Commit Graph

1564 Commits

Author SHA1 Message Date
Adam Ierymenko
e4896b257f Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call. 2017-03-27 17:03:17 -07:00
Adam Ierymenko
78ef2c5f16 Windows build fixes, app about text revisions. 2017-03-17 20:01:58 -07:00
Adam Ierymenko
e10325e133 GitHub issue #461 -- plus a bit of cleanup and optimization 2017-03-17 17:15:23 -07:00
Adam Ierymenko
ef46d3c97d LZ4 cleanup 2017-03-17 23:09:18 +00:00
Adam Ierymenko
a9c08c5975 . 2017-03-17 22:35:56 +00:00
Adam Ierymenko
c467c3b7e4 ARM tweaks 2017-03-17 22:26:08 +00:00
Adam Ierymenko
cdc0eaec3a Fix attempt to WHOIS self. 2017-03-17 22:13:34 +00:00
Adam Ierymenko
a7cb738175 . 2017-03-17 14:25:54 -07:00
Adam Ierymenko
d1bb22a583 . 2017-03-17 14:09:30 -07:00
Adam Ierymenko
c6a39ed927 Fixes for possible ARM issues, cleanup, fix for spurious meaningless exceptions on NETWORK_CONFIG_REQUEST 2017-03-17 13:55:26 -07:00
Adam Ierymenko
010d0a7d56 Docs and a bit of cleanup. In particular ALL makes no sense for revocations because they have IDs. In that case you would just revoke the COM. 2017-03-13 06:53:23 -07:00
Adam Ierymenko
0f3148bda2 Roots need to respond to lots of WHOISes 2017-03-10 20:08:07 -08:00
Adam Ierymenko
e3b1fc2ac0 Tweak WHOIS path for federation. 2017-03-10 19:52:08 -08:00
Adam Ierymenko
db87d95c1d getUpstreamPeer issue with interim federated roots 2017-03-10 19:31:51 -08:00
Adam Ierymenko
47166c9614 Sigh. Another thinko. 2017-03-10 17:54:14 -08:00
Adam Ierymenko
ecacdf27a9 Build fix (typo) 2017-03-10 17:45:05 -08:00
Adam Ierymenko
aad6f79efa Also must mask off counter bits in IV in cryptField. 2017-03-10 17:44:25 -08:00
Adam Ierymenko
0c00b83702 cryptField() used to obscure extended fields in HELLO cannot use mangleKey() 2017-03-10 17:34:41 -08:00
Adam Ierymenko
a97918f812 Windows build fixes. 2017-03-07 13:57:31 -08:00
Adam Ierymenko
5e6a4e5f5e Send revocations automatically on deauth for instant kill, also fix some issues with the RP. 2017-03-06 15:12:28 -08:00
Adam Ierymenko
d56f740dc6 Now with less bugs. 2017-03-03 13:49:21 -08:00
Adam Ierymenko
a577b8d381 Update how controller handles circuit tests -- save results to filesystem. 2017-03-01 16:33:34 -08:00
Adam Ierymenko
136fddc7f1 Fix FILTER_TRACE breakage. 2017-03-01 15:14:57 -08:00
Adam Ierymenko
ce0c87f8ff Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2017-03-01 15:12:26 -08:00
Adam Ierymenko
d79585d44d Circuit tests now report link quality. Also fixed a little thing in revocation propagation. 2017-03-01 15:12:17 -08:00
Grant Limberg
592b628523 comment broken TRACE message 2017-03-01 14:50:28 -08:00
Adam Ierymenko
1d39be61b2 ZeroTier now has link quality measurement. We are not using this yet but decided to put it in to prep for future QoS support and SD-WAN stuff. 2017-03-01 14:36:52 -08:00
Adam Ierymenko
2bf9145ae6 Outgoing side of packet counter for link quality reporting. Also some cleanup and a cluster mode build fix. 2017-03-01 10:22:57 -08:00
Adam Ierymenko
127bcb02ff Save space in expecting-reply-to tracking. 2017-03-01 09:41:37 -08:00
Adam Ierymenko
2b10a982e9 Match on tag sender equals or tag recipient equals. 2017-02-28 09:22:10 -08:00
