) -> Option<TypedKey> {
|
||||
self.items.first().copied()
|
||||
}
|
||||
@ -255,7 +271,7 @@ impl FromStr for TypedKeySet {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct TypedKeyPair {
|
||||
pub kind: CryptoKind,
|
||||
pub key: PublicKey,
|
||||
@ -329,7 +345,7 @@ impl FromStr for TypedKeyPair {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct TypedSignature {
|
||||
pub kind: CryptoKind,
|
||||
pub signature: Signature,
|
||||
@ -399,7 +415,7 @@ impl FromStr for TypedSignature {
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, Hash, PartialEq, Eq))]
|
||||
pub struct TypedKeySignature {
|
||||
pub kind: CryptoKind,
|
||||
pub key: PublicKey,
|
||||
|
@ -893,7 +893,7 @@ impl NetworkManager {
|
||||
|
||||
// We expect the inbound noderef to be the same as the target noderef
|
||||
// if they aren't the same, we should error on this and figure out what then hell is up
|
||||
if target_nr.node_id() != inbound_nr.node_id() {
|
||||
if !target_nr.same_entry(&inbound_nr) {
|
||||
bail!("unexpected noderef mismatch on reverse connect");
|
||||
}
|
||||
|
||||
@ -998,7 +998,7 @@ impl NetworkManager {
|
||||
|
||||
// We expect the inbound noderef to be the same as the target noderef
|
||||
// if they aren't the same, we should error on this and figure out what then hell is up
|
||||
if target_nr.node_id() != inbound_nr.node_id() {
|
||||
if !target_nr.same_entry(&inbound_nr) {
|
||||
bail!(
|
||||
"unexpected noderef mismatch on hole punch {}, expected {}",
|
||||
inbound_nr,
|
||||
|
@ -133,6 +133,15 @@ impl BucketEntryInner {
|
||||
self.node_ids.best().unwrap()
|
||||
}
|
||||
|
||||
// Crypto kinds
|
||||
pub fn crypto_kinds(&self) -> Vec<CryptoKind> {
|
||||
self.node_ids.kinds()
|
||||
}
|
||||
pub fn common_crypto_kinds(&self, other: &[CryptoKind]) -> Vec<CryptoKind> {
|
||||
common_crypto_kinds(&self.node_ids.kinds(), other)
|
||||
}
|
||||
|
||||
|
||||
// Less is faster
|
||||
pub fn cmp_fastest(e1: &Self, e2: &Self) -> std::cmp::Ordering {
|
||||
// Lower latency to the front
|
||||
|
@ -20,6 +20,14 @@ pub trait NodeRefBase: Sized {
|
||||
fn common(&self) -> &NodeRefBaseCommon;
|
||||
fn common_mut(&mut self) -> &mut NodeRefBaseCommon;
|
||||
|
||||
// Comparators
|
||||
fn same_entry<T: NodeRefBase>(&self, other: &T) -> bool {
|
||||
Arc::ptr_eq(&self.common().entry, &other.common().entry)
|
||||
}
|
||||
fn same_bucket_entry(&self, entry: &Arc<BucketEntry>) -> bool {
|
||||
Arc::ptr_eq(&self.common().entry, entry)
|
||||
}
|
||||
|
||||
// Implementation-specific operators
|
||||
fn operate<T, F>(&self, f: F) -> T
|
||||
where
|
||||
|
@ -20,18 +20,6 @@ pub enum RouteNode {
|
||||
/// Route node with full contact method information to ensure the peer is reachable
|
||||
PeerInfo(PeerInfo),
|
||||
}
|
||||
impl fmt::Display for RouteNode {
|
||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||
write!(
|
||||
f,
|
||||
"{}",
|
||||
match self {
|
||||
RouteNode::NodeId(x) => x.key.encode(),
|
||||
RouteNode::PeerInfo(pi) => pi.node_id.key.encode(),
|
||||
}
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/// An unencrypted private/safety route hop
|
||||
#[derive(Clone, Debug)]
|
||||
|
@ -221,7 +221,7 @@ impl RouteSpecDetail {
|
||||
#[archive_attr(repr(C, align(8)), derive(CheckBytes))]
|
||||
pub struct RouteSpecStoreContent {
|
||||
/// All of the routes we have allocated so far
|
||||
details: HashMap<PublicKey, RouteSpecDetail>,
|
||||
details: HashMap<TypedKey, RouteSpecDetail>,
|
||||
}
|
||||
|
||||
/// What remote private routes have seen
|
||||
@ -250,19 +250,19 @@ impl RemotePrivateRouteInfo {
|
||||
#[derive(Debug)]
|
||||
pub struct RouteSpecStoreCache {
|
||||
/// How many times nodes have been used
|
||||
used_nodes: HashMap<PublicKey, usize>,
|
||||
used_nodes: HashMap<TypedKey, usize>,
|
||||
/// How many times nodes have been used at the terminal point of a route
|
||||
used_end_nodes: HashMap<PublicKey, usize>,
|
||||
used_end_nodes: HashMap<TypedKey, usize>,
|
||||
/// Route spec hop cache, used to quickly disqualify routes
|
||||
hop_cache: HashSet<Vec<u8>>,
|
||||
/// Has a remote private route responded to a question and when
|
||||
remote_private_route_cache: LruCache<PublicKey, RemotePrivateRouteInfo>,
|
||||
remote_private_route_cache: LruCache<TypedKey, RemotePrivateRouteInfo>,
|
||||
