Adam Ierymenko
719dd2870d
Self-test for certificate of membership.
2013-10-21 15:47:33 -04:00
Adam Ierymenko
2f00ae4fd7
Version 0.6.1: minor bug fix, DBM removal
...
This version removes the peer DBM present in earlier releases. It is not necessary for
regular clients and has been a source of problems.
There is a long-term identity cache that can be enabled by making a directory called
"iddb.d" in the home folder and restarting ZT1. This is probably something only our
supernodes would need, since regular nodes can easily WHOIS peers they've forgotten
about.
On shutdown, the peer database is dumped to disk. It's then restored on startup.
Peers that have not been used in a while are cleaned out, so this keeps this data
set small.
A DBM may re-appear later if it's needed, but for now it was YAGNI.
2013-10-21 14:22:02 -04:00
Adam Ierymenko
5e71e07f59
Add persistent identity caching for use on supernodes. Activate by just making an iddb.d directory in the ZeroTier home folder. Also clean up some obsolete cruft from makefiles.
2013-10-21 14:12:00 -04:00
Adam Ierymenko
40e4f39181
Peers are now dumped on shutdown in a persistence cache and reloaded on startup, which is good enough for clients right now. Supernodes will get something else for long-term authoritative identity caching.
2013-10-21 11:15:47 -04:00
Adam Ierymenko
6e217dfcb0
Get rid of DBM, which technically is a case of YAGNI. Supernodes will need a way to save identities, but that can be a different feature. Regular clients do not really need a permanent cache (yet). When/if we do need one we can do it then. Until then it only caused problems.
2013-10-21 10:29:44 -04:00
Adam Ierymenko
bbfd43e036
VERSION 0.6.0 BETA: please upgrade!
...
Version 0.6.0 marks the transition of ZeroTier One from ALPHA to BETA.
Major updates to the web site and binary packages for MacOS and Linux
are coming soon, followed by Windows soon thereafter.
This version contains a number of changes including:
* Speed improvements to encryption
* A new much-improved identity algorithm, which unfortunately requires an
identity regeneration. This should happen automatically, and should be
the last time for a good long while assuming there's nothing wrong with
what's here.
* Cleaned up the Network::Config mess in the code, factored out Config
into its own NetworkConfig class.
* Lots of work to support private networks, which are still in testing.
Concurrent with the web site update will be another minor release to
include any fixes there.
* Some changes to the protocol for better future-proofing.
* Netconf support for ARP caching parameters configurable on per-network
basis.
You must update to stay connected to the network; this version will not
talk to 0.5.0. After this, I'm going to be much more reluctant to make
incompatible changes.
2013-10-20 16:14:27 -04:00
Adam Ierymenko
70655cc3f7
Docs and auto-update of Earth network ID.
2013-10-20 16:00:41 -04:00
Adam Ierymenko
c89cdcc3fd
Blech... moving on!
2013-10-20 15:54:32 -04:00
Adam Ierymenko
1ed8a22d19
And then it turns out to be too slow on a slower 32-bit machine... we do want to do tablets eventually.
2013-10-20 15:46:36 -04:00
Adam Ierymenko
bad043729f
Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it.
2013-10-20 15:31:32 -04:00
Adam Ierymenko
3c5c3280ff
Fix an endian-non-neutrality bug in new hashcash identity algo.
2013-10-20 11:04:58 -04:00
Adam Ierymenko
8c9b73f67b
Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.
2013-10-18 17:39:48 -04:00
Adam Ierymenko
37e3bc3467
Bump version.h to version 0.6.0... almost there!
2013-10-18 16:59:15 -04:00
Adam Ierymenko
8d3dc3a44b
Add commented out gprof makefile options to Linux build.
2013-10-18 16:51:05 -04:00
Adam Ierymenko
fbf6ab5d4d
Bug fixes: inverted sense bug, printf format bug.
2013-10-18 16:27:07 -04:00
Adam Ierymenko
e13d4df9ab
Forgot to set defaults if multicast parameters are unset.
2013-10-18 15:50:31 -04:00
Adam Ierymenko
fb7d9b1029
Oops we needed _r in there...
2013-10-18 15:00:55 -04:00
Adam Ierymenko
5ef758bbd4
Eliminate unused private field (compiler warning).
2013-10-18 14:27:37 -04:00
Adam Ierymenko
ca93b4a1ac
Clean up some stuff, including a few spots where exceptions were not being handled correctly.
2013-10-18 14:16:53 -04:00
Adam Ierymenko
03b909603a
Clean up the awful Network::Config mess and break that out into NetworkConfig.
2013-10-18 13:20:34 -04:00
Adam Ierymenko
5a8f213c23
Work in progress...
