Commit Graph

180 Commits

Author SHA1 Message Date
Adam Ierymenko
cecfa99b7b (1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4) 2016-04-18 16:44:23 -07:00
Adam Ierymenko
43fff1a87e Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this. 2016-02-22 12:59:26 -08:00
Adam Ierymenko
4e4fd51117 boring doc stuff 2016-01-12 14:04:55 -08:00
Adam Ierymenko
d8143a5e18 Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev) 2016-01-05 16:41:54 -08:00
Adam Ierymenko
cba739fd6b more dead code 2016-01-05 14:46:26 -08:00
Adam Ierymenko
fb5237d5b6 Outline dead path detection mechanism. 2016-01-05 14:42:56 -08:00
Adam Ierymenko
258f95b2cd dead code removal 2016-01-05 14:19:16 -08:00
Adam Ierymenko
436c1fac1d Selectively move over changes from "edge" to "dev" excluding netcon. 2015-12-21 16:15:39 -08:00
Adam Ierymenko
57b71bfff0 Cluster simplification and refactor work in progress... 2015-11-08 13:57:02 -08:00
Adam Ierymenko
f1b6427e63 Decided to make this 1.1.0 (semantic versioning increment is warranted), and add a legacy hack for older clients working with clusters. 2015-11-02 09:32:56 -08:00
Adam Ierymenko
9617208e40 Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers. 2015-10-27 09:53:43 -07:00
Adam Ierymenko
619e113748 Work in progress on Cluster for new root infrastructure, multi-homing. 2015-10-14 14:12:12 -07:00
Adam Ierymenko
824ed99160 . 2015-10-13 12:42:54 -07:00
Adam Ierymenko
5d2f523e81 World stuff... 2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1 More World stuff, and mkworld. 2015-10-13 08:49:36 -07:00
Adam Ierymenko
1b1945c63e Work in progress on refactoring root-topology into World and adding in-band updates. 2015-10-12 18:25:29 -07:00
Adam Ierymenko
aec13b50fd Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history. 2015-10-09 15:05:26 -07:00
Adam Ierymenko
3fa6dd377f docs 2015-10-09 08:51:57 -07:00
Adam Ierymenko
273f0d18b0 docs 2015-10-08 09:05:25 -07:00
Adam Ierymenko
fea1b6b2c3 docs 2015-10-07 16:25:08 -07:00
Adam Ierymenko
0ce0bc00d2 Make sure received() gets called for some new messages, and docs. 2015-10-07 16:20:54 -07:00
Adam Ierymenko
69b44bf9a5 Finally add an ECHO. 2015-10-07 16:11:50 -07:00
Adam Ierymenko
e5f168f599 Add proof of work request for future DDOS mitigation use. 2015-10-07 13:35:46 -07:00
Adam Ierymenko
ab0228f626 More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class. 2015-10-07 10:30:47 -07:00
Adam Ierymenko
d3f29d09e8 Plumbing through circuit test stuff. 2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd Handling of CIRCUIT_TEST, should be ready to test. 2015-10-06 11:47:16 -07:00
Adam Ierymenko
0d0039674f Add new verb names, and fix some Mac compiler flags. 2015-09-30 14:48:07 -07:00
Adam Ierymenko
1a4f16e0ed More work on circuit testing... 2015-09-30 13:59:05 -07:00
Adam Ierymenko
2d0adb562d Specify circuit test messages. 2015-09-27 11:37:39 -07:00
Adam Ierymenko
0b354803f3 Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank. 2015-07-13 10:03:04 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02 A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable. 2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter. 2015-07-07 08:14:41 -07:00
Adam Ierymenko
79e9a8bcc2 Almost everything for GitHub issue #180 except direct path map setup. 2015-07-06 15:28:48 -07:00
Adam Ierymenko
255320e2a6 pushDirectPaths() implementation 2015-07-06 14:39:28 -07:00
Adam Ierymenko
93bb934d4e Some cleanup, docs, and Path -> Path > RemotePath refactor. 2015-07-06 14:08:13 -07:00
Adam Ierymenko
9743db3538 docs 2015-07-06 12:37:37 -07:00
Adam Ierymenko
e5f7c55c54 Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch. 2015-07-06 12:34:35 -07:00
Adam Ierymenko
0cbbcf2884 Rename VERB_CMA to the more descriptive VERB_PHYSICAL_ADDRESS_PUSH 2015-06-29 16:01:01 -07:00
Adam Ierymenko