/// Compiled route cache
|
||||
compiled_route_cache: LruCache<CompiledRouteCacheKey, SafetyRoute>,
|
||||
/// List of dead allocated routes
|
||||
dead_routes: Vec<PublicKey>,
|
||||
dead_routes: Vec<TypedKey>,
|
||||
/// List of dead remote routes
|
||||
dead_remote_routes: Vec<PublicKey>,
|
||||
dead_remote_routes: Vec<TypedKey>,
|
||||
}
|
||||
|
||||
impl Default for RouteSpecStoreCache {
|
||||
@ -577,15 +577,15 @@ impl RouteSpecStore {
|
||||
|
||||
fn detail<'a>(
|
||||
inner: &'a RouteSpecStoreInner,
|
||||
public_key: &PublicKey,
|
||||
route_spec_key: &TypedKey,
|
||||
) -> Option<&'a RouteSpecDetail> {
|
||||
inner.content.details.get(public_key)
|
||||
inner.content.details.get(route_spec_key)
|
||||
}
|
||||
fn detail_mut<'a>(
|
||||
inner: &'a mut RouteSpecStoreInner,
|
||||
public_key: &PublicKey,
|
||||
route_spec_key: &TypedKey,
|
||||
) -> Option<&'a mut RouteSpecDetail> {
|
||||
inner.content.details.get_mut(public_key)
|
||||
inner.content.details.get_mut(route_spec_key)
|
||||
}
|
||||
|
||||
/// Purge the route spec store
|
||||
@ -605,12 +605,13 @@ impl RouteSpecStore {
|
||||
#[instrument(level = "trace", skip(self), ret, err)]
|
||||
pub fn allocate_route(
|
||||
&self,
|
||||
crypto_kinds: &[CryptoKind],
|
||||
stability: Stability,
|
||||
sequencing: Sequencing,
|
||||
hop_count: usize,
|
||||
directions: DirectionSet,
|
||||
avoid_node_ids: &[PublicKey],
|
||||
) -> EyreResult<Option<PublicKey>> {
|
||||
avoid_nodes: &[TypedKey],
|
||||
) -> EyreResult<Option<TypedKeySet>> {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let routing_table = self.unlocked_inner.routing_table.clone();
|
||||
let rti = &mut *routing_table.inner.write();
|
||||
@ -618,11 +619,12 @@ impl RouteSpecStore {
|
||||
self.allocate_route_inner(
|
||||
inner,
|
||||
rti,
|
||||
crypto_kinds,
|
||||
stability,
|
||||
sequencing,
|
||||
hop_count,
|
||||
directions,
|
||||
avoid_node_ids,
|
||||
avoid_nodes,
|
||||
)
|
||||
}
|
||||
|
||||
@ -631,12 +633,13 @@ impl RouteSpecStore {
|
||||
&self,
|
||||
inner: &mut RouteSpecStoreInner,
|
||||
rti: &RoutingTableInner,
|
||||
crypto_kinds: &[CryptoKind],
|
||||
stability: Stability,
|
||||
sequencing: Sequencing,
|
||||
hop_count: usize,
|
||||
directions: DirectionSet,
|
||||
avoid_node_ids: &[PublicKey],
|
||||
) -> EyreResult<Option<PublicKey>> {
|
||||
avoid_nodes: &[TypedKey],
|
||||
) -> EyreResult<Option<TypedKeySet>> {
|
||||
use core::cmp::Ordering;
|
||||
|
||||
if hop_count < 1 {
|
||||
@ -651,52 +654,60 @@ impl RouteSpecStore {
|
||||
bail!("Can't allocate route until we have our own peer info");
|
||||
};
|
||||
|
||||
// Get relay node id if we have one
|
||||
let opt_relay_id = rti
|
||||
.relay_node(RoutingDomain::PublicInternet)
|
||||
.map(|nr| nr.node_id());
|
||||
// Get relay node if we have one
|
||||
let opt_own_relay_nr = rti.relay_node(RoutingDomain::PublicInternet).map(|nr| nr.locked(rti));
|
||||
|
||||
// Get list of all nodes, and sort them for selection
|
||||
let cur_ts = get_aligned_timestamp();
|
||||
let filter = Box::new(
|
||||
move |rti: &RoutingTableInner, k: PublicKey, v: Option<Arc<BucketEntry>>| -> bool {
|
||||
move |rti: &RoutingTableInner, entry: Option<Arc<BucketEntry>>| -> bool {
|
||||
// Exclude our own node from routes
|
||||
if v.is_none() {
|
||||
if entry.is_none() {
|
||||
return false;
|
||||
}
|
||||
let v = v.unwrap();
|
||||
let entry = entry.unwrap();
|
||||
|
||||
// Exclude our relay if we have one
|
||||
if let Some(own_relay_id) = opt_relay_id {
|
||||
if k == own_relay_id {
|
||||
if let Some(own_relay_nr) = opt_own_relay_nr {
|
||||
if own_relay_nr.same_bucket_entry(&entry) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Exclude nodes we have specifically chosen to avoid
|
||||
if avoid_node_ids.contains(&k) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Process node info exclusions
|
||||
let keep = v.with(rti, |_rti, e| {
|
||||
let keep = entry.with(rti, |_rti, e| {
|
||||
|
||||
// Exclude nodes that don't have our requested crypto kinds
|
||||
let common_ck = e.common_crypto_kinds(crypto_kinds);
|
||||
if common_ck.len() != crypto_kinds.len() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Exclude nodes we have specifically chosen to avoid
|
||||
if e.node_ids().contains_any(avoid_nodes) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Exclude nodes on our local network
