Make encrypted HELLO a local.conf setting -- 99.999999% of users do not need it and it introduces scalability problems on large controllers.

node/Node.cpp

@@ -43,7 +43,7 @@ namespace ZeroTier {
 /* Public Node interface (C++, exposed via CAPI bindings)                   */
 /****************************************************************************/
 
-Node::Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
+Node::Node(void* uptr, void* tptr, const struct ZT_Node_Config* config, const struct ZT_Node_Callbacks* callbacks, int64_t now)
 	: _RR(this)
 	, RR(&_RR)
 	, _uPtr(uptr)
@@ -59,6 +59,7 @@ Node::Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, in
 		throw ZT_EXCEPTION_INVALID_ARGUMENT;
 	}
 	memcpy(&_cb, callbacks, sizeof(ZT_Node_Callbacks));
+	memcpy(&_config, config, sizeof(ZT_Node_Config));
 
 	// Initialize non-cryptographic PRNG from a good random source
 	Utils::getSecureRandom((void*)_prngState, sizeof(_prngState));
@@ -918,11 +919,11 @@ void Node::ncSendError(uint64_t nwid, uint64_t requestPacketId, const Address& d
 
 extern "C" {
 
-enum ZT_ResultCode ZT_Node_new(ZT_Node** node, void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
+enum ZT_ResultCode ZT_Node_new(ZT_Node** node, const struct ZT_Node_Config* config, void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
 {
 	*node = (ZT_Node*)0;
 	try {
-		*node = reinterpret_cast<ZT_Node*>(new ZeroTier::Node(uptr, tptr, callbacks, now));
+		*node = reinterpret_cast<ZT_Node*>(new ZeroTier::Node(uptr, tptr, config, callbacks, now));
 		return ZT_RESULT_OK;
 	}
 	catch (std::bad_alloc& exc) {

node/Node.hpp

@@ -20,13 +20,10 @@
 #include "NetworkController.hpp"
 #include "Path.hpp"
 #include "RuntimeEnvironment.hpp"
-#include "Salsa20.hpp"
 #include "SelfAwareness.hpp"
 
-#include <map>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <vector>
 
 // Bit mask for "expecting reply" hash
@@ -44,7 +41,7 @@ class World;
  */
 class Node : public NetworkController::Sender {
   public:
-	Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now);
+	Node(void* uptr, void* tptr, const struct ZT_Node_Config* config, const struct ZT_Node_Callbacks* callbacks, int64_t now);
 	virtual ~Node();
 
 	// Get rid of alignment warnings on 32-bit Windows and possibly improve performance
@@ -285,12 +282,22 @@ class Node : public NetworkController::Sender {
 
 	inline void setLowBandwidthMode(bool isEnabled)
 	{
-		_lowBandwidthMode = isEnabled;
+		_config.lowBandwidthMode = (int)isEnabled;
+	}
+
+	inline void setEncryptedHelloEnabled(bool isEnabled)
+	{
+		_config.enableEncryptedHello = (int)isEnabled;
 	}
 
 	inline bool lowBandwidthModeEnabled()
 	{
-		return _lowBandwidthMode;
+		return _config.lowBandwidthMode != 0;
+	}
+
+	inline bool encryptedHelloEnabled()
+	{
+		return _config.enableEncryptedHello != 0;
 	}
 
 	void initMultithreading(unsigned int concurrency, bool cpuPinningEnabled);
@@ -300,6 +307,7 @@ class Node : public NetworkController::Sender {
 	RuntimeEnvironment* RR;
 	void* _uPtr;   // _uptr (lower case) is reserved in Visual Studio :P
 	ZT_Node_Callbacks _cb;
+	ZT_Node_Config _config;
 
 	// For tracking packet IDs to filter out OK/ERROR replies to packets we did not send
 	uint8_t _expectingRepliesToBucketPtr[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1];

node/Peer.cpp

@@ -459,7 +459,7 @@ void Peer::sendHELLO(void* tPtr, const int64_t localSocket, const InetAddress& a
 	Metrics::pkt_hello_out++;
 
 	if (atAddress) {
-		outp.armor(_key, false, true, nullptr, _id);
+		outp.armor(_key, false, RR->node->encryptedHelloEnabled(), nullptr, _id);
 		RR->node->expectReplyTo(outp.packetId());
 		RR->node->putPacket(tPtr, RR->node->lowBandwidthModeEnabled() ? localSocket : -1, atAddress, outp.data(), outp.size());
 	}