60ac1b77c5
Fix for GitHub issue #25
2013-10-28 13:22:23 -04:00
17778a36ba
Clean up secure random, add packet definitions for update distribution facility.
2013-10-27 07:26:50 -04:00
942cc0ca21
Certificate of membership works now... had to fix multicast propagation so COM is pushed with multicast, which makes tremendous sense in retrospect.
2013-10-25 14:51:55 -04:00
010616e3ae
Add some more TRACE output for certs.
2013-10-25 13:43:04 -04:00
1505e8dd50
Fix netconf init and identity transfer.
2013-10-25 13:04:58 -04:00
5901972958
More tying up of certificate of membership stuff in the client.
2013-10-24 16:57:26 -04:00
bbcd76ecd0
Netconf updates -- actually issue COM, and log attempts to access networks in NetworkActivity using the new authenticated flag in the new DB schema.
2013-10-24 16:19:53 -04:00
3de76fcab1
Make network autoconf a little more frequent to tighten up expiration times.
2013-10-21 16:11:29 -04:00
719dd2870d
Self-test for certificate of membership.
2013-10-21 15:47:33 -04:00
2f00ae4fd7
Version 0.6.1: minor bug fix, DBM removal
...
This version removes the peer DBM present in earlier releases. It is not necessary for
regular clients and has been a source of problems.
There is a long-term identity cache that can be enabled by making a directory called
"iddb.d" in the home folder and restarting ZT1. This is probably something only our
supernodes would need, since regular nodes can easily WHOIS peers they've forgotten
about.
On shutdown, the peer database is dumped to disk. It's then restored on startup.
Peers that have not been used in a while are cleaned out, so this keeps this data
set small.
A DBM may re-appear later if it's needed, but for now it was YAGNI.
2013-10-21 14:22:02 -04:00
5e71e07f59
Add persistent identity caching for use on supernodes. Activate by just making an iddb.d directory in the ZeroTier home folder. Also clean up some obsolete cruft from makefiles.
2013-10-21 14:12:00 -04:00
40e4f39181
Peers are now dumped on shutdown in a persistence cache and reloaded on startup, which is good enough for clients right now. Supernodes will get something else for long-term authoritative identity caching.
2013-10-21 11:15:47 -04:00
6e217dfcb0
Get rid of DBM, which technically is a case of YAGNI. Supernodes will need a way to save identities, but that can be a different feature. Regular clients do not really need a permanent cache (yet). When/if we do need one we can do it then. Until then it only caused problems.
2013-10-21 10:29:44 -04:00
70655cc3f7
Docs and auto-update of Earth network ID.
2013-10-20 16:00:41 -04:00
c89cdcc3fd
Blech... moving on!
2013-10-20 15:54:32 -04:00
1ed8a22d19
And then it turns out to be too slow on a slower 32-bit machine... we do want to do tablets eventually.
2013-10-20 15:46:36 -04:00
bad043729f
Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it.
2013-10-20 15:31:32 -04:00
3c5c3280ff
Fix an endian-non-neutrality bug in new hashcash identity algo.
2013-10-20 11:04:58 -04:00
8c9b73f67b
Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.
2013-10-18 17:39:48 -04:00
fbf6ab5d4d
Bug fixes: inverted sense bug, printf format bug.
2013-10-18 16:27:07 -04:00
e13d4df9ab
Forgot to set defaults if multicast parameters are unset.
2013-10-18 15:50:31 -04:00
fb7d9b1029
Oops we needed _r in there...
2013-10-18 15:00:55 -04:00
5ef758bbd4
Eliminate unused private field (compiler warning).
2013-10-18 14:27:37 -04:00
ca93b4a1ac
Clean up some stuff, including a few spots where exceptions were not being handled correctly.
2013-10-18 14:16:53 -04:00
03b909603a
Clean up the awful Network::Config mess and break that out into NetworkConfig.
2013-10-18 13:20:34 -04:00
5a8f213c23
Work in progress...
2013-10-18 12:01:48 -04:00
b10871cedc
More work in netconf cleanup.
2013-10-18 11:01:41 -04:00
9f107dbd4e
Work in progress on cleaning up netconf mess in node code...
2013-10-18 09:48:02 -04:00
e6eb65be00
Netconf support for ARP and NDP caching TTLs.
2013-10-17 16:49:31 -04:00
d0dbd869c9
Increase verbosity of multicast tracing and fix tap build problem / GitHub Issue #19
2013-10-17 15:20:43 -04:00
797bba04dd
Get rid of not used and maybe never to be used Filter code.
2013-10-17 13:07:53 -04:00
ce14ba9004
Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones.
2013-10-17 06:41:52 -04:00
7e7e28f5f7
Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers.
2013-10-17 05:37:01 -04:00
46f868bd4f
Lots of cleanup, more work on certificates, some security fixes.
2013-10-16 17:47:26 -04:00
58fa6cab43
Auto-pushing of membership certs on: MULTICAST_FRAME,FRAME,MULTICAST_LIKE and on receipt of MULTICAST_LIKE.
2013-10-07 17:00:53 -04:00
4d594b24bc
Automagically push netconf certs -- Network support.
2013-10-07 16:13:52 -04:00
b4ae1adfbf
Break out certificate of membership into its own class.
2013-10-07 15:29:03 -04:00
dcbc9c8ddd
Rename error code for no membership certificate.
2013-10-07 15:21:40 -04:00
430882327e
Couple of small fixes, works again with new ID code.
2013-10-07 15:00:38 -04:00
2fa2796f2a
Another tweak, hopefully final, to reduce variance on identity generation times.
2013-10-07 14:31:13 -04:00
343b7f44fc
Old algo for ID derivation was not in fact memory-hard since Salsa20 is seekable, so take two.
2013-10-07 12:48:27 -04:00
0c8614b9c6
Add a second arg to idtool generate to make generating both secret and public easier, add new supernode identities after generating them, fix known good and bad IDs in selftest.
2013-10-07 09:36:20 -04:00
5fa7a92048
Allocate genmem[] since its too big for the stack on some systems.
2013-10-06 05:28:25 -04:00
bc715fbd51
Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users.
2013-10-05 14:15:59 -04:00
4267e7da93
Remove a whole bunch of now-unnecessary cruft from Topology and PacketDecoder.
2013-10-05 10:19:12 -04:00
0e43e5e8f2
Rest of work on new hashcash based identity scheme.
2013-10-05 07:00:55 -04:00
b0187f4472
Hashcash-based identity, work in progress... committing to test speed on other boxes.
2013-10-05 06:00:47 -04:00
588a47be89
Some API improvements to C25519 in preparation for that thing I woke up thinking about at 4am.
2013-10-05 05:26:38 -04:00
ea4e1136dd
Flesh out membership certificate with signature, better serialize/deserialize, and rename parameter to qualifier to make better conceptual sense.
2013-10-04 12:24:21 -04:00
bb4a96c630
Add more info to remote multicast trace (debug facility).
2013-10-03 14:53:15 -04:00