|
||||
if e.node_info(RoutingDomain::LocalNetwork).is_some() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Exclude nodes that have no publicinternet signednodeinfo
|
||||
let Some(sni) = e.signed_node_info(RoutingDomain::PublicInternet) else {
|
||||
return false;
|
||||
};
|
||||
|
||||
// Relay check
|
||||
if let Some(relay_id) = sni.relay_id() {
|
||||
let relay_ids = sni.relay_ids();
|
||||
if relay_ids.len() != 0 {
|
||||
// Exclude nodes whose relays we have chosen to avoid
|
||||
if avoid_node_ids.contains(&relay_id.key) {
|
||||
if relay_ids.contains_any(avoid_nodes) {
|
||||
return false;
|
||||
}
|
||||
// Exclude nodes whose relay is our own relay if we have one
|
||||
if let Some(own_relay_id) = opt_relay_id {
|
||||
if own_relay_id == relay_id.key {
|
||||
if let Some(own_relay_nr) = opt_own_relay_nr {
|
||||
if relay_ids.contains_any(&own_relay_nr.node_ids()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -708,7 +719,7 @@ impl RouteSpecStore {
|
||||
}
|
||||
|
||||
// Exclude nodes with no publicinternet nodeinfo, or incompatible nodeinfo or node status won't route
|
||||
v.with(rti, move |_rti, e| {
|
||||
entry.with(rti, |_rti, e| {
|
||||
let node_info_ok =
|
||||
if let Some(sni) = e.signed_node_info(RoutingDomain::PublicInternet) {
|
||||
sni.has_sequencing_matched_dial_info(sequencing)
|
||||
@ -728,9 +739,14 @@ impl RouteSpecStore {
|
||||
) as RoutingTableEntryFilter;
|
||||
let filters = VecDeque::from([filter]);
|
||||
let compare = |rti: &RoutingTableInner,
|
||||
v1: &(PublicKey, Option<Arc<BucketEntry>>),
|
||||
v2: &(PublicKey, Option<Arc<BucketEntry>>)|
|
||||
entry1: &Option<Arc<BucketEntry>>,
|
||||
entry2: &Option<Arc<BucketEntry>>|
|
||||
-> Ordering {
|
||||
|
||||
|
||||
// xxx also sort my most overlapping crypto kinds
|
||||
|
||||
|
||||
// deprioritize nodes that we have already used as end points
|
||||
let e1_used_end = inner
|
||||
.cache
|
||||
@ -1031,7 +1047,7 @@ impl RouteSpecStore {
|
||||
}
|
||||
|
||||
#[instrument(level = "trace", skip(self), ret, err)]
|
||||
async fn test_allocated_route(&self, key: &PublicKey) -> EyreResult<bool> {
|
||||
async fn test_allocated_route(&self, key: &TypedKey) -> EyreResult<bool> {
|
||||
// Make loopback route to test with
|
||||
let dest = {
|
||||
let private_route = self.assemble_private_route(key, None)?;
|
||||
@ -1074,7 +1090,7 @@ impl RouteSpecStore {
|
||||
}
|
||||
|
||||
#[instrument(level = "trace", skip(self), ret, err)]
|
||||
async fn test_remote_route(&self, key: &PublicKey) -> EyreResult<bool> {
|
||||
async fn test_remote_route(&self, key: &TypedKey) -> EyreResult<bool> {
|
||||
// Make private route test
|
||||
let dest = {
|
||||
// Get the route to test
|
||||
@ -1114,7 +1130,7 @@ impl RouteSpecStore {
|
||||
|
||||
/// Test an allocated route for continuity
|
||||
#[instrument(level = "trace", skip(self), ret, err)]
|
||||
pub async fn test_route(&self, key: &PublicKey) -> EyreResult<bool> {
|
||||
pub async fn test_route(&self, key: &[TypedKey]) -> EyreResult<bool> {
|
||||
let is_remote = {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let cur_ts = get_aligned_timestamp();
|
||||
@ -1574,8 +1590,8 @@ impl RouteSpecStore {
|
||||
rti: &RoutingTableInner,
|
||||
safety_spec: &SafetySpec,
|
||||
direction: DirectionSet,
|
||||
avoid_node_ids: &[PublicKey],
|
||||
) -> EyreResult<Option<PublicKey>> {
|
||||
avoid_nodes: &[TypedKey],
|
||||
) -> EyreResult<Option<TypedKeySet>> {
|
||||
// Ensure the total hop count isn't too long for our config
|
||||
let max_route_hop_count = self.unlocked_inner.max_route_hop_count;
|
||||
if safety_spec.hop_count == 0 {
|
||||
@ -1634,8 +1650,8 @@ impl RouteSpecStore {
|
||||
pub fn get_private_route_for_safety_spec(
|
||||
&self,
|
||||
safety_spec: &SafetySpec,
|
||||
avoid_node_ids: &[PublicKey],
|
||||
) -> EyreResult<Option<PublicKey>> {
|
||||
avoid_nodes: &[TypedKey],
|
||||
) -> EyreResult<Option<TypedKey>> {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let routing_table = self.unlocked_inner.routing_table.clone();
|
||||
let rti = &*routing_table.inner.read();
|
||||
@ -1645,7 +1661,7 @@ impl RouteSpecStore {
|
||||
rti,
|
||||
safety_spec,
|
||||
Direction::Inbound.into(),
|
||||
avoid_node_ids,
|
||||
avoid_nodes,
|
||||
)?)