Adam Ierymenko
31bece7fa0 Add ipauth handling of IPv6 NDP neighbor solicitations and advertisements. IPv6 works well now with ipauth. 2017-02-28 07:43:40 -08:00
Adam Ierymenko
4436824faf ipauth characteristic now works with ARP 2017-02-27 17:51:58 -08:00
Adam Ierymenko
9d7ff26f25 Helps if you actually add the ipauth mask to the characteristics mask. 2017-02-23 14:27:31 -08:00
Adam Ierymenko
010dbc8b2b Merge. 2017-02-23 12:35:20 -08:00
Adam Ierymenko
72653e54f9 Finish wiring up ipauth and macauth to Network filter. 2017-02-23 12:34:17 -08:00
Grant Limberg
93ec86a26e iOS fixes 2017-02-23 12:26:11 -08:00
Adam Ierymenko
10185e92fa Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6. 2017-02-23 11:47:36 -08:00
Adam Ierymenko
b679ebde3b Ad-hoc networks, a cool and easy to implement little feature that allows controllerless networks. These only allow IPv6 6plane, no multicast, and the network ID encodes the allowed port range. 2017-02-22 15:32:55 -08:00
Adam Ierymenko
afba19e01c When deciding whether to send PUSH_DIRECT_PATHS we should check global trust flag, not the one passed into receive(). 2017-02-16 09:44:04 -08:00
Adam Ierymenko
af4e79735c Fix "orbit" semantics. Federation works. 2017-02-13 16:38:21 -08:00
Adam Ierymenko
969e09210d Fix loading of existing moons. 2017-02-13 16:14:48 -08:00
Adam Ierymenko
4b11566505 Integrate moon concept into http config bus, and clean up that code quite a bit. 2017-02-13 14:27:08 -08:00
Adam Ierymenko
e4b6611201 Only accept world updates from upstreams. 2017-02-13 09:46:34 -08:00
Adam Ierymenko
e6840a1863 Can't erase from vector using const_iterator on some C++ compilers.' 2017-02-13 09:26:05 -08:00
Adam Ierymenko
42f28bce52 Cleanup and make moons (federated roots) a little easier to deal with. 2017-02-13 09:03:48 -08:00
Adam Ierymenko
cdc289fa9c Tags work. 2017-02-07 14:06:40 -08:00
Adam Ierymenko
672f17c6e9 Add a mask and value range to the IP tos rule field. This allows TOS to be matched more usefully. This will break anyone using tos in the beta, but nobody seems to be and its pre-release so now is the time. 2017-02-07 09:33:39 -08:00
Adam Ierymenko
723a9a6e9a Small additional efficiency improvement. 2017-02-06 17:20:22 -08:00
Adam Ierymenko
59ba7c8bf5 Improve efficiency of pushCredentials() method since it gets called a lot. 2017-02-06 17:10:20 -08:00
Adam Ierymenko
78d548458b Capabilities basically work but need to refactor a bit for performance reasons. 2017-02-06 16:38:48 -08:00
Adam Ierymenko
9ddc2a4331 Add a break action to rules engine to make capabilities easier to use. 2017-02-06 14:00:49 -08:00
Adam Ierymenko
435e4c4695 Fix HELLO parse bug. 2017-02-06 12:06:10 -08:00
Adam Ierymenko
21f4a97c35 CSPRNG performance improvement, self test build fix. 2017-02-06 11:49:41 -08:00
Adam Ierymenko
e0d63c50db One more tweak after thinking about related keys and key stream reuse. Just a precaution. 2017-02-06 07:45:57 -08:00
Adam Ierymenko
803f74634a Tweak how we do crypto of the masked portions of HELLO just to be more "boring" in the DJB sense. 2017-02-06 07:39:38 -08:00
Adam Ierymenko
f85a630a64 Docs and a small build fix in debug mode. 2017-02-06 07:17:45 -08:00
