Introduce node IDs.

This introduces a new type of identifier for nodes, which complements
node names: node IDs. Node IDs are defined as the first 6 bytes of the
SHA-256 hash of the node name. They will be used in future code in lieu
of node names as unique node identifiers in contexts where space is at
a premium (such as VPN packets).

The semantics of node IDs is that they are supposed to be unique in a
tinc graph; i.e. two different nodes that are part of the same graph
should not have the same ID, otherwise things could break. This
solution provides this guarantee based on realistic probabilities:
indeed, according to the birthday problem, with a 48-bit hash, the
probability of at least one collision is 1e-13 with 10 nodes, 1e-11
with 100 nodes, 1e-9 with 1000 nodes and 1e-7 with 10000 nodes. Things
only start getting hairy with more than 1 million nodes, as the
probability gets over 0.2%.

diff --git a/src/info.c b/src/info.c
index c9b0094..b9a6fcf 100644 (file)
--- a/src/info.c
+++ b/src/info.c
@@ -50,6 +50,7 @@ static int info_node(int fd, const char *item) {
        char line[4096];
 
        char node[4096];
+       char id[4096];
        char from[4096];
        char to[4096];
        char subnet[4096];
@@ -68,12 +69,12 @@ static int info_node(int fd, const char *item) {
        long int last_state_change;
 
        while(recvline(fd, line, sizeof line)) {
-               int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
+               int n = sscanf(line, "%d %d %s %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, id, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
 
                if(n == 2)
                        break;
 
-               if(n != 18) {
+               if(n != 19) {
                        fprintf(stderr, "Unable to parse node dump from tincd.\n");
                        return 1;
                }
@@ -95,6 +96,7 @@ static int info_node(int fd, const char *item) {
        }
 
        printf("Node:         %s\n", item);
+       printf("Node ID:      %s\n", id);
        printf("Address:      %s port %s\n", host, port);
 
        char timestr[32] = "never";

diff --git a/src/net.h b/src/net.h
index d8aa64c..6e575d4 100644 (file)
--- a/src/net.h
+++ b/src/net.h
@@ -52,6 +52,10 @@ typedef struct ipv6_t {
        uint16_t x[8];
 } ipv6_t;
 
+typedef struct node_id_t {
+       uint8_t x[6];
+} node_id_t;
+
 typedef short length_t;
 
 #define AF_UNKNOWN 255

diff --git a/src/node.c b/src/node.c
index 0cb2445..80da676 100644 (file)
--- a/src/node.c
+++ b/src/node.c
@@ -30,7 +30,10 @@
 #include "utils.h"
 #include "xalloc.h"
 
+static digest_t *sha256;
+
 splay_tree_t *node_tree;
+static splay_tree_t *node_id_tree;
 static hash_t *node_udp_cache;
 
 node_t *myself;
@@ -39,14 +42,24 @@ static int node_compare(const node_t *a, const node_t *b) {
        return strcmp(a->name, b->name);
 }
 
+static int node_id_compare(const node_t *a, const node_t *b) {
+       return memcmp(&a->id, &b->id, sizeof(node_id_t));
+}
+
 void init_nodes(void) {
+       sha256 = digest_open_by_name("sha256", sizeof(node_id_t));
+
        node_tree = splay_alloc_tree((splay_compare_t) node_compare, (splay_action_t) free_node);
+       node_id_tree = splay_alloc_tree((splay_compare_t) node_id_compare, NULL);
        node_udp_cache = hash_alloc(0x100, sizeof(sockaddr_t));
 }
 
 void exit_nodes(void) {
        hash_free(node_udp_cache);
+       splay_delete_tree(node_id_tree);
        splay_delete_tree(node_tree);
+
+       digest_close(sha256);
 }
 
 node_t *new_node(void) {
@@ -93,7 +106,10 @@ void free_node(node_t *n) {
 }
 
 void node_add(node_t *n) {
+       digest_create(sha256, n->name, strlen(n->name), &n->id);
+
        splay_insert(node_tree, n);
+       splay_insert(node_id_tree, n);
 }
 
 void node_del(node_t *n) {
@@ -103,6 +119,7 @@ void node_del(node_t *n) {
        for splay_each(edge_t, e, n->edge_tree)
                edge_del(e);
 