|
||||
}
|
||||
|
||||
@ -1742,7 +1758,7 @@ impl RouteSpecStore {
|
||||
|
||||
/// Import a remote private route for compilation
|
||||
#[instrument(level = "trace", skip(self, blob), ret, err)]
|
||||
pub fn import_remote_private_route(&self, blob: Vec<u8>) -> EyreResult<PublicKey> {
|
||||
pub fn import_remote_private_route(&self, blob: Vec<u8>) -> EyreResult<TypedKey> {
|
||||
// decode the pr blob
|
||||
let private_route = RouteSpecStore::blob_to_private_route(blob)?;
|
||||
|
||||
@ -1767,7 +1783,7 @@ impl RouteSpecStore {
|
||||
|
||||
/// Release a remote private route that is no longer in use
|
||||
#[instrument(level = "trace", skip(self), ret)]
|
||||
fn release_remote_private_route(&self, key: &PublicKey) -> bool {
|
||||
fn release_remote_private_route(&self, key: &TypedKey) -> bool {
|
||||
let inner = &mut *self.inner.lock();
|
||||
if inner.cache.remote_private_route_cache.remove(key).is_some() {
|
||||
// Mark it as dead for the update
|
||||
@ -1779,7 +1795,7 @@ impl RouteSpecStore {
|
||||
}
|
||||
|
||||
/// Retrieve an imported remote private route by its public key
|
||||
pub fn get_remote_private_route(&self, key: &PublicKey) -> Option<PrivateRoute> {
|
||||
pub fn get_remote_private_route(&self, key: &TypedKey) -> Option<PrivateRoute> {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let cur_ts = get_aligned_timestamp();
|
||||
Self::with_get_remote_private_route(inner, cur_ts, key, |r| {
|
||||
@ -1788,7 +1804,7 @@ impl RouteSpecStore {
|
||||
}
|
||||
|
||||
/// Retrieve an imported remote private route by its public key but don't 'touch' it
|
||||
pub fn peek_remote_private_route(&self, key: &PublicKey) -> Option<PrivateRoute> {
|
||||
pub fn peek_remote_private_route(&self, key: &TypedKey) -> Option<PrivateRoute> {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let cur_ts = get_aligned_timestamp();
|
||||
Self::with_peek_remote_private_route(inner, cur_ts, key, |r| {
|
||||
@ -1849,7 +1865,7 @@ impl RouteSpecStore {
|
||||
fn with_get_remote_private_route<F, R>(
|
||||
inner: &mut RouteSpecStoreInner,
|
||||
cur_ts: Timestamp,
|
||||
key: &PublicKey,
|
||||
remote_private_route: &TypedKey,
|
||||
f: F,
|
||||
) -> Option<R>
|
||||
where
|
||||
@ -1869,7 +1885,7 @@ impl RouteSpecStore {
|
||||
fn with_peek_remote_private_route<F, R>(
|
||||
inner: &mut RouteSpecStoreInner,
|
||||
cur_ts: Timestamp,
|
||||
key: &PublicKey,
|
||||
remote_private_route: &TypedKey,
|
||||
f: F,
|
||||
) -> Option<R>
|
||||
where
|
||||
@ -1891,7 +1907,7 @@ impl RouteSpecStore {
|
||||
|
||||
/// Check to see if this remote (not ours) private route has seen our current node info yet
|
||||
/// This happens when you communicate with a private route without a safety route
|
||||
pub fn has_remote_private_route_seen_our_node_info(&self, key: &PublicKey) -> bool {
|
||||
pub fn has_remote_private_route_seen_our_node_info(&self, remote_private_route: &TypedKey) -> bool {
|
||||
let our_node_info_ts = {
|
||||
let rti = &*self.unlocked_inner.routing_table.inner.read();
|
||||
let Some(ts) = rti.get_own_node_info_ts(RoutingDomain::PublicInternet) else {
|
||||
@ -1903,7 +1919,7 @@ impl RouteSpecStore {
|
||||
let opt_rpr_node_info_ts = {
|
||||
let inner = &mut *self.inner.lock();
|
||||
let cur_ts = get_aligned_timestamp();
|
||||
Self::with_peek_remote_private_route(inner, cur_ts, key, |rpr| {
|
||||
Self::with_peek_remote_private_route(inner, cur_ts, remote_private_route, |rpr| {
|
||||
rpr.last_seen_our_node_info_ts
|
||||
})
|
||||
};
|
||||
|
@ -360,7 +360,7 @@ impl RoutingTableInner {
|
||||
self.all_entries.remove_expired();
|
||||
|
||||
log_rtab!(debug
|
||||
"Routing table buckets purge complete. Routing table now has {} nodes",