Adam Ierymenko
43182f8f57 Docs, code cleanup, and protect the extra new fields of HELLO with encryption as a precaution. 2017-02-05 16:19:03 -08:00
Adam Ierymenko
594cb1fad8 Small fix for duplicates in world definitions. 2017-02-04 19:29:39 -08:00
Adam Ierymenko
3587aa1ea7 Add and send certificates of representation to tell people what our valid upstreams are. These are not used yet but will be needed for future privacy modes, etc. Also some cleanup. 2017-02-04 13:17:00 -08:00
Adam Ierymenko
beb642faa5 Stub out CAN_REACH. 2017-02-04 10:21:31 -08:00
Adam Ierymenko
31db768e4d A bit of code cleanup. 2017-02-04 00:23:31 -08:00
Adam Ierymenko
d9e4ba1280 Eliminate a little copypasta. 2017-02-04 00:04:44 -08:00
Adam Ierymenko
dcb1233b0d Slight refactor to RENEDEZVOUS sending code for federation. 2017-02-03 23:54:02 -08:00
Adam Ierymenko
8a2ff0b31e Actual documentation. 2017-02-03 19:47:00 -08:00
Adam Ierymenko
9284e4edfe agree() must be called on our identity, the one with the secret 2017-02-01 15:22:14 -08:00
Adam Ierymenko
62a705af1c Eliminate another check in cluster frontplane mode. 2017-02-01 14:35:07 -08:00
Adam Ierymenko
29ec7bf3a2 Add more specific check in source==self case instead of dumping it. 2017-02-01 14:18:56 -08:00
Adam Ierymenko
fc3f4fb988 Yeah that could never have worked (normal packets in cluster mode). 2017-02-01 14:05:13 -08:00
Adam Ierymenko
60ff280dcb Another tweak to cluster I/O rules. 2017-02-01 13:52:53 -08:00
Adam Ierymenko
b378f5dcd7 Take 3 2017-02-01 13:20:51 -08:00
Adam Ierymenko
e778d45128 Still want to send WANT_PEER under two failure modes. 2017-02-01 12:51:52 -08:00
Adam Ierymenko
5e11cf6378 Can't armor() a packet until all flags are set. 2017-02-01 12:32:06 -08:00
Adam Ierymenko
5dbebc513a Minor send path refactor to make packet I/O work on clusters if they are members of networks. Also fix a crash if compiled in cluster mode but no cluster is enabled. 2017-02-01 12:00:25 -08:00
Adam Ierymenko
6d5a3cd2e2 Remove debug code. Cluster network config sharing seems to work. 2017-01-30 16:23:38 -08:00
Adam Ierymenko
f9ad80aa13 . 2017-01-30 16:15:47 -08:00
Adam Ierymenko
ed31cb76d6 Fix to cluster network configs. 2017-01-30 16:04:05 -08:00
Adam Ierymenko
eebd271bb1 Implement cross cluster sharing of network configs to make clusters able to actually join networks. 2017-01-30 15:40:22 -08:00
Adam Ierymenko
471108f2e4 Slightly increase thread stack size for safety (primary Alpine related) possibly GitHub #443 2017-01-30 08:01:36 -08:00
Adam Ierymenko
2ceb162df0 Merge pull request #442 from zielmicha/allow-managed
allow user to specify arbitrary allowed IP networks in allowManaged
2017-01-30 06:54:49 -08:00
Adam Ierymenko
5fa1d9796c zerotier-idtool commands to init and generate moons 2017-01-27 17:34:39 -08:00
Adam Ierymenko
77a1dd4737 Dead code removal, fix minor issue in upstream endpoint check. 2017-01-27 16:25:53 -08:00
Adam Ierymenko
9e7c778cc8 Fix deadlock. 2017-01-27 16:16:06 -08:00
Adam Ierymenko
1d775af34a Fix moon persistence. 2017-01-27 15:35:21 -08:00
Adam Ierymenko
9f7919f71f Add comments to join ("orbit") moons. 2017-01-27 15:27:26 -08:00
