Adam Ierymenko
|
a577b8d381
|
Update how controller handles circuit tests -- save results to filesystem.
|
2017-03-01 16:33:34 -08:00 |
|
Adam Ierymenko
|
2b10a982e9
|
Match on tag sender equals or tag recipient equals.
|
2017-02-28 09:22:10 -08:00 |
|
Adam Ierymenko
|
10185e92fa
|
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
|
2017-02-23 11:47:36 -08:00 |
|
Adam Ierymenko
|
54fa73844c
|
Fix crash.
|
2017-02-21 13:48:29 -08:00 |
|
Adam Ierymenko
|
32f5a0ab18
|
Add default tag values and default set capabilities for new members.
|
2017-02-21 13:27:20 -08:00 |
|
Adam Ierymenko
|
672f17c6e9
|
Add a mask and value range to the IP tos rule field. This allows TOS to be matched more usefully. This will break anyone using tos in the beta, but nobody seems to be and its pre-release so now is the time.
|
2017-02-07 09:33:39 -08:00 |
|
Adam Ierymenko
|
ac3e883c05
|
One more place to add "break".
|
2017-02-06 14:07:30 -08:00 |
|
Adam Ierymenko
|
31db768e4d
|
A bit of code cleanup.
|
2017-02-04 00:23:31 -08:00 |
|
Adam Ierymenko
|
a064e19b8a
|
Refactor some JSON stuff for performance, and fix a build error.
|
2017-01-10 13:51:10 -08:00 |
|
Adam Ierymenko
|
bf2b9e3692
|
Auto-authorize new members on public networks properly.
|
2016-12-22 18:52:34 -08:00 |
|
Adam Ierymenko
|
0d066e3b08
|
Fix JSON parse bug in REDIRECT target.
|
2016-12-22 18:26:43 -08:00 |
|
Adam Ierymenko
|
fe530548bb
|
Fix MATCH_RANDOM in controller.
|
2016-12-22 16:57:45 -08:00 |
|
Adam Ierymenko
|
a54c2b438c
|
Basic support for streaming of changes via stdout from controller.
|
2016-12-15 15:08:47 -08:00 |
|
Adam Ierymenko
|
ccdd4ffda7
|
Move split() to OSUtils since it is not used in core.
|
2016-11-18 15:49:28 -08:00 |
|
Adam Ierymenko
|
25f9c294dc
|
Small bug fix and warning removal.
|
2016-11-18 13:01:45 -08:00 |
|
Adam Ierymenko
|
07b2a3818c
|
Fix TTL scaling in cert.
|
2016-11-15 14:26:05 -08:00 |
|
Adam Ierymenko
|
15c6e2ec70
|
Fix member deauthorization time threshold bug.
|
2016-11-15 14:06:25 -08:00 |
|
Adam Ierymenko
|
e26bee45fb
|
Multithreading in network controller. Threads are only started if controller is used.
|
2016-11-10 13:57:01 -08:00 |
|
Adam Ierymenko
|
1b10d3413a
|
Use circuit breaker only for requests.
|
2016-11-10 13:08:43 -08:00 |
|
Adam Ierymenko
|
f0fcd222a1
|
Actually push updates when things change.
|
2016-11-10 12:54:43 -08:00 |
|
Adam Ierymenko
|
298e4a9f14
|
Also avoid sending tags and caps to old members since there is no point.
|
2016-11-10 12:33:09 -08:00 |
|
Adam Ierymenko
|
226123ca08
|
Refactor controller to permit sending of pushes as well as just replies to config requests.
|
2016-11-10 11:54:47 -08:00 |
|
Adam Ierymenko
|
5ebf5077f5
|
Log last meta-data in controller, and ease up just a bit on keepalives.
|
2016-11-09 17:11:10 -08:00 |
|
Adam Ierymenko
|
1ebfca666d
|
Memo-ize some computed stuff to control CPU utilization.
|
2016-11-09 12:34:20 -08:00 |
|
Adam Ierymenko
|
3d948a930e
|
Send a blanket rule to old versions. New versions will still bidirecitonally enforce on the inbound side.
