Commit Graph

288 Commits

Author SHA1 Message Date
Adam Ierymenko
b31071463c Try another NAT traversal improvement. 2015-07-28 11:28:47 -07:00
Adam Ierymenko
821f1f366e Fix to NAT escalation sequence. 2015-07-27 17:34:58 -07:00
Adam Ierymenko
e30ba3e138 Eliminate some aggressive port scanning NAT-t behavior that has proven ineffective. 2015-07-27 16:43:27 -07:00
Adam Ierymenko
fe20f0d7cd Put back legacy code to listen for LAN announcements to support same network location with pre-1.0.4 clients. 2015-07-13 08:33:02 -07:00
Adam Ierymenko
3f567a07ca Save a little bit of RAM by getting rid of overkill CMWC4096 non-crypto PRNG and replacing it with a simple non-crypto PRNG that just uses Salsa20. 2015-07-07 10:49:50 -07:00
Adam Ierymenko
41fc08b330 etherTypeName() is only used in Switch and only with ZT_TRACE 2015-07-07 10:06:05 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
cac55105c3 Fix a regression. 2015-07-06 16:40:23 -07:00
Adam Ierymenko
79e9a8bcc2 Almost everything for GitHub issue #180 except direct path map setup. 2015-07-06 15:28:48 -07:00
Adam Ierymenko
fad9dff2db Almost all of GitHub issue #180 2015-07-06 15:05:04 -07:00
Adam Ierymenko
93bb934d4e Some cleanup, docs, and Path -> Path > RemotePath refactor. 2015-07-06 14:08:13 -07:00
Adam Ierymenko
6bfbc43e3c Include COM with EXT_FRAME in bridged case. 2015-07-06 12:46:27 -07:00
Adam Ierymenko
35b5dcf89d Kill debug line. 2015-07-06 12:39:20 -07:00
Adam Ierymenko
e5f7c55c54 Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch. 2015-07-06 12:34:35 -07:00
Adam Ierymenko
57c7992c78 GitHub issue #191 - kill intra-network multicast rate limits (which were not well supported or easily configurable anyway) -- this is really left over from the old collaborative multicast propagation algorithm. New algorithm (in for a while) has been sender-side replication in which sender "pays" all bandwidth, which intrinsically limits multicast. 2015-06-26 12:36:45 -07:00
Adam Ierymenko
7bae95836c Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address. 2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673 Renamed supernode to rootserver 2015-05-06 12:05:20 +02:00
Adam Ierymenko
5341e32729 Fix to GitHub issue #140 -- network preferred relays. Also go ahead and allow RENDEZVOUS from regular peers. 2015-06-01 19:05:27 -07:00
Adam Ierymenko
960ceb4791 Rest of GitHub issue #140 implementation. 2015-06-01 17:50:44 -07:00
Adam Ierymenko
d8783b14eb Build fix. 2015-05-22 15:46:06 -07:00
Adam Ierymenko
6867922d9e typo 2015-05-22 15:33:33 -07:00
Adam Ierymenko
196f27f1f0 Add delay to NAT-t escalation stuff to try to address GitHub issue #167 2015-05-22 13:11:55 -07:00
Adam Ierymenko
d9006712f6 Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world. 2015-05-21 15:58:26 -07:00
Adam Ierymenko
a1005ca858 Do not unite() peers across different IP scopes as this would pretty much never work. 2015-04-26 16:03:16 -07:00
Adam Ierymenko
98bcc3d4b5 Disable a few noisy TRACEs, and limit how often we confirm new paths to avoid flooding. 2015-04-15 13:15:09 -07:00
Adam Ierymenko
1c9ca73065 Fix some deadlock issues, move awareness of broadcast subscription into core, other bug fixes. 2015-04-15 13:09:20 -07:00
Adam Ierymenko
5e331d6733 Restrict unite() to desperation==0 since NAT-t only works right now with direct links. 2015-04-10 10:13:50 -07:00
Adam Ierymenko
068d311ecc TRACE compile fixes, other fixes, and it basically works! It says HELLO. 2015-04-09 20:54:00 -07:00
Adam Ierymenko
4d5a6a25d3 Add events for packet decode errors, etc., and re-implement TRACE as an event. 2015-04-08 16:49:21 -07:00
Adam Ierymenko
bf2ff964e1 Utils::now() removal and a bunch of compile fixes. 2015-04-08 15:26:45 -07:00
Adam Ierymenko
49f031ccb4 Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc. 2015-04-07 19:31:11 -07:00
Adam Ierymenko
24608d5ca3 Always use HELLO to contact, and we now confirm newly learned paths via a two-way handshake to prevent half-connects. 2015-04-07 12:22:33 -07:00
Adam Ierymenko
197d272287 More NAT strategy cleanup. 2015-04-06 15:08:45 -07:00
Adam Ierymenko
be4683a96d Get rid of random port strategy -- research does not support. 2015-04-06 15:03:08 -07:00
Adam Ierymenko
a95f1e1418 Eliminate redundant SharedPtr assignment. 2015-04-03 17:01:07 -07:00
Adam Ierymenko
6eb9289367 Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch. 2015-04-03 16:52:53 -07:00
Adam Ierymenko
ee0f56355b Send path simplification. 2015-04-03 13:14:37 -07:00
Adam Ierymenko
a69e1876f1 The concept of link desperation (escalating to less desirable transports) simplifies a ton of stuff. Loads of spaghetti logic can die since we no longer have to make these decisions down in the core. 2015-04-02 17:54:56 -07:00
Adam Ierymenko
93012b0ee5 Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware] 2015-02-17 13:11:34 -08:00
Adam Ierymenko
4e95384ad6 Cleanup, add tristate to config code in Network, and happy new year! 2015-01-05 17:47:59 -08:00
Adam Ierymenko
0c85b4ef5f Tweak to symmetric NAT buster to add one to the number of ports above the current one it attempts. 2014-11-20 13:42:18 -08:00
Adam Ierymenko
5bb854e504 Fix a nasty bug introduced in packet fragmentation a while back during refactoring, and a few other things related to multicast. 2014-10-28 17:25:34 -07:00
Adam Ierymenko
4941c8a1f3 New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes. 2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4 Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership. 2014-10-09 12:42:25 -07:00
Adam Ierymenko
2c8321be1f Pull logic to always send new multicasts to supernode since we need to do that differently, re-add support for active bridges, and remove some gratuitous use of std::set where not needed. 2014-10-04 13:15:02 -07:00
Adam Ierymenko
e7c81ef34e Turns out that needed to be a list after all. Also clean up Multicaster::gather(). 2014-10-03 22:03:19 -07:00
Adam Ierymenko
49dc47ff38 Make multicast gathering a bit smarter. 2014-10-02 11:35:37 -07:00