2013-10-18 12:01:48 -04:00
Adam Ierymenko
b10871cedc
More work in netconf cleanup.
2013-10-18 11:01:41 -04:00
Adam Ierymenko
9f107dbd4e
Work in progress on cleaning up netconf mess in node code...
2013-10-18 09:48:02 -04:00
Adam Ierymenko
e6eb65be00
Netconf support for ARP and NDP caching TTLs.
2013-10-17 16:49:31 -04:00
Adam Ierymenko
dd7758e33e
Add multicast trace receiver to attic/. Another run of multicast trace reveals fairly nice behavior. It looks like the traffic jams are the fault of ARP, which results from a gaggle of hosts trying to send ping replies. ARP caching will help with that quite a bit.
2013-10-17 16:27:46 -04:00
Adam Ierymenko
d0dbd869c9
Increase verbosity of multicast tracing and fix tap build problem / GitHub Issue #19
2013-10-17 15:20:43 -04:00
Adam Ierymenko
9ece65da23
Fix some old column names in netconf.
2013-10-17 13:52:39 -04:00
Adam Ierymenko
7701e25a45
Merge branch 'adamierymenko-dev' of shub-niggurath.zerotier.com:/git/ZeroTierOne into adamierymenko-dev
2013-10-17 13:08:09 -04:00
Adam Ierymenko
797bba04dd
Get rid of not used and maybe never to be used Filter code.
2013-10-17 13:07:53 -04:00
Adam Ierymenko
f7bf9da881
Compile fix for netconf.
2013-10-17 11:22:03 -04:00
Adam Ierymenko
ce14ba9004
Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones.
2013-10-17 06:41:52 -04:00
Adam Ierymenko
555471200c
Add DISTINCT to queue query.
2013-10-17 05:40:04 -04:00
Adam Ierymenko
7e7e28f5f7
Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers.
2013-10-17 05:37:01 -04:00
Adam Ierymenko
46f868bd4f
Lots of cleanup, more work on certificates, some security fixes.
2013-10-16 17:47:26 -04:00
Adam Ierymenko
58fa6cab43
Auto-pushing of membership certs on: MULTICAST_FRAME,FRAME,MULTICAST_LIKE and on receipt of MULTICAST_LIKE.
2013-10-07 17:00:53 -04:00
Adam Ierymenko
4d594b24bc
Automagically push netconf certs -- Network support.
2013-10-07 16:13:52 -04:00
Adam Ierymenko
b4ae1adfbf
Break out certificate of membership into its own class.
2013-10-07 15:29:03 -04:00
Adam Ierymenko
dcbc9c8ddd
Rename error code for no membership certificate.
2013-10-07 15:21:40 -04:00
Adam Ierymenko
430882327e
Couple of small fixes, works again with new ID code.
2013-10-07 15:00:38 -04:00
Adam Ierymenko
2fa2796f2a
Another tweak, hopefully final, to reduce variance on identity generation times.
2013-10-07 14:31:13 -04:00
Adam Ierymenko
343b7f44fc
Old algo for ID derivation was not in fact memory-hard since Salsa20 is seekable, so take two.
2013-10-07 12:48:27 -04:00
Adam Ierymenko
0c8614b9c6
Add a second arg to idtool generate to make generating both secret and public easier, add new supernode identities after generating them, fix known good and bad IDs in selftest.
2013-10-07 09:36:20 -04:00
Adam Ierymenko
5fa7a92048
Allocate genmem[] since its too big for the stack on some systems.
2013-10-06 05:28:25 -04:00
Adam Ierymenko
bc715fbd51
Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users.
2013-10-05 14:15:59 -04:00
Adam Ierymenko
a31c54b44b
Remove an obsolete column from Node table in netconf.
2013-10-05 10:45:23 -04:00
Adam Ierymenko
4267e7da93
Remove a whole bunch of now-unnecessary cruft from Topology and PacketDecoder.
2013-10-05 10:19:12 -04:00
Adam Ierymenko
0e43e5e8f2
Rest of work on new hashcash based identity scheme.
2013-10-05 07:00:55 -04:00
Adam Ierymenko
b0187f4472
Hashcash-based identity, work in progress... committing to test speed on other boxes.
2013-10-05 06:00:47 -04:00
Adam Ierymenko
588a47be89
Some API improvements to C25519 in preparation for that thing I woke up thinking about at 4am.
2013-10-05 05:26:38 -04:00
Adam Ierymenko
ea4e1136dd
Flesh out membership certificate with signature, better serialize/deserialize, and rename parameter to qualifier to make better conceptual sense.
2013-10-04 12:24:21 -04:00