|
||||
"Routing table buckets purge complete. Routing table now has {} nodes",
|
||||
self.bucket_entry_count()
|
||||
);
|
||||
}
|
||||
@ -383,8 +383,8 @@ impl RoutingTableInner {
|
||||
self.all_entries.remove_expired();
|
||||
|
||||
log_rtab!(debug
|
||||
"Routing table last_connections purge complete. Routing table now has {} nodes",
|
||||
self.bucket_entry_count()
|
||||
"Routing table last_connections purge complete. Routing table now has {} nodes",
|
||||
self.bucket_entry_count()
|
||||
);
|
||||
}
|
||||
|
||||
@ -506,9 +506,9 @@ impl RoutingTableInner {
|
||||
}
|
||||
|
||||
pub fn get_all_nodes(&self, outer_self: RoutingTable, cur_ts: Timestamp) -> Vec<NodeRef> {
|
||||
let mut node_refs = Vec::<NodeRef>::with_capacity(self.bucket_entry_count);
|
||||
self.with_entries(cur_ts, BucketEntryState::Unreliable, |_rti, k, v| {
|
||||
node_refs.push(NodeRef::new(outer_self.clone(), k, v, None));
|
||||
let mut node_refs = Vec::<NodeRef>::with_capacity(self.bucket_entry_count());
|
||||
self.with_entries(cur_ts, BucketEntryState::Unreliable, |_rti, entry| {
|
||||
node_refs.push(NodeRef::new(outer_self.clone(), entry, None));
|
||||
Option::<()>::None
|
||||
});
|
||||
node_refs
|
||||
@ -525,7 +525,7 @@ impl RoutingTableInner {
|
||||
) -> Option<NodeRef>
|
||||
where
|
||||
F: FnOnce(&mut RoutingTableInner, &mut BucketEntryInner),
|
||||
{
|
||||
{xxx continue here
|
||||
// Ensure someone isn't trying register this node itself
|
||||
if self.unlocked_inner.matches_own_node_id(node_ids) {
|
||||
log_rtab!(debug "can't register own node");
|
||||
|
@ -25,7 +25,6 @@ impl RoutingTable {
|
||||
|
||||
// Get the PublicInternet relay if we are using one
|
||||
let opt_relay_nr = self.relay_node(RoutingDomain::PublicInternet);
|
||||
let opt_relay_id = opt_relay_nr.map(|nr| nr.node_id());
|
||||
|
||||
// Get our publicinternet dial info
|
||||
let dids = self.all_filtered_dial_info_details(
|
||||
@ -35,38 +34,42 @@ impl RoutingTable {
|
||||
|
||||
// For all nodes needing pings, figure out how many and over what protocols
|
||||
for nr in node_refs {
|
||||
// If this is a relay, let's check for NAT keepalives
|
||||
// If this is our relay, let's check for NAT keepalives
|
||||
let mut did_pings = false;
|
||||
if Some(nr.node_id()) == opt_relay_id {
|
||||
// Relay nodes get pinged over all protocols we have inbound dialinfo for
|
||||
// This is so we can preserve the inbound NAT mappings at our router
|
||||
for did in &dids {
|
||||
// Do we need to do this ping?
|
||||
// Check if we have already pinged over this low-level-protocol/address-type/port combo
|
||||
// We want to ensure we do the bare minimum required here
|
||||
let pt = did.dial_info.protocol_type();
|
||||
let at = did.dial_info.address_type();
|
||||
let needs_ping = if let Some((llpt, port)) =
|
||||
mapped_port_info.protocol_to_port.get(&(pt, at))
|
||||
{
|
||||
mapped_port_info
|
||||
.low_level_protocol_ports
|
||||
.remove(&(*llpt, at, *port))
|
||||
} else {
|
||||
false
|
||||
};
|
||||
if needs_ping {
|
||||
let rpc = rpc.clone();
|
||||
let dif = did.dial_info.make_filter();
|
||||
let nr_filtered =
|
||||
nr.filtered_clone(NodeRefFilter::new().with_dial_info_filter(dif));
|
||||
log_net!("--> Keepalive ping to {:?}", nr_filtered);
|
||||
unord.push(
|
||||
async move { rpc.rpc_call_status(Destination::direct(nr_filtered)).await }
|
||||
if let Some(relay_nr) = opt_relay_nr {
|
||||
if nr.same_entry(&relay_nr) {
|
||||
// Relay nodes get pinged over all protocols we have inbound dialinfo for
|
||||
// This is so we can preserve the inbound NAT mappings at our router
|
||||
for did in &dids {
|
||||
// Do we need to do this ping?