Adam Ierymenko
e1882b614b Some cleanup, Multicaster now sends multicasts as it gets additional members. 2014-10-01 14:05:25 -07:00
Adam Ierymenko
ae082c3cb8 Yay... now everything compiles! Getting close to testing on this. Still have not added backward compatibility support for relaying of multicasts to 0.9.X clients yet but that will be easy. Will test with heterogenous 1.0.0 clients only first. 2014-10-01 12:41:48 -07:00
Adam Ierymenko
8607aa7c3c Everything in for new multicast except IncomingPacket parsing... 2014-09-30 08:38:03 -07:00
Adam Ierymenko
81b12b6826 Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables. 2014-09-24 13:53:03 -07:00
Adam Ierymenko
431476e2e4 Some more multicast algo work... 2014-09-24 13:45:58 -07:00
Adam Ierymenko
557801a09e Rename PacketDecoder to much more descriptive IncomingPacket 2014-09-24 09:04:09 -07:00
Adam Ierymenko
d9abd4d9be Work on defining new direct broadcast multicast algorithm. 2014-09-18 18:28:14 -07:00
Adam Ierymenko
4e9280fc7a Rip out dead "firewall opener" code, replace in pipeline with anti-symmetric-NAT tactics. 2014-09-05 16:23:24 -07:00
Adam Ierymenko
282114e96c Makefile changes, and make Topology::getBestSupernode() return the "next" supernode if I am a supernode. Also some comment cleanup. 2014-08-19 10:09:21 -07:00
Adam Ierymenko
8a804b5257 (1) Disable firewall openers (its easy to re-enable), (2) Do some prep work for making supernode topology hot-updatable. 2014-08-05 14:05:50 -07:00
Adam Ierymenko
88bdb81791 Keep track of basic aliveness for peers regardless if direct or indirect connectivity and use this for multicast propagation. Also consolidate adding of active bridges via the same functor as regular multicast next hops. 2014-06-30 11:31:04 -07:00
Adam Ierymenko
458f6ae7c3 Only add active bridges to top of MC propagation list if they are alive. Otherwise a dead active bridge might kill multicast for us. 2014-06-26 18:13:48 -07:00
Adam Ierymenko
ae7143d693 Comments and cleanup. 2014-06-21 12:19:10 -07:00
Adam Ierymenko
aead1050fb Bridging (GitHub issue #68) does indeed work! Just needed to fix a packet size thinko. 2014-06-21 12:29:33 -04:00
Adam Ierymenko
11e1f7a3fb . 2014-06-21 12:01:26 -04:00
Adam Ierymenko
0b0d5fabac Bridging #68 should work now! 2014-06-21 11:59:08 -04:00
Adam Ierymenko
35aa0921ee . 2014-06-21 11:47:26 -04:00
Adam Ierymenko
2f8936181c Debug code -- temporary. 2014-06-21 08:36:23 -07:00
Adam Ierymenko
5d467f0f45 Some TRACE improvements and comment revs. 2014-06-18 08:25:30 -07:00
Adam Ierymenko
2162a419e3 Some logging fixes. 2014-06-17 13:52:55 -07:00
Adam Ierymenko
6802da457e Bridging pretty much ready to test! Got Switch all wired up. Also fix a latent probably-never-triggered bug in MULTICAST_FRAME handling. GitHub issue #68 2014-06-13 21:06:34 -07:00
Adam Ierymenko
5682f0b772 Some more bridging work... wiring up in Switch - GitHub issue #68 2014-06-13 17:49:33 -07:00
Adam Ierymenko
657f6ae342 Don't transmit broadcasts if enableBroadcast is false on a network. 2014-05-23 19:52:39 -04:00
Adam Ierymenko
beb7b5bbe5 GitHub Issue #69 - make MAC assignment schema differ between virtual networks. 2014-05-23 14:32:31 -07:00
Adam Ierymenko
aee742e767 More toward GitHub issue #56 2014-04-10 16:30:15 -07:00
Adam Ierymenko
c9294c1a78 Prevent recursive transit of ZeroTier packets, toward GitHub issue #56 2014-04-10 14:22:25 -07:00
Adam Ierymenko
b117ff5435 Probable fix for GitHub issue #63 - do not unite() if either path is TCP, since doing so can result in asymmetric failed NAT-t over UDP if one side has a firewall that permits outgoing UDP but not incoming. 2014-04-10 11:17:54 -07:00
Adam Ierymenko
316e8d1939 Build fix. 2014-03-31 22:30:08 -07:00
Adam Ierymenko
f13493edb2 Oops... turns out we need to differentiate incoming from outgoing TCP and indeed learn incoming TCP paths. Otherwise the recipient of a TCP connection does not know to reply via TCP! Heh. 2014-03-31 22:23:55 -07:00
Adam Ierymenko
daaec84c6b Add TCP channel support for supernode list, make Peer pick the first path if all paths are equally dead. 2014-03-26 15:35:15 -07:00
Adam Ierymenko
ab5a460177 Apply multicast rate limits on a network to ourselves and do not send multicasts that would exceed limits, for GitHub issue #55 2014-03-25 21:38:54 -07:00
Adam Ierymenko
6f5a4d7e29 Fix blocking socket issues in new socket I/O code. 2014-03-20 13:21:58 -07:00
Adam Ierymenko
abc82d6a52 IPC changes and SocketManager changes all build! 2014-03-19 13:56:48 -07:00
Adam Ierymenko
91fef21973 More ripping out of old condition stuff. 2014-03-18 12:21:22 -07:00
Adam Ierymenko
b5c3a92be2 Boring stuff: update dates in copyrights across all files. 2014-02-16 12:40:22 -08:00
Adam Ierymenko
5b97bb247e More Windows service work... it builds! Now to do a new installer and test. Also fix a Windows compile warning in Switch.cpp. 2014-02-06 23:12:12 -08:00
Adam Ierymenko
bf5f09a0c7 Yank a code path it turns out we probably don't want. 2014-02-03 10:46:37 -08:00
Adam Ierymenko
525ab3faa9 Take TRACE back out of Mac makefile, fix a few decode little things. 2014-01-30 15:26:12 -08:00
Adam Ierymenko
490e86dde3 Bunch of fixes to startup, pinging, and choice of route. Also some TRACE updates. 2014-01-30 14:23:52 -08:00
Adam Ierymenko
6e076e77d8 More work on connection reset stuff... 2014-01-29 22:04:23 -08:00
Adam Ierymenko
372566295e Alternate order of packet emission in unite(). 2014-01-29 12:11:01 -08:00
Adam Ierymenko
8b65b3e6d7 Yank PROBE stuff since it's not used and was a premature addition to the protocol. 2014-01-28 10:41:43 -08:00
Adam Ierymenko
f80ec871f6 Make EthernetTap creation occur in a background thread in Network since it's a time consuming operation on Windows. This fixes one of the last remaining Windows problems. 2014-01-27 23:13:36 -08:00
Adam Ierymenko
370dd6c4da Several things:
(1) Add a bunch of tedious type casts to eliminate unnecessary compiler warnings on Windows X64 builds.