Adam Ierymenko
0b3b994241 Relay policy can now be computed. 2017-01-27 14:05:09 -08:00
Adam Ierymenko
bc218f9414 little fix 2017-01-27 13:52:29 -08:00
Adam Ierymenko
f102fd7f92 Extend in-band world updates to handle moons too. 2017-01-27 13:50:56 -08:00
Adam Ierymenko
64774d0d4f Replace piecemeal designation of upstreams with the concept of moons, which is simpler and easier to use and inherits all the cool live update stuff of worlds (now called planets) and global roots. 2017-01-27 13:27:52 -08:00
Michał Zieliński
8f2a42d1ad allow user to specify arbitrary allowed IP networks in allowManaged 2017-01-23 12:16:40 +01:00
Adam Ierymenko
9a475eeff9 Windows build fix, warning removal. 2017-01-20 12:00:18 -08:00
Adam Ierymenko
0995c1dcaa Encapsulate LZ4 in Packet.cpp to eliminate dependency. 2017-01-19 15:16:04 -08:00
Adam Ierymenko
7612bf3302 Fix LZ4 warning. 2017-01-19 14:54:39 -08:00
Adam Ierymenko
0fb3d1d582 Add a build version for software update use so we can do very minor updates within a version. 2017-01-18 09:16:23 -08:00
Adam Ierymenko
1346e31a8e Windows build fixes, Software update fix, warning removal. 2017-01-13 14:22:36 -08:00
Adam Ierymenko
d7e7ad4f88 Can't send a user message to self. 2017-01-11 17:46:52 -08:00
Adam Ierymenko
d5528e4e9a Wire up VERB_USER_MESSAGE in core. 2017-01-09 15:55:07 -08:00
Adam Ierymenko
c8554504f3 . 2016-12-22 18:37:46 -08:00
Adam Ierymenko
6b12d86209 Add a workaround for an edge case in TEE/REDIRECT if we are the inbound destination and teeing is only being done on the outbound side. 2016-12-22 18:06:35 -08:00
Adam Ierymenko
fe530548bb Fix MATCH_RANDOM in controller. 2016-12-22 16:57:45 -08:00
Adam Ierymenko
2eaff6d484 Fix to characteristcs in rules engine. 2016-12-22 16:36:38 -08:00
Adam Ierymenko
244f37179c Minor security: lock roots to only be reachable via World IPs. 2016-12-05 16:09:42 -08:00
Adam Ierymenko
fa2bb91ae5 Kill some old debug code. 2016-11-30 10:48:09 -08:00
Adam Ierymenko
84732fcb12 Wire through external path lookup. Static paths should now work. 2016-11-22 14:23:13 -08:00
Adam Ierymenko
42ba70e79e Replace long callback arg list with struct, and implement path whitelisting, path blacklisting, and local.conf support for roles. 2016-11-22 10:54:58 -08:00
Adam Ierymenko
cbaef66e82 Fix a deadlock in federation/upstream code. 2016-11-21 16:04:01 -08:00
Adam Ierymenko
97d915b06c Expose relay policy in node settings. 2016-11-21 15:35:18 -08:00
Adam Ierymenko
ccdd4ffda7 Move split() to OSUtils since it is not used in core. 2016-11-18 15:49:28 -08:00
Adam Ierymenko
673c0c811e Wire through upstream stuff and add setRole(). 2016-11-18 13:48:49 -08:00
Adam Ierymenko
6e1da35c12 Remove debug. 2016-11-18 13:15:58 -08:00
Adam Ierymenko
25f9c294dc Small bug fix and warning removal. 2016-11-18 13:01:45 -08:00
Adam Ierymenko
2ea9f516e1 Rate gate expensive validation of new identities in HELLO. 2016-11-18 12:59:04 -08:00
Adam Ierymenko
ab4021dd0e Do packet MAC check before locallyValidate(), and add timing measurement in selftest. 2016-11-18 11:09:19 -08:00
Adam Ierymenko
1fcbb1fbed Proactively auto-load designated upstreams. 2016-11-18 10:39:26 -08:00