|
||||
// Check if we have already pinged over this low-level-protocol/address-type/port combo
|
||||
// We want to ensure we do the bare minimum required here
|
||||
let pt = did.dial_info.protocol_type();
|
||||
let at = did.dial_info.address_type();
|
||||
let needs_ping = if let Some((llpt, port)) =
|
||||
mapped_port_info.protocol_to_port.get(&(pt, at))
|
||||
{
|
||||
mapped_port_info
|
||||
.low_level_protocol_ports
|
||||
.remove(&(*llpt, at, *port))
|
||||
} else {
|
||||
false
|
||||
};
|
||||
if needs_ping {
|
||||
let rpc = rpc.clone();
|
||||
let dif = did.dial_info.make_filter();
|
||||
let nr_filtered =
|
||||
nr.filtered_clone(NodeRefFilter::new().with_dial_info_filter(dif));
|
||||
log_net!("--> Keepalive ping to {:?}", nr_filtered);
|
||||
unord.push(
|
||||
async move {
|
||||
rpc.rpc_call_status(Destination::direct(nr_filtered)).await
|
||||
}
|
||||
.instrument(Span::current())
|
||||
.boxed(),
|
||||
);
|
||||
did_pings = true;
|
||||
);
|
||||
did_pings = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -79,6 +79,21 @@ pub fn decode_node_info(reader: &veilid_capnp::node_info::Reader) -> Result<Node
|
||||
.map(|s| s.to_vec())
|
||||
.unwrap_or_default();
|
||||
|
||||
// Ensure envelope versions are not duplicated
|
||||
// Unsorted is okay, some nodes may have a different envelope order preference
|
||||
// But nothing should show up more than once
|
||||
let mut eversions = envelope_support.clone();
|
||||
eversions.dedup();
|
||||
if eversions.len() != envelope_support.len() {
|
||||
return Err(RPCError::protocol("duplicate envelope versions"));
|
||||
}
|
||||
if envelope_support.len() > MAX_ENVELOPE_VERSIONS {
|
||||
return Err(RPCError::protocol("too many envelope versions"));
|
||||
}
|
||||
if envelope_support.len() == 0 {
|
||||
return Err(RPCError::protocol("no envelope versions"));
|
||||
}
|
||||
|
||||
let crypto_support: Vec<CryptoKind> = reader
|
||||
.reborrow()
|
||||
.get_crypto_support()
|
||||
@ -87,6 +102,21 @@ pub fn decode_node_info(reader: &veilid_capnp::node_info::Reader) -> Result<Node
|
||||
.map(|s| s.iter().map(|x| FourCC::from(x.to_be_bytes())).collect())
|
||||
.unwrap_or_default();
|
||||
|
||||
// Ensure crypto kinds are not duplicated
|
||||
// Unsorted is okay, some nodes may have a different crypto order preference
|
||||
// But nothing should show up more than once
|
||||
let mut ckinds = crypto_support.clone();
|
||||
ckinds.dedup();
|
||||
if ckinds.len() != crypto_support.len() {
|
||||
return Err(RPCError::protocol("duplicate crypto kinds"));
|
||||
}
|
||||
if crypto_support.len() > MAX_CRYPTO_KINDS {
|
||||
return Err(RPCError::protocol("too many crypto kinds"));
|
||||
}
|
||||
if crypto_support.len() == 0 {
|
||||
return Err(RPCError::protocol("no crypto kinds"));
|
||||
}
|
||||
|
||||
let didl_reader = reader
|
||||
.reborrow()
|
||||
.get_dial_info_detail_list()
|
||||
|
@ -43,8 +43,10 @@ pub fn decode_peer_info(
|
||||
for nid_reader in nids_reader.iter() {
|
||||
node_ids.add(decode_typed_key(&nid_reader)?);
|
||||
}
|
||||
let signed_node_info = decode_signed_node_info(&sni_reader, crypto, &node_ids)?;
|
||||
|
||||
let signed_node_info = decode_signed_node_info(&sni_reader, crypto, &mut node_ids)?;
|
||||
if node_ids.len() == 0 {
|
||||
return Err(RPCError::protocol("no verified node ids"));
|
||||
}
|
||||
Ok(PeerInfo {
|
||||
node_ids,
|
||||
signed_node_info,
|
||||
|
@ -35,7 +35,7 @@ pub fn encode_signed_direct_node_info(
|
||||
pub fn decode_signed_direct_node_info(
|
||||
reader: &veilid_capnp::signed_direct_node_info::Reader,
|
||||
crypto: Crypto,
|
||||
node_ids: &[TypedKey],
|
||||
node_ids: &mut TypedKeySet,
|
||||
) -> Result<SignedDirectNodeInfo, RPCError> {
|
||||
let ni_reader = reader
|
||||
.reborrow()
|
||||
|
@ -21,7 +21,7 @@ pub fn encode_signed_node_info(
|
||||
pub fn decode_signed_node_info(
|
||||
reader: &veilid_capnp::signed_node_info::Reader,
|
||||
crypto: Crypto,
|
||||
node_ids: &[TypedKey],
|
||||
node_ids: &mut TypedKeySet,
|
||||
) -> Result<SignedNodeInfo, RPCError> {
|
||||
match reader
|
||||
.which()
|
||||
|
@ -55,7 +55,7 @@ pub fn encode_signed_relayed_node_info(
|
||||
pub fn decode_signed_relayed_node_info(
|
||||
reader: &veilid_capnp::signed_relayed_node_info::Reader,
|
||||
crypto: Crypto,
|
||||
node_ids: &[TypedKey],
|
||||
node_ids: &mut TypedKeySet,
|
||||
