|
|
|
|
@ -725,15 +725,24 @@ public:
|
|
|
|
|
OSUtils::ztsnprintf(portstr,sizeof(portstr),"%u",_ports[0]); |
|
|
|
|
OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S "zerotier-one.port").c_str(),std::string(portstr)); |
|
|
|
|
|
|
|
|
|
// Attempt to bind to a secondary port chosen from our ZeroTier address.
|
|
|
|
|
// Attempt to bind to a secondary port.
|
|
|
|
|
// This exists because there are buggy NATs out there that fail if more
|
|
|
|
|
// than one device behind the same NAT tries to use the same internal
|
|
|
|
|
// private address port number. Buggy NATs are a running theme.
|
|
|
|
|
//
|
|
|
|
|
// This used to pick the secondary port based on the node ID until we
|
|
|
|
|
// discovered another problem: buggy routers and malicious traffic
|
|
|
|
|
// "detection". A lot of routers have such things built in these days
|
|
|
|
|
// and mis-detect ZeroTier traffic as malicious and block it resulting
|
|
|
|
|
// in a node that appears to be in a coma. Secondary ports are now
|
|
|
|
|
// randomized on startup.
|
|
|
|
|
if (_allowSecondaryPort) { |
|
|
|
|
if (_secondaryPort) { |
|
|
|
|
_ports[1] = _secondaryPort; |
|
|
|
|
} else { |
|
|
|
|
_ports[1] = 20000 + ((unsigned int)_node->address() % 45500); |
|
|
|
|
unsigned int randp = 0; |
|
|
|
|
Utils::getSecureRandom(&randp,sizeof(randp)); |
|
|
|
|
_ports[1] = 20000 + (randp % 45500); |
|
|
|
|
for(int i=0;;++i) { |
|
|
|
|
if (i > 1000) { |
|
|
|
|
_ports[1] = 0; |
|
|
|
|
|
Grant Limberg
5 years ago