+       splay_delete(node_id_tree, n);
        splay_delete(node_tree, n);
 }
 
@@ -114,6 +131,14 @@ node_t *lookup_node(char *name) {
        return splay_search(node_tree, &n);
 }
 
+node_t *lookup_node_id(const node_id_t *id) {
+       node_t n = {NULL};
+
+       n.id = *id;
+
+       return splay_search(node_id_tree, &n);
+}
+
 node_t *lookup_node_udp(const sockaddr_t *sa) {
        return hash_search(node_udp_cache, sa);
 }
@@ -150,12 +175,17 @@ void update_node_udp(node_t *n, const sockaddr_t *sa) {
 }
 
 bool dump_nodes(connection_t *c) {
-       for splay_each(node_t, n, node_tree)
-               send_request(c, "%d %d %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES,
-                          n->name, n->hostname ?: "unknown port unknown", cipher_get_nid(n->outcipher),
+       for splay_each(node_t, n, node_tree) {
+               char id[2 * sizeof n->id + 1];
+               for (size_t c = 0; c < sizeof n->id; ++c)
+                       sprintf(id + 2 * c, "%02hhx", n->id.x[c]);
+               id[sizeof id - 1] = 0;
+               send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES,
+                          n->name, id, n->hostname ?: "unknown port unknown", cipher_get_nid(n->outcipher),
                           digest_get_nid(n->outdigest), (int)digest_length(n->outdigest), n->outcompression,
                           n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-",
                           n->via ? n->via->name ?: "-" : "-", n->distance, n->mtu, n->minmtu, n->maxmtu, (long)n->last_state_change);
+       }
 
        return send_request(c, "%d %d", CONTROL, REQ_DUMP_NODES);
 }

diff --git a/src/node.h b/src/node.h
index 605477e..b6db18b 100644 (file)
--- a/src/node.h
+++ b/src/node.h
@@ -43,6 +43,7 @@ typedef struct node_status_t {
 
 typedef struct node_t {
        char *name;                             /* name of this node */
+       node_id_t id;                           /* unique node ID (name hash) */
        uint32_t options;                       /* options turned on for this node */
 
        int sock;                               /* Socket to use for outgoing UDP packets */
@@ -111,6 +112,7 @@ extern void free_node(node_t *);
 extern void node_add(node_t *);
 extern void node_del(node_t *);
 extern node_t *lookup_node(char *);
+extern node_t *lookup_node_id(const node_id_t *);
 extern node_t *lookup_node_udp(const sockaddr_t *);
 extern bool dump_nodes(struct connection_t *);
 extern bool dump_traffic(struct connection_t *);

diff --git a/src/tincctl.c b/src/tincctl.c
index b15676c..b287467 100644 (file)
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -1002,6 +1002,7 @@ static int cmd_dump(int argc, char *argv[]) {
                        break;
 
                char node[4096];
+               char id[4096];
                char from[4096];
                char to[4096];
                char subnet[4096];
@@ -1019,8 +1020,8 @@ static int cmd_dump(int argc, char *argv[]) {
 
                switch(req) {
                        case REQ_DUMP_NODES: {
-                               int n = sscanf(line, "%*d %*d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_int, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
-                               if(n != 16) {
+                               int n = sscanf(line, "%*d %*d %s %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", node, id, host, port, &cipher, &digest, &maclength, &compression, &options, &status_int, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
+                               if(n != 17) {
                                        fprintf(stderr, "Unable to parse node dump from tincd: %s\n", line);
                                        return 1;
                                }
@@ -1043,8 +1044,8 @@ static int cmd_dump(int argc, char *argv[]) {
                                } else {
                                        if(only_reachable && !status.reachable)
                                                continue;
-                                       printf("%s at %s port %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s distance %d pmtu %hd (min %hd max %hd)\n",
-                                                       node, host, port, cipher, digest, maclength, compression, options, status_int, nexthop, via, distance, pmtu, minmtu, maxmtu);
+                                       printf("%s id %s at %s port %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s distance %d pmtu %hd (min %hd max %hd)\n",
+                                                       node, id, host, port, cipher, digest, maclength, compression, options, status_int, nexthop, via, distance, pmtu, minmtu, maxmtu);
                                }
                        } break;