Commit Graph

294 Commits

Author SHA1 Message Date
Adam Ierymenko
a3db7d0728 Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things. 2015-10-01 11:11:52 -07:00
Adam Ierymenko
f69454ec98 (1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses. 2015-09-24 16:21:36 -07:00
Adam Ierymenko
0d386f1c31 Add a bit of useful testing instrumentation to SqliteNetworkController. 2015-09-08 11:35:55 -07:00
Adam Ierymenko
307e44f7c8 Two for one! (std::map removal) 2015-09-04 14:14:32 -07:00
Adam Ierymenko
d1341578d8 ... and another one! 2015-09-04 13:53:48 -07:00
Adam Ierymenko
7b8ce16057 Another std::map<> dies. 2015-09-04 13:42:19 -07:00
Adam Ierymenko
facb009a1d Add security notice to auto-update info in -h output, and fix a missing paren. 2015-07-31 09:50:55 -07:00
Adam Ierymenko
8d09c37140 Remove a bit of redundant logic, and also announce MULTICAST_LIKEs to controllers (for future use). 2015-07-31 09:37:13 -07:00
Adam Ierymenko
3ba54c7e35 Eliminate some poorly thought out optimizations from the netconf/controller interaction,
and go ahead and bump version to 1.0.4.

For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.

Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.

It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.

A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.