7bae95836c Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address. 2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673 Renamed supernode to rootserver 2015-05-06 12:05:20 +02:00
Adam Ierymenko
845955dea5 Add definition for VERB_CMA -- GitHub issue #180 2015-06-13 18:08:00 +02:00
Adam Ierymenko
0bdd56ebd6 A few revisions to PFS design. 2015-05-15 09:04:39 -07:00
Adam Ierymenko
e94518590d First stab of PFS design work with PKC security -- may not implement in 1.0.3 but stubbing out. 2015-05-14 17:41:05 -07:00
Adam Ierymenko
a8835cd8b3 Some prep work to make room for perfect forward security (PFS). Will not affect existing clients. 2015-05-13 18:53:37 -07:00
Adam Ierymenko
e922324bc6 Stop inlining all the Packet armor/dearmor stuff to reduce binary bloat. This stuff is called all over the place. 2015-05-04 18:39:53 -07:00
Adam Ierymenko
49f031ccb4 Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc. 2015-04-07 19:31:11 -07:00
Adam Ierymenko
a2821e9000 Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz. 2015-04-06 20:17:21 -07:00
Adam Ierymenko
6eb9289367 Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch. 2015-04-03 16:52:53 -07:00
Adam Ierymenko
1f28ce3980 Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc. 2015-04-01 19:09:18 -07:00
Adam Ierymenko
93012b0ee5 Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware] 2015-02-17 13:11:34 -08:00
Adam Ierymenko
89f0c948f8 Physical address change message verb. 2015-02-04 11:59:02 -08:00
Adam Ierymenko
64ba596e0b C++ network config master ready to test. 2015-01-08 14:27:55 -08:00
Adam Ierymenko
4e95384ad6 Cleanup, add tristate to config code in Network, and happy new year! 2015-01-05 17:47:59 -08:00
Adam Ierymenko
96e9a90e8e docs 2015-01-05 16:19:56 -08:00
Adam Ierymenko
87c599df5c Back out service message type -- YAGNI violation. 2015-01-05 15:52:02 -08:00
Adam Ierymenko
56cfe1d603 Strip out old Service code, add new service message type. 2015-01-05 11:47:22 -08:00
Adam Ierymenko
5484cf4309 More cleanup, and fix a bug in Multicaster::gather() 2014-10-29 16:24:19 -07:00
Adam Ierymenko
5bb854e504 Fix a nasty bug introduced in packet fragmentation a while back during refactoring, and a few other things related to multicast. 2014-10-28 17:25:34 -07:00
Adam Ierymenko
4941c8a1f3 New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes. 2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4 Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership. 2014-10-09 12:42:25 -07:00
Adam Ierymenko
87f1b1b1e3 Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way. 2014-10-06 13:16:16 -07:00
Adam Ierymenko
1109046782 Last steps before test: parse OK(MULTICAST_GATHER) and OK(MULTICAST_FRAME) 2014-10-02 13:50:37 -07:00
Adam Ierymenko
dee86e2448 But since we are now using middle 3 bits we can assign sane values for the cipher suite enum. 2014-10-02 11:13:53 -07:00
Adam Ierymenko
17da733f97 Gotta support old encrypted flag, move cipher spec to middle 3 bits... due to some shortsighted design early-on. In the future this can die once there are no old peers. 2014-10-02 11:08:59 -07:00
Adam Ierymenko
23836d4c11 Change "encrypted" flag to full cipher suite selector. Go ahead and reserve AES256-GCM which might be added in the future. 2014-10-02 10:54:34 -07:00
Adam Ierymenko
e53d208ea4 Improve security posture by eliminating non-const data() accessor from Buffer. 2014-10-02 10:06:29 -07:00
Adam Ierymenko
b41437780b Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket... 2014-09-30 17:26:34 -07:00
Adam Ierymenko
2659427864 Multicaster needs to be global, not per-network, and a bunch of other stuff. 2014-09-30 16:28:25 -07:00
Adam Ierymenko
8607aa7c3c Everything in for new multicast except IncomingPacket parsing... 2014-09-30 08:38:03 -07:00
Adam Ierymenko
ed0ba49502 A few more revisions to new multicast verbs. 2014-09-26 14:18:25 -07:00