) -> Result<SignedRelayedNodeInfo, RPCError> {
|
||||
let ni_reader = reader
|
||||
.reborrow()
|
||||
@ -81,7 +81,20 @@ pub fn decode_signed_relayed_node_info(
|
||||
.reborrow()
|
||||
.get_relay_info()
|
||||
.map_err(RPCError::protocol)?;
|
||||
let relay_info = decode_signed_direct_node_info(&ri_reader, crypto, &relay_ids)?;
|
||||
let relay_info = decode_signed_direct_node_info(&ri_reader, crypto, &mut relay_ids)?;
|
||||
|
||||
// Ensure the relay info for the node has a superset of the crypto kinds of the node it is relaying
|
||||
if common_crypto_kinds(
|
||||
&node_info.crypto_support,
|
||||
&relay_info.node_info.crypto_support,
|
||||
)
|
||||
.len()
|
||||
!= node_info.crypto_support.len()
|
||||
{
|
||||
return Err(RPCError::protocol(
|
||||
"relay should have superset of node crypto kinds",
|
||||
));
|
||||
}
|
||||
|
||||
let timestamp = reader.reborrow().get_timestamp().into();
|
||||
|
||||
|
@ -15,7 +15,7 @@ pub enum Destination {
|
||||
/// The relay to send to
|
||||
relay: NodeRef,
|
||||
/// The final destination the relay should send to
|
||||
target: TypedKey,
|
||||
target: NodeRef,
|
||||
/// Require safety route or not
|
||||
safety_selection: SafetySelection,
|
||||
},
|
||||
@ -36,7 +36,7 @@ impl Destination {
|
||||
safety_selection: SafetySelection::Unsafe(sequencing),
|
||||
}
|
||||
}
|
||||
pub fn relay(relay: NodeRef, target: TypedKey) -> Self {
|
||||
pub fn relay(relay: NodeRef, target: NodeRef) -> Self {
|
||||
let sequencing = relay.sequencing();
|
||||
Self::Relay {
|
||||
relay,
|
||||
@ -124,7 +124,7 @@ impl fmt::Display for Destination {
|
||||
""
|
||||
};
|
||||
|
||||
write!(f, "{}@{}{}", target.encode(), relay, sr)
|
||||
write!(f, "{}@{}{}", target, relay, sr)
|
||||
}
|
||||
Destination::PrivateRoute {
|
||||
private_route,
|
||||
@ -163,7 +163,7 @@ impl RPCProcessor {
|
||||
SafetySelection::Safe(safety_spec) => {
|
||||
// Sent directly but with a safety route, respond to private route
|
||||
let Some(pr_key) = rss
|
||||
.get_private_route_for_safety_spec(safety_spec, &[target.node_id()])
|
||||
.get_private_route_for_safety_spec(safety_spec, &target.node_ids())
|
||||
.map_err(RPCError::internal)? else {
|
||||
return Ok(NetworkResult::no_connection_other("no private route for response at this time"));
|
||||
};
|
||||
@ -187,11 +187,13 @@ impl RPCProcessor {
|
||||
}
|
||||
SafetySelection::Safe(safety_spec) => {
|
||||
// Sent via a relay but with a safety route, respond to private route
|
||||
let mut avoid_nodes = relay.node_ids();
|
||||
avoid_nodes.add_all(&target.node_ids());
|
||||
let Some(pr_key) = rss
|
||||
.get_private_route_for_safety_spec(safety_spec, &[relay.node_id(), *target])
|
||||
.map_err(RPCError::internal)? else {
|
||||
return Ok(NetworkResult::no_connection_other("no private route for response at this time"));
|
||||
};
|
||||
.get_private_route_for_safety_spec(safety_spec, &avoid_nodes)
|
||||
.map_err(RPCError::internal)? else {
|
||||
return Ok(NetworkResult::no_connection_other("no private route for response at this time"));
|
||||
};
|
||||
|
||||
// Get the assembled route for response
|
||||
let private_route = rss
|
||||
@ -209,6 +211,8 @@ impl RPCProcessor {
|
||||
return Err(RPCError::internal("destination private route must have first hop"));
|
||||
};
|
||||
|
||||
let crypto_kind = private_route.public_key.kind;
|
||||
|
||||
match safety_selection {
|
||||
SafetySelection::Unsafe(_) => {
|
||||
// Sent to a private route with no safety route, use a stub safety route for the response
|
||||
@ -221,7 +225,7 @@ impl RPCProcessor {
|
||||
if !routing_table.has_valid_own_node_info(RoutingDomain::PublicInternet) {
|
||||
return Ok(NetworkResult::no_connection_other("Own node info must be valid to use private route"));
|
||||
}
|
||||
RouteNode::NodeId(NodeId::new(routing_table.node_id()))
|
||||
RouteNode::NodeId(routing_table.node_id(crypto_kind))
|
||||
}
|
||||
false => {
|
||||
let Some(own_peer_info) =
|
||||
@ -233,7 +237,7 @@ impl RPCProcessor {
|
||||
};
|
||||
|
||||
Ok(NetworkResult::value(RespondTo::PrivateRoute(
|
||||
PrivateRoute::new_stub(routing_table.node_id(), route_node),
|
||||
PrivateRoute::new_stub(routing_table.node_id(crypto_kind), route_node),
|
||||
)))
|
||||
}
|
||||
SafetySelection::Safe(safety_spec) => {
|
||||
|
@ -167,17 +167,22 @@ impl VeilidAPI {
|
||||
// Private route allocation
|
||||
|
||||