I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
2015-07-23 09:50:10 -07:00
Adam Ierymenko
07ea4fd4f9 Fix potential bug in controller config request. 2015-07-07 10:02:48 -07:00
Adam Ierymenko
f398952a6c Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter. 2015-07-07 08:14:41 -07:00
Adam Ierymenko
dbee1b38b3 Fix semantics of std::unique() to actually remove duplicates (hidden memory leak?) 2015-06-29 10:21:28 -07:00
Kees Bos
8a68624dae Fix cert verification check for self signed signatures 2015-06-26 07:22:13 +02:00
Adam Ierymenko
57c7992c78 GitHub issue #191 - kill intra-network multicast rate limits (which were not well supported or easily configurable anyway) -- this is really left over from the old collaborative multicast propagation algorithm. New algorithm (in for a while) has been sender-side replication in which sender "pays" all bandwidth, which intrinsically limits multicast. 2015-06-26 12:36:45 -07:00
Adam Ierymenko
7bae95836c Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address. 2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673 Renamed supernode to rootserver 2015-05-06 12:05:20 +02:00
Adam Ierymenko
960ceb4791 Rest of GitHub issue #140 implementation. 2015-06-01 17:50:44 -07:00
Adam Ierymenko
b3b9af0dd8 Fix for GitHub issue #170 2015-06-01 11:56:15 -07:00
Adam Ierymenko
5e3c6d9e0d Some nodeJS work, and apply fix from GitHub issue #166 plus a small optimization to avoid repeated calls to _allMulticastGroups(). 2015-05-25 14:21:05 -07:00
Adam Ierymenko
bdce679d84 Should fix deadlock issue in GitHub issue #166 2015-05-13 16:55:18 -07:00
Adam Ierymenko
f5848972f9 Windows now builds and runs selftest correctly, and fixed a Windows (and possibly other platforms) issue in Phy<>. 2015-04-24 15:05:28 -07:00
Adam Ierymenko
ea1859541c More cleanup, and fix for the extremely unlikely case of identity collision. 2015-04-15 18:32:25 -07:00
Adam Ierymenko
6369c264e2 Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency. 2015-04-15 15:12:09 -07:00
Adam Ierymenko
1c9ca73065 Fix some deadlock issues, move awareness of broadcast subscription into core, other bug fixes. 2015-04-15 13:09:20 -07:00
Adam Ierymenko
67f1f1892f Bunch of tap stuff, IP address assignment hookups, etc. 2015-04-14 17:57:51 -07:00
Adam Ierymenko
347e98dcd2 Just return files from listDirectory() since that is all we need, fix network request on network restore logic, and remember saved networks in service/One 2015-04-14 15:32:05 -07:00
Adam Ierymenko
49d31613b9 Fix some minor issues, now to reintegrate taps. 2015-04-14 15:16:04 -07:00
Adam Ierymenko
4d5a6a25d3 Add events for packet decode errors, etc., and re-implement TRACE as an event. 2015-04-08 16:49:21 -07:00
Adam Ierymenko
bf2ff964e1 Utils::now() removal and a bunch of compile fixes. 2015-04-08 15:26:45 -07:00
Adam Ierymenko
59af674e74 Announce multicast groups on multicast subscribe. 2015-04-07 19:35:16 -07:00
Adam Ierymenko
76ad19f411 Use binary_search for multicast groups, which are kept in sorted order. 2015-04-06 19:41:55 -07:00
Adam Ierymenko
6807ccd710 Don't need to announce on multicast leave. 2015-04-06 18:28:18 -07:00
Adam Ierymenko
51f46a009a Multicast group join/leave and group membership announcement. 2015-04-06 18:27:24 -07:00
Adam Ierymenko
8001b2c0cb Network now calls port config function as per new API. 2015-04-06 16:52:52 -07:00
Adam Ierymenko
a86300c58f Network build fixes and cleanup of remaining internal references to _tap 2015-04-06 15:47:57 -07:00
Adam Ierymenko
5f51653f9c More cleanup. 2015-04-01 19:16:07 -07:00
Adam Ierymenko
0214dbc277 More cleanup. 2015-04-01 19:15:21 -07:00
Adam Ierymenko
1f28ce3980 Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc. 2015-04-01 19:09:18 -07:00
Adam Ierymenko
fe94c9460b Phy is a better name than Wire, and other cleanup. 2015-03-31 11:52:10 -07:00
Adam Ierymenko
93012b0ee5 Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware] 2015-02-17 13:11:34 -08:00
Adam Ierymenko
