Commit Graph

3527 Commits

Author SHA1 Message Date
Grant Limberg
69c5976775 fix typo in assert size 2016-10-04 17:35:52 -07:00
Adam Ierymenko
988049f39b Add new rule to rules engine: random match. 2016-09-30 14:07:00 -07:00
Adam Ierymenko
6651b8310e Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-30 13:47:40 -07:00
Adam Ierymenko
0843ed62fa Network delete fix. 2016-09-30 13:47:30 -07:00
Grant Limberg
d817039f79 Add IPv6 Neighbor Discovery code. Not yet tested. 2016-09-30 13:18:17 -07:00
Adam Ierymenko
f0794e09b7 Controller cleanup. 2016-09-30 13:04:26 -07:00
Adam Ierymenko
9eaa3756f8 Fix deadlock-causing regression in Network. 2016-09-30 12:22:54 -07:00
Adam Ierymenko
1eeebba2f7 Drop old /active path from network. 2016-09-29 17:59:27 -07:00
Adam Ierymenko
2fc3d12fb6 Minor tweaks to member code in controller, and fix Linux build. 2016-09-29 14:48:39 -07:00
Adam Ierymenko
4fe9a4fe83 Fix memory leak. 2016-09-28 16:13:59 -07:00
Adam Ierymenko
01129d02b3 hashCode() for InetAddress 2016-09-28 13:45:25 -07:00
Adam Ierymenko
e1fbf7b34c Check multicast limit on send after NDP emulation code. 2016-09-28 12:21:08 -07:00
Adam Ierymenko
7e90ab3534 TRACE verbosity increase on exceptions in NETWORK_CREDENTIALS. 2016-09-28 11:06:44 -07:00
Adam Ierymenko
5ee1ccd659 Send need credential error on more cases. 2016-09-27 16:41:08 -07:00
Adam Ierymenko
0b44919ba2 Clusters can send multiple OKs so we must allow this. 2016-09-27 16:33:37 -07:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
5ba7ca91c0 TRACE build fix. 2016-09-27 12:44:44 -07:00
Adam Ierymenko
cc4bacc199 Cleanup, and implement compression disable flag for networks. 2016-09-27 12:22:25 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
236fdb450c cleanup attic 2016-09-27 07:02:16 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
siigna
e35bca2c3c Move debian/format to debian/source/format
Fixes the following error during package building:
dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1)

Reference:
https://www.debian.org/doc/manuals/maint-guide/dother.en.html#sourcef
2016-09-23 20:13:37 -07:00
Adam Ierymenko
46049a1ef6 Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-23 16:08:44 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Grant Limberg
40d3993ceb java code still needed to reflect PEER_ROLE_RELAY rename to PEER_ROLE_UPSTREAM 2016-09-21 14:12:20 -07:00
Grant Limberg
0564bb3b35 added missing copyright/license info from ZT_jniutils 2016-09-21 14:09:46 -07:00
Adam Ierymenko
29711e123f Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-20 21:21:43 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Grant Limberg
d87f0293e3 Don't print a few error messages when they don't matter. 2016-09-19 13:40:53 -07:00
Grant Limberg
5fadd8bdd2 ZT_PEER_ROLE_RELAY -> ZT_PEER_ROLE_UPSTREAM in JNI glue 2016-09-19 12:54:19 -07:00
Grant Limberg
3366b53247 Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev 2016-09-18 18:10:03 -07:00
Adam Ierymenko
68e549233d Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness). 2016-09-15 13:17:37 -07:00
Adam Ierymenko
24fce0be86 No, definitely have to back out GitHub issue #385 (non-bisected routes) since this breaks IPv6 on OSX and probably IPv4 too if you were to encounter a 6-only situation. 2016-09-14 22:23:56 -07:00
Adam Ierymenko
740b34124f Naming... 2016-09-14 17:35:50 -07:00
Adam Ierymenko
15402933bc Add physical MTU recommendation hint to network config via API. 2016-09-14 16:55:25 -07:00
Adam Ierymenko
8d0b2b781e Route management bug fixes. 2016-09-13 16:25:48 -07:00
Adam Ierymenko
83abc00aae docs 2016-09-13 14:58:59 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
ced8dfc639 Try a version of GitHub issue #385 (non-bifurcated default if not present) on Mac. This version adds the bifurcated routes always but also adds a device-specific non-bifurcated route. Will have to see if this still interferes with OSX route settings, since by definition device specific routes should not conflict with general routes. 2016-09-13 11:07:59 -07:00
Adam Ierymenko
8ef0e4bbaf Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. 2016-09-13 10:46:36 -07:00
Adam Ierymenko
0da9a9a3e0 Set trustEstablished in a few more places. 2016-09-13 10:33:03 -07:00
Adam Ierymenko
cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko
ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko
34b146f28b Back out of GitHub issue #385 for now and maybe for this release. Would be nice but it is non-critical and rules are the priority. Current implementation bangs heads with OSX route assignment on WiFi join, etc. 2016-09-12 14:56:18 -07:00
Adam Ierymenko
fb46a546db Just always do route bifurcation on Linux for now... basically the old behavior. 2016-09-09 12:53:44 -07:00
Adam Ierymenko
debc4c45ee Set trust established flag in MULTICAST_GATHER. 2016-09-09 11:45:34 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00