#[instrument(level = "debug", skip(self))]
|
||||
pub async fn new_private_route(&self) -> Result<(TypedKey, Vec<u8>), VeilidAPIError> {
|
||||
self.new_custom_private_route(Stability::default(), Sequencing::default())
|
||||
.await
|
||||
pub async fn new_private_route(&self) -> Result<(TypedKeySet, Vec<u8>), VeilidAPIError> {
|
||||
self.new_custom_private_route(
|
||||
&VALID_CRYPTO_KINDS,
|
||||
Stability::default(),
|
||||
Sequencing::default(),
|
||||
)
|
||||
.await
|
||||
}
|
||||
|
||||
#[instrument(level = "debug", skip(self))]
|
||||
pub async fn new_custom_private_route(
|
||||
&self,
|
||||
crypto_kinds: &[CryptoKind],
|
||||
stability: Stability,
|
||||
sequencing: Sequencing,
|
||||
) -> Result<(TypedKey, Vec<u8>), VeilidAPIError> {
|
||||
) -> Result<(TypedKeySet, Vec<u8>), VeilidAPIError> {
|
||||
let default_route_hop_count: usize = {
|
||||
let config = self.config()?;
|
||||
let c = config.get();
|
||||
@ -187,6 +192,7 @@ impl VeilidAPI {
|
||||
let rss = self.routing_table()?.route_spec_store();
|
||||
let r = rss
|
||||
.allocate_route(
|
||||
&crypto_kinds,
|
||||
stability,
|
||||
sequencing,
|
||||
default_route_hop_count,
|
||||
@ -194,7 +200,7 @@ impl VeilidAPI {
|
||||
&[],
|
||||
)
|
||||
.map_err(VeilidAPIError::internal)?;
|
||||
let Some(pr_pubkey) = r else {
|
||||
let Some(pr_keys) = r else {
|
||||
apibail_generic!("unable to allocate route");
|
||||
};
|
||||
if !rss
|
||||
|
@ -35,7 +35,7 @@ pub type ValueSchema = FourCC;
|
||||
RkyvSerialize,
|
||||
RkyvDeserialize,
|
||||
)]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, PartialOrd, Ord, PartialEq, Eq))]
|
||||
#[archive_attr(repr(C), derive(CheckBytes, PartialOrd, Ord, PartialEq, Eq, Hash))]
|
||||
pub struct FourCC(pub [u8; 4]);
|
||||
|
||||
impl From<[u8; 4]> for FourCC {
|
||||
@ -513,7 +513,7 @@ impl SafetySelection {
|
||||
#[archive_attr(repr(C), derive(CheckBytes))]
|
||||
pub struct SafetySpec {
|
||||
/// preferred safety route if it still exists
|
||||
pub preferred_route: Option<PublicKey>,
|
||||
pub preferred_route: Option<TypedKey>,
|
||||
/// must be greater than 0
|
||||
pub hop_count: usize,
|
||||
/// prefer reliability over speed
|
||||
@ -1853,7 +1853,7 @@ pub struct SignedDirectNodeInfo {
|
||||
impl SignedDirectNodeInfo {
|
||||
pub fn new(
|
||||
crypto: Crypto,
|
||||
node_ids: &[TypedKey],
|
||||
node_ids: &mut TypedKeySet,
|
||||
node_info: NodeInfo,
|
||||
timestamp: Timestamp,
|
||||
typed_signatures: Vec<TypedSignature>,
|
||||
@ -1861,7 +1861,13 @@ impl SignedDirectNodeInfo {
|
||||
let node_info_bytes = Self::make_signature_bytes(&node_info, timestamp)?;
|
||||
|
||||
// Verify the signatures that we can
|
||||
crypto.verify_signatures(node_ids, &node_info_bytes, &typed_signatures)?;
|
||||
let valid_crypto_kinds =
|
||||
crypto.verify_signatures(node_ids, &node_info_bytes, &typed_signatures)?;
|
||||
node_ids.remove_all(&valid_crypto_kinds);
|
||||
if node_ids.len() == 0 {
|
||||
apibail_generic!("no valid node ids in direct node info");
|
||||
}
|
||||
|
||||
Ok(Self {
|
||||
node_info,
|
||||
timestamp,
|
||||
@ -1933,7 +1939,7 @@ pub struct SignedRelayedNodeInfo {
|
||||
impl SignedRelayedNodeInfo {
|
||||
pub fn new(
|
||||
crypto: Crypto,
|
||||
node_ids: &[TypedKey],
|
||||
node_ids: &mut TypedKeySet,
|
||||
node_info: NodeInfo,
|
||||
relay_ids: TypedKeySet,
|
||||
relay_info: SignedDirectNodeInfo,
|
||||
@ -1942,7 +1948,14 @@ impl SignedRelayedNodeInfo {
|
||||
) -> Result<Self, VeilidAPIError> {
|
||||
let node_info_bytes =
|
||||
Self::make_signature_bytes(&node_info, &relay_ids, &relay_info, timestamp)?;
|
||||
crypto.verify_signatures(node_ids, &node_info_bytes, &typed_signatures)?;
|
||||
let valid_crypto_kinds =
|
||||
crypto.verify_signatures(node_ids, &node_info_bytes, &typed_signatures)?;
|
||||
|
||||
node_ids.remove_all(&valid_crypto_kinds);
|
||||
if node_ids.len() == 0 {
|
||||
apibail_generic!("no valid node ids in relayed node info");
|
||||
}
|
||||
|
||||
Ok(Self {
|
||||
node_info,
|
||||
relay_ids,
|
||||
@ -2113,6 +2126,7 @@ pub struct PeerInfo {
|
||||
|
||||
impl PeerInfo {
|
||||
pub fn new(node_ids: TypedKeySet, signed_node_info: SignedNodeInfo) -> Self {
|
||||
assert!(node_ids.len() > 0 && node_ids.len() <= MAX_CRYPTO_KINDS);
|
||||
Self {
|
||||
node_ids,
|
||||
signed_node_info,
|
||||
|
Loading…
Reference in New Issue
Block a user