0b84c10ccc Add confirmation step to new netconf, with the caveat that it will be disabled for older netconf servers to avoid race. Also add some comments. 2015-01-09 16:35:20 -05:00
Adam Ierymenko
60fb28a90a Cleanup, new C++ netconf code is almost ready to test! 2015-01-06 17:16:54 -08:00
Adam Ierymenko
b644d2a893 Add timestamp field to network config requests. 2015-01-05 17:51:50 -08:00
Adam Ierymenko
4e95384ad6 Cleanup, add tristate to config code in Network, and happy new year! 2015-01-05 17:47:59 -08:00
Adam Ierymenko
7b6f10e859 Optimization: we don't need to verify signatures on certs if they're certs we already have and have verified. 2014-11-13 12:40:51 -08:00
Adam Ierymenko
95f421024a Code cleanup, and fix some unsafe pointer handling in Network. 2014-10-29 13:57:37 -07:00
Adam Ierymenko
a8bd8fff93 Make several changes to eliminate potential deadlock or recursive lock conditions, and add back rescan of multicast groups on network startup. 2014-10-14 16:38:27 -07:00
Adam Ierymenko
a94b0e6a43 Get rid of rescanMulticastGroups() in Network thread since this can deadlock... the fact that this can happen is probably bad design. 2014-10-14 15:58:03 -07:00
Adam Ierymenko
42d644a57e More fixes to legacy support, and to a potential issue on quit. 2014-10-14 12:37:35 -07:00
Adam Ierymenko
03dc823ad7 (1) Back off a little on default max multicast limit since 128 is pretty bandwidth heavy, (2) add a little to default multicast rate limit since new MC algo is fairerererer, (3) decided not to involve netconf masters in multicast so take that out of list of who gets LIKEs. 2014-10-10 12:55:06 -07:00
Adam Ierymenko
d5e0f7e3e4 Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership. 2014-10-09 12:42:25 -07:00
Adam Ierymenko
2c8321be1f Pull logic to always send new multicasts to supernode since we need to do that differently, re-add support for active bridges, and remove some gratuitous use of std::set where not needed. 2014-10-04 13:15:02 -07:00
Adam Ierymenko
496109fdcc Announce multicast group changes on network rescanMulticastGroups() 2014-10-03 18:27:42 -07:00
Adam Ierymenko
aad344bb84 Add test network support to Network. 2014-10-03 16:14:34 -07:00
Adam Ierymenko
e53d208ea4 Improve security posture by eliminating non-const data() accessor from Buffer. 2014-10-02 10:06:29 -07:00
Adam Ierymenko
b41437780b Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket... 2014-09-30 17:26:34 -07:00
Adam Ierymenko
2659427864 Multicaster needs to be global, not per-network, and a bunch of other stuff. 2014-09-30 16:28:25 -07:00
Adam Ierymenko
8607aa7c3c Everything in for new multicast except IncomingPacket parsing... 2014-09-30 08:38:03 -07:00
Adam Ierymenko
2d41055bdc Some Network code cleanup. 2014-09-26 12:23:43 -07:00
Adam Ierymenko
027060dad1 Most of new multicast code builds... now on to packet parsing. 2014-09-25 22:13:31 -07:00
Adam Ierymenko
9e186bbd89 . 2014-09-25 15:57:43 -07:00
Adam Ierymenko
81b12b6826 Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables. 2014-09-24 13:53:03 -07:00
Adam Ierymenko
9180a30986 . 2014-09-24 09:01:58 -07:00
Adam Ierymenko
61d0f27d2a Make MulticastTopology have its own mutex. 2014-09-23 10:26:30 -07:00
Adam Ierymenko
954f9cbc13 Yet more WIP on mulitcast algo... 2014-09-22 13:18:24 -07:00
Adam Ierymenko
d9abd4d9be Work on defining new direct broadcast multicast algorithm. 2014-09-18 18:28:14 -07:00
Adam Ierymenko
d02ecfb288 IP assignment and change cleanup -- leave IPs that were never configured via ZT static assignment alone. 2014-09-05 15:35:09 -07:00
Adam Ierymenko
eadff71d37 Another fix to Network life cycle. 2014-08-21 18:07:27 -07:00
Adam Ierymenko
de4e29288d Fix for crazy Windows threading bug... repeatedly adding and removing a network now doesn't leave networks in limbo. 2014-08-21 17:49:05 -07:00
Adam Ierymenko
f8d4611d15 (1) Tweak LAN locator beacon frequencies, (2) Windows virtual networks
now show up as *real* networks and prompt the user to set their
location and firewall status (public, private, home/work, etc.).