Adam Ierymenko
39333c9e8e Modify unite() to deal with a second layer of upstreams. 2016-11-17 16:59:04 -08:00
Adam Ierymenko
1615ef1114 Rename getBestRoot() etc. 2016-11-17 16:31:58 -08:00
Adam Ierymenko
bf8d71e82c Add notion of upstream that is separate from root in Topology, etc. 2016-11-17 16:20:41 -08:00
Adam Ierymenko
12d32b9311 Small fix to send pushes if not a reply. 2016-11-10 11:57:45 -08:00
Adam Ierymenko
226123ca08 Refactor controller to permit sending of pushes as well as just replies to config requests. 2016-11-10 11:54:47 -08:00
Adam Ierymenko
5ebf5077f5 Log last meta-data in controller, and ease up just a bit on keepalives. 2016-11-09 17:11:10 -08:00
Adam Ierymenko
c61ca1dea2 Keep connections up for netconf stuff as well as frames. 2016-11-09 16:04:08 -08:00
Grant Limberg
8ffae313fd add new files & remove old ones from VS project. Now builds & runs on Windows again 2016-11-03 12:10:50 -07:00
Adam Ierymenko
27d997a2e5 . 2016-10-13 15:17:17 -07:00
Adam Ierymenko
6469aa9df9 typo 2016-10-13 14:28:39 -07:00
Adam Ierymenko
ce6b5bc6f5 . 2016-10-13 14:21:24 -07:00
Adam Ierymenko
4f3775bb86 Fix ICMP match. 2016-10-13 14:21:00 -07:00
Adam Ierymenko
8850a8610a Fix filter trace. 2016-10-13 13:59:17 -07:00
Adam Ierymenko
2d6a4e5974 cleanup 2016-10-13 13:52:45 -07:00
Adam Ierymenko
93b4ac5cb2 Remove unused POW code, will revisit later. 2016-10-13 13:17:30 -07:00
Adam Ierymenko
3f4c166861 Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-10-11 12:00:38 -07:00
Adam Ierymenko
e53f63ca87 Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed. 2016-10-11 12:00:16 -07:00
Grant Limberg
6a50291aa2 Fix the case for InetAddress::containsAddress for IPv6 route of :: 2016-10-07 14:29:06 -07:00
Adam Ierymenko
45c4ccb153 Add a tags both equal match. 2016-10-05 16:38:42 -07:00
Adam Ierymenko
adeb7e7da0 Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want. 2016-10-05 12:54:46 -07:00
Adam Ierymenko
d5f4d381d0 Go ahead and loop back packets whose destination is self. Some OSes require this since they aactually follow the full network path even for local IPs. 2016-10-05 10:12:06 -07:00
Adam Ierymenko
988049f39b Add new rule to rules engine: random match. 2016-09-30 14:07:00 -07:00
Adam Ierymenko
9eaa3756f8 Fix deadlock-causing regression in Network. 2016-09-30 12:22:54 -07:00
Adam Ierymenko
4fe9a4fe83 Fix memory leak. 2016-09-28 16:13:59 -07:00
Adam Ierymenko
01129d02b3 hashCode() for InetAddress 2016-09-28 13:45:25 -07:00
Adam Ierymenko
e1fbf7b34c Check multicast limit on send after NDP emulation code. 2016-09-28 12:21:08 -07:00
Adam Ierymenko
7e90ab3534 TRACE verbosity increase on exceptions in NETWORK_CREDENTIALS. 2016-09-28 11:06:44 -07:00
Adam Ierymenko
5ee1ccd659 Send need credential error on more cases. 2016-09-27 16:41:08 -07:00
Adam Ierymenko
0b44919ba2 Clusters can send multiple OKs so we must allow this. 2016-09-27 16:33:37 -07:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
5ba7ca91c0 TRACE build fix. 2016-09-27 12:44:44 -07:00
Adam Ierymenko
cc4bacc199 Cleanup, and implement compression disable flag for networks. 2016-09-27 12:22:25 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00