Fixes federation bug (#480)

* Fixes federation bug * Fixes federation bug * Update edge_utils.c
4 years ago · e48f1fcc73
2 changed files with 221 additions and 188 deletions
--- a/src/edge_utils.c
+++ b/src/edge_utils.c
@ -819,13 +819,14 @@ static int sort_supernodes(n2n_edge_t *eee, time_t now){
      // this routine gets periodically called
      // it sorts supernodes in ascending order of their ping_time-fields
        HASH_SORT(eee->conf.supernodes, ping_time_sort);
-        eee->last_sweep = now;
+    }

    HASH_ITER(hh, eee->conf.supernodes, scan, tmp){
      scan->ping_time = MAX_PING_TIME;
    }
-    }
+
    send_query_peer(eee, null_mac);
+    eee->last_sweep = now;
  }

  return 0; /* OK */
@ -2006,8 +2007,17 @@ void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
                for(i=0; i<ra.num_sn; i++){
                  skip_add = NO_SKIP;
                  sn = add_sn_to_list_by_mac_or_sock(&(eee->conf.supernodes), tmp_sock, tmp_mac, &skip_add);
+
                  if(skip_add == ADDED){
-        traceEvent(TRACE_NORMAL, "Supernode added to the list of supernodes.");
+                    sn->ip_addr = calloc(1,N2N_EDGE_SN_HOST_SIZE);
+                    if(sn->ip_addr != NULL){
+                      inet_ntop(tmp_sock->family,
+                                (tmp_sock->family == AF_INET)?(void*)&tmp_sock->addr.v4:(void*)&tmp_sock->addr.v6,
+                                sn->ip_addr, N2N_EDGE_SN_HOST_SIZE-1);
+                      sprintf (sn->ip_addr, "%s:%u", sn->ip_addr, (uint16_t)tmp_sock->port);
+                    }
+                    sn->last_valid_time_stamp = initial_time_stamp();
+                    traceEvent(TRACE_NORMAL, "Supernode '%s' added to the list of supernodes.", sn->ip_addr);
                  }

                  /* REVISIT: find a more elegant expression to increase following pointers. */
--- a/src/sn_utils.c
+++ b/src/sn_utils.c
@ -691,7 +691,7 @@ static int process_mgmt(n2n_sn_t *sss,
    }
  }
  ressize += snprintf(resbuf + ressize, N2N_SN_PKTBUF_SIZE - ressize,
-		      "-------------------------------------------------------------------------------------------------\n");
+		      "---------------------------------------------------------------------------------\n");

  ressize += snprintf(resbuf + ressize, N2N_SN_PKTBUF_SIZE - ressize,
 		      "uptime %lu | ", (now - sss->start_time));
@ -1091,7 +1091,6 @@ static int process_udp(n2n_sn_t * sss,
      }

  if(!comm && (!sss->lock_communities || (match == 1))) {
-
    comm = (struct sn_community*)calloc(1,sizeof(struct sn_community));

    if(comm) {
@ -1277,21 +1276,45 @@ if(comm) {
    size_t                           encx=0;
    n2n_common_t                     cmn2;
    n2n_PEER_INFO_t                  pi;
+    struct sn_community_regular_expression *re, *tmp_re;
+    struct peer_info		     *peer, *tmp_peer, *p;
+    int8_t                           allowed_match = -1;
+    uint8_t                          match = 0;
+    int			             match_length = 0;

-    if(!comm) {
+    if(!comm && sss->lock_communities) {
+      HASH_ITER(hh, sss->rules, re, tmp_re) {
+        allowed_match = re_matchp(re->rule, (const char *)cmn.community, &match_length);
+
+	if( (allowed_match != -1)
+         && (match_length == strlen((const char *)cmn.community)) // --- only full match…
+	 && (allowed_match == 0)) {                 // --- only full matches allowed (re…
+	  match = 1;
+	  break;
+	}
+      }
+      if(match != 1) {
        traceEvent(TRACE_DEBUG, "process_udp QUERY_PEER from unknown community %s", cmn.community);
        return -1;
      }
+    }
+
+    if(!comm && sss->lock_communities && (match == 0)) {
+      traceEvent(TRACE_DEBUG, "process_udp QUERY_PEER from not allowed community %s", cmn.community);
+      return -1;
+    }

    decode_QUERY_PEER( &query, &cmn, udp_buf, &rem, &idx );

    // already checked for valid comm
+    if (comm) {
      if(comm->header_encryption == HEADER_ENCRYPTION_ENABLED) {
        if(!find_edge_time_stamp_and_verify (comm->edges, from_supernode, query.srcMac, stamp, TIME_STAMP_ALLOW_JITTER)) {
 	  traceEvent(TRACE_DEBUG, "process_udp dropped QUERY_PEER due to time stamp error.");
 	  return -1;
 	}
      }
+    }

    if(memcmp(query.targetMac, null_mac, sizeof(n2n_mac_t)) == 0){
      traceEvent( TRACE_DEBUG, "Rx PING from %s. Requested data: %d",
@ -1309,10 +1332,12 @@ if(comm) {

      encode_PEER_INFO( encbuf, &encx, &cmn2, &pi );

+      if(comm){
        if(comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
          packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
 			         comm->header_iv_ctx,
 			         time_stamp (), pearson_hash_16 (encbuf, encx));
+      }

      sendto( sss->sock, encbuf, encx, 0,
 	      (struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
@ -1327,7 +1352,6 @@ if(comm) {

      struct peer_info *scan;
      HASH_FIND_PEER(comm->edges, query.targetMac, scan);
-
        if (scan) {
 	  cmn2.ttl = N2N_DEFAULT_TTL;
 	  cmn2.pc = n2n_peer_info;
@ -1354,7 +1378,6 @@ if(comm) {
 	  traceEvent( TRACE_DEBUG, "Ignoring QUERY_PEER for unknown edge %s",
 		      macaddr_str( mac_buf, query.targetMac ) );
 	}
-
     }

    break;