The hack used to achieve #2 should not be examined by children or those
suffering from epilepsy or heart conditions.
2014-08-12 17:20:34 -07:00
Adam Ierymenko
77457cbff1 Windows compile fixes, compiler warning fix, unfreed memory fix in main.c (though it would not have mattered since program exits immediately after). 2014-08-07 19:08:41 -07:00
Adam Ierymenko
adfb71fa6b Compile for for TRACE, remove old TESTNET cruft. 2014-08-07 08:49:43 -07:00
Adam Ierymenko
b80c229d87 Tons of code cleanup, refactor Network to use EthernetTapFactory, probably also fix GitHub issue #90 2014-07-31 14:09:32 -07:00
Adam Ierymenko
45a1e048bb Add enabled/disabled status to network. 2014-06-26 17:05:07 -07:00
Adam Ierymenko
cf4700bc26 Simplify network briding modes -- we only need passive toggle and active bridge list, not three mode types. Also change isOpen to isPublic for terminology consistency. 2014-06-14 20:24:19 +00:00
Adam Ierymenko
08b7bb3c7a Network memory for bridge-side multicast groups that we learn - GitHub issue #68 2014-06-13 14:06:34 -07:00
Adam Ierymenko
d44e1349d8 Bridge routing table - GitHub issue #68 2014-06-10 17:18:59 -07:00
Adam Ierymenko
31ddc49da2 GitHub issue #67 2014-05-23 15:13:34 -07:00
Adam Ierymenko
beb7b5bbe5 GitHub Issue #69 - make MAC assignment schema differ between virtual networks. 2014-05-23 14:32:31 -07:00
Adam Ierymenko
d9836adbf6 .... aaaaaand... GitHub issue #61 was caused by the fact that we were no longer deleting taps on Windows! 2014-04-09 15:34:03 -07:00
Adam Ierymenko
0b8d6c7f4a Builds and runs on Unix with EthernetTap changes, now for Windows... and for what we did this for: a refactor of the Windows tap connector. 2014-04-07 15:39:33 -07:00
Adam Ierymenko
6f5a4d7e29 Fix blocking socket issues in new socket I/O code. 2014-03-20 13:21:58 -07:00
Adam Ierymenko
d0b506c12b Fix crash on uninitialized taps. 2014-03-06 15:11:08 -08:00
Adam Ierymenko
b5c3a92be2 Boring stuff: update dates in copyrights across all files. 2014-02-16 12:40:22 -08:00
Adam Ierymenko
3f912eb4ad Fix for GitHub issue #37: remember *nix device names. 2014-02-11 14:21:59 -08:00
Adam Ierymenko
ffffc0179f Fix a couple compile items. 2014-01-27 23:16:15 -08:00
Adam Ierymenko
f80ec871f6 Make EthernetTap creation occur in a background thread in Network since it's a time consuming operation on Windows. This fixes one of the last remaining Windows problems. 2014-01-27 23:13:36 -08:00
Adam Ierymenko
afbbf61588 Delete persistent tap device on Windows when we leave a network. 2014-01-26 22:47:08 -08:00
Adam Ierymenko
9d67a02b5f Lock down individual files in networks.d instead of directory since directory ACLs are more complex on Windows. 2014-01-26 10:32:12 -08:00
Adam Ierymenko
370dd6c4da Several things:
(1) Add a bunch of tedious type casts to eliminate unnecessary compiler warnings on Windows X64 builds.