Adam Ierymenko
9e186bbd89 . 2014-09-25 15:57:43 -07:00
Adam Ierymenko
431476e2e4 Some more multicast algo work... 2014-09-24 13:45:58 -07:00
Adam Ierymenko
954f9cbc13 Yet more WIP on mulitcast algo... 2014-09-22 13:18:24 -07:00
Adam Ierymenko
d9abd4d9be Work on defining new direct broadcast multicast algorithm. 2014-09-18 18:28:14 -07:00
Adam Ierymenko
9b93141dd0 Upgrade LZ4 to latest version. 2014-07-30 15:34:15 -07:00
Adam Ierymenko
aead1050fb Bridging (GitHub issue #68) does indeed work! Just needed to fix a packet size thinko. 2014-06-21 12:29:33 -04:00
Adam Ierymenko
6e485833ef . 2014-06-21 12:25:10 -04:00
Adam Ierymenko
d6a4f8d77b Add flags to EXT_FRAME for better future proofness. 2014-06-12 11:40:30 -07:00
Adam Ierymenko
c30f9832b0 Packet decoder work for EXT_FRAME for bridging - GitHub issue #68 2014-06-10 21:41:34 -07:00
Adam Ierymenko
fb31f93c52 Protocol messages for bridging. GitHub issue #68 2014-06-10 15:25:15 -07:00
Adam Ierymenko
aee742e767 More toward GitHub issue #56 2014-04-10 16:30:15 -07:00
Adam Ierymenko
b5c3a92be2 Boring stuff: update dates in copyrights across all files. 2014-02-16 12:40:22 -08:00
Adam Ierymenko
8b65b3e6d7 Yank PROBE stuff since it's not used and was a premature addition to the protocol. 2014-01-28 10:41:43 -08:00
Adam Ierymenko
07f505971c Windows build fixes. 2014-01-17 17:09:59 -08:00
Adam Ierymenko
10df5dcf70 Fix several things:
(1) The changes to path learning in the two previous releases were poorly thought out,
and this version should remedy that by introducing PROBE. This is basically a kind of
ECHO request and is used to authenticate endpoints that are not learned via a valid
request/response pair. Thus we will still passively learn endpoints, but securely.

(2) Turns out there was a security oversight in _doHELLO() that could have permitted...
well... I'm not sure it was exploitable to do anything particularly interesting since
a bad identity would be discarded anyway, but fix it just the same.
2013-12-31 11:03:45 -08:00
Adam Ierymenko
612c17240a Dead code removal, fix for cleanup GitHub issue #28 2013-12-06 16:49:20 -08:00
Adam Ierymenko
f5d397e8c8 Pull in-band file transfer stuff. Toyed around with that idea, but it seems that updates for some platforms are big enough and there are enough reliability concerns that just using TCP/HTTP is safer and easier. 2013-12-04 10:45:15 -08:00
Adam Ierymenko
9fdec3acfc More updater work... coming along. 2013-11-05 17:08:29 -05:00
Adam Ierymenko
6c63bfce69 File transfer work, add identities for validation of updates. 2013-11-04 17:31:00 -05:00
Adam Ierymenko
ae138566a9 Updater code, work in progress... 2013-11-01 12:38:38 -04:00
Adam Ierymenko
17778a36ba Clean up secure random, add packet definitions for update distribution facility. 2013-10-27 07:26:50 -04:00
Adam Ierymenko
942cc0ca21 Certificate of membership works now... had to fix multicast propagation so COM is pushed with multicast, which makes tremendous sense in retrospect. 2013-10-25 14:51:55 -04:00
Adam Ierymenko
8c9b73f67b Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance. 2013-10-18 17:39:48 -04:00
Adam Ierymenko
ce14ba9004 Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones. 2013-10-17 06:41:52 -04:00
Adam Ierymenko
7e7e28f5f7 Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers. 2013-10-17 05:37:01 -04:00
Adam Ierymenko
46f868bd4f Lots of cleanup, more work on certificates, some security fixes. 2013-10-16 17:47:26 -04:00
Adam Ierymenko
4d594b24bc Automagically push netconf certs -- Network support. 2013-10-07 16:13:52 -04:00
Adam Ierymenko
dcbc9c8ddd Rename error code for no membership certificate. 2013-10-07 15:21:40 -04:00
Adam Ierymenko
4267e7da93 Remove a whole bunch of now-unnecessary cruft from Topology and PacketDecoder. 2013-10-05 10:19:12 -04:00