|
2016-11-08 14:24:30 -08:00 |
|
Adam Ierymenko
|
4524899e4d
|
Update LM time on members on request.
|
2016-11-08 12:41:27 -08:00 |
|
Adam Ierymenko
|
360c84e035
|
Minor fixes.
|
2016-11-08 00:05:18 +00:00 |
|
Adam Ierymenko
|
4868d21526
|
Bug fixes in controller refactor.
|
2016-11-07 23:49:03 +00:00 |
|
Adam Ierymenko
|
a78d7311a6
|
Fix network list API call.
|
2016-11-04 16:23:41 -07:00 |
|
Adam Ierymenko
|
08ff666e99
|
.
|
2016-11-04 16:14:58 -07:00 |
|
Adam Ierymenko
|
0d108d37f6
|
.
|
2016-11-04 16:12:44 -07:00 |
|
Adam Ierymenko
|
b03c7b2f30
|
Refactor controller to use split-out DB for better performance and less ugly.
|
2016-11-04 15:18:31 -07:00 |
|
Grant Limberg
|
8ffae313fd
|
add new files & remove old ones from VS project. Now builds & runs on Windows again
|
2016-11-03 12:10:50 -07:00 |
|
Adam Ierymenko
|
2cb760e0ac
|
Fix ICMP json.
|
2016-10-13 14:14:46 -07:00 |
|
Adam Ierymenko
|
2d6a4e5974
|
cleanup
|
2016-10-13 13:52:45 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
f0794e09b7
|
Controller cleanup.
|
2016-09-30 13:04:26 -07:00 |
|
Adam Ierymenko
|
1eeebba2f7
|
Drop old /active path from network.
|
2016-09-29 17:59:27 -07:00 |
|
Adam Ierymenko
|
2fc3d12fb6
|
Minor tweaks to member code in controller, and fix Linux build.
|
2016-09-29 14:48:39 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
7a00036954
|
Tweak log length to fit JSON for members within two 4096-kb blocks.
|
2016-08-29 18:10:02 -07:00 |
|
Adam Ierymenko
|
914c42537c
|
Type fixes.
|
2016-08-29 17:48:36 -07:00 |
|
Adam Ierymenko
|
297b1b4258
|
Another tiny API bug fix.
|
2016-08-26 14:16:55 -07:00 |
|
Adam Ierymenko
|
35ac995d05
|
Fix setting of v6AssignMode in controller.
|
2016-08-26 14:04:27 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
858e8c5217
|
one more...
|
2016-08-25 16:28:54 -07:00 |
|
Adam Ierymenko
|
df1ce856c9
|
A little bit more controller code cleanup.
|
2016-08-25 16:25:28 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
1814016eb7
|
Add daemon thread to controller and move network member cache refreshes there.
|
2016-08-25 11:26:45 -07:00 |
|
Adam Ierymenko
|
6ecb42b031
|
docs and null check in controller code
|
2016-08-25 10:46:03 -07:00 |
|
Adam Ierymenko
|
60bc291414
|
Add noAutoAssignIps for member of networks.
|
2016-08-24 17:05:43 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
8d594f8b53
|
cleanup
|
2016-08-23 16:05:10 -07:00 |
|
Adam Ierymenko
|
5f4df0c6a9
|
Controller cleanup and perf improvements.
|
2016-08-23 15:30:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
4dce71879f
|
.
|
2016-08-18 18:18:50 -07:00 |
|
Adam Ierymenko
|
212a5af9a5
|
Capabilities and tags in POST JSON.
|
2016-08-18 14:37:56 -07:00 |
|
Adam Ierymenko
|
1cadbfb4d1
|
Little fixes.
|
2016-08-18 13:47:02 -07:00 |
|
Adam Ierymenko
|
f119c4a456
|
Cache network members for performance, add network non-persisted fields.
|
2016-08-18 12:59:48 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b7ebf6edbf
|
Cleanup and log how member was authorized.
|
2016-08-17 13:54:32 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
168b86fdcd
|
Controller docs and API fix.
|
2016-08-17 12:27:07 -07:00 |
|
Adam Ierymenko
|
a13f4d8353
|
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
|
2016-08-17 10:42:32 -07:00 |
|