(2) Some EthernetTap work to integrate Windows custom IOCTL for multicast group lookup (not done quite yet).

(3) Dump some more info in selftest to make sure our Windows path lookup functions are returning sane results.
2014-01-21 13:07:22 -08:00
Adam Ierymenko
010616e3ae Add some more TRACE output for certs. 2013-10-25 13:43:04 -04:00
Adam Ierymenko
5901972958 More tying up of certificate of membership stuff in the client. 2013-10-24 16:57:26 -04:00
Adam Ierymenko
40e4f39181 Peers are now dumped on shutdown in a persistence cache and reloaded on startup, which is good enough for clients right now. Supernodes will get something else for long-term authoritative identity caching. 2013-10-21 11:15:47 -04:00
Adam Ierymenko
5a8f213c23 Work in progress... 2013-10-18 12:01:48 -04:00
Adam Ierymenko
e6eb65be00 Netconf support for ARP and NDP caching TTLs. 2013-10-17 16:49:31 -04:00
Adam Ierymenko
ce14ba9004 Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones. 2013-10-17 06:41:52 -04:00
Adam Ierymenko
46f868bd4f Lots of cleanup, more work on certificates, some security fixes. 2013-10-16 17:47:26 -04:00
Adam Ierymenko
58fa6cab43 Auto-pushing of membership certs on: MULTICAST_FRAME,FRAME,MULTICAST_LIKE and on receipt of MULTICAST_LIKE. 2013-10-07 17:00:53 -04:00
Adam Ierymenko
4d594b24bc Automagically push netconf certs -- Network support. 2013-10-07 16:13:52 -04:00
Adam Ierymenko
b4ae1adfbf Break out certificate of membership into its own class. 2013-10-07 15:29:03 -04:00
Adam Ierymenko
2fa2796f2a Another tweak, hopefully final, to reduce variance on identity generation times. 2013-10-07 14:31:13 -04:00
Adam Ierymenko
bc715fbd51 Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users. 2013-10-05 14:15:59 -04:00
Adam Ierymenko
ea4e1136dd Flesh out membership certificate with signature, better serialize/deserialize, and rename parameter to qualifier to make better conceptual sense. 2013-10-04 12:24:21 -04:00
Adam Ierymenko
9db7939d38 Make new multicast depth and prefix bits parameters configurable. 2013-09-30 13:51:56 -04:00
Adam Ierymenko
4e010da54b Work in progress... 2013-09-26 17:45:19 -04:00
Adam Ierymenko
24bad9f3d1 More work in progress in new multicast propagation... 2013-09-25 17:41:49 -04:00
Adam Ierymenko
f3128a18fe Work in progress... 2013-09-25 10:55:27 -04:00
Adam Ierymenko
5557a8192d Work in progress... 2013-09-24 17:35:05 -04:00
Adam Ierymenko
157aba5c3f Get rid of 000000000000000.mcerts junk files. 2013-09-17 16:28:17 -04:00
Adam Ierymenko
f9079a110e Make network multicast breadth/depth parameters configurable on a per-net basis. 2013-09-17 16:11:57 -04:00
Adam Ierymenko
b2b24ca41b Some file format cleanup. 2013-09-17 15:46:56 -04:00
Adam Ierymenko
e376c6f6a9 New crypto integrated -- going to be testing new identity address generation algo a bit more before finalizing. 2013-09-16 13:57:57 -04:00
Adam Ierymenko
55e7ddba1e Get a default rate that works for multicast. 2013-09-12 12:11:21 -04:00
Adam Ierymenko
0e62857841 A few logging changes. 2013-09-11 16:32:53 -04:00
Adam Ierymenko
75471ee0e0 Small method rename. 2013-09-11 16:17:51 -04:00
Adam Ierymenko
9cdaefdb9a Drop old Certificate type from Network. 2013-09-11 15:13:05 -04:00
Adam Ierymenko
de744e6df6 Version two of network certificate of membership, a much more concise and fast approach. 2013-09-11 15:09:53 -04:00
Adam Ierymenko
3a563250f7 Finish stripping minBalance from BandwidthAccount 2013-09-10 14:13:04 -04:00
Adam Ierymenko
a40b8c07f4 Apply multicast rate limits to my own multicasts. Will run locally and on a variety of system types to test the result of this. 2013-09-07 15:49:38 -04:00
Adam Ierymenko
cdb96726df updateAndCheckMulticastBalance and friends 2013-09-07 12:23:53 -04:00
Adam Ierymenko
56d8bbf780 Bit more netconf cleanup... 2013-09-06 15:06:51 -04:00
Adam Ierymenko
37931d8589 Multicast bandwidth accounting work in progress, and some config field changes and cleanup. 2013-09-04 09:27:56 -04:00
Adam Ierymenko
f3ad05347e Improve code security posture by replacing sprintf with a safer function. 2013-08-30 17:05:43 -04:00
Adam Ierymenko
55616388ea Check network ethernet type whitelist instead of hard-coded ethernet types. 2013-08-28 16:01:27 -04:00
Adam Ierymenko
01a70d09db Jigger with shutdown method to avoid a crash on CTRL+C in Windows. Feels a big hacky, might revisit later. 2013-08-27 18:00:07 -04:00
Adam Ierymenko
cd907a7662 More tap work -- DHCP configuration and such. 2013-08-27 15:55:32 -04:00
Adam Ierymenko
2536352e5d Make that an arbitrary tag to identify persistent taps... 2013-08-21 08:13:48 -04:00
Adam Ierymenko
dbb509a302 Add an interface description to EthernetTap, mostly for Windows. 2013-08-19 17:44:46 -04:00
Adam Ierymenko
d6414c9ff7 Windows compiles! (w/Visual Studio 2012) That's about all it does, but it's a start. 2013-08-12 21:25:36 -04:00
Adam Ierymenko
95a23dc7ec Fix for another wonderful C++ threading race condition. 2013-08-09 17:20:40 -04:00
Adam Ierymenko
6a24ac4f00 Add a concept of debt to RateLimiter, save a bit of RAM. 2013-08-09 16:36:58 -04:00
Adam Ierymenko
5cabb60a6f Actually report a meaningful network status instead of always OK 2013-08-08 10:41:17 -04:00
Adam Ierymenko
86056fdbd9 Generalize unlink to OS-dep code in Utils, just a little prep for Windows port. 2013-08-08 10:06:39 -04:00
Adam Ierymenko
b342f56bec Network constructor deuglification, remove unused old encrypt/decrypt methods from Identity. 2013-08-06 10:15:05 -04:00
Adam Ierymenko
28a73b620e Bunch more debugging and loop closing on new netconf. 2013-08-06 01:28:56 -04:00
Adam Ierymenko
e73c4cb68b Whole bunch of stuff: netconf, bug fixes, tweaks to ping and firewall opener timing code. 2013-08-06 00:05:39 -04:00
Adam Ierymenko
a7c4cbe53a CLI debugging, got rid of nasty old Thread class and replaced with newer cleaner portable idiom. 2013-08-05 16:06:16 -04:00
Adam Ierymenko
bf5c07f79a Scratch that... more work wiring up netconf. Got to handle OK. 2013-08-03 12:53:46 -04:00
Adam Ierymenko
7e156b2622 Call clean on all networks periodically, generalize Topology clean cycle to an overall clean cycle. 2013-07-30 11:14:53 -04:00
Adam Ierymenko
e4c5ad9f43 More work on network membership certs, and it builds now. Still in heavy development. 2013-07-29 17:11:00 -04:00
Adam Ierymenko
439e602d5a Fix a bunch of errors due to minor method signature changes, still a work in progress. 2013-07-29 16:18:29 -04:00
Adam Ierymenko
a53cfc9096 Network membership certificate work in progress... does not build yet. 2013-07-29 13:56:20 -04:00
Adam Ierymenko
ef3e319c64 Several things:
(1) Probable fix for issue #7 and major cleanup of EthernetTap code with consolidation for all unix-like systems and specialization for different flavors only when needed.

(2) Refactor of Buffer<> to make its members private, and Packet to use Buffer's methods exclusively to access them. This improves clarity and means we're no longer lying about Buffer's role in the code's security posture.

(3) Add -fstack-protect to Makefile to bounds check stack variables.
2013-07-09 14:06:55 -04:00
Adam Ierymenko
150850b800 New git repository for release - version 0.2.0 tagged 2013-07-04 16:56:19 -04:00