(2) Some EthernetTap work to integrate Windows custom IOCTL for multicast group lookup (not done quite yet).

(3) Dump some more info in selftest to make sure our Windows path lookup functions are returning sane results.
2014-01-21 13:07:22 -08:00
Adam Ierymenko
10df5dcf70 Fix several things:
(1) The changes to path learning in the two previous releases were poorly thought out,
and this version should remedy that by introducing PROBE. This is basically a kind of
ECHO request and is used to authenticate endpoints that are not learned via a valid
request/response pair. Thus we will still passively learn endpoints, but securely.

(2) Turns out there was a security oversight in _doHELLO() that could have permitted...
well... I'm not sure it was exploitable to do anything particularly interesting since
a bad identity would be discarded anyway, but fix it just the same.
2013-12-31 11:03:45 -08:00
Adam Ierymenko
92969b4426 Fix for GitHub issue #20 (untested) 2013-12-24 10:39:29 -08:00
Adam Ierymenko
942cc0ca21 Certificate of membership works now... had to fix multicast propagation so COM is pushed with multicast, which makes tremendous sense in retrospect. 2013-10-25 14:51:55 -04:00
Adam Ierymenko
03b909603a Clean up the awful Network::Config mess and break that out into NetworkConfig. 2013-10-18 13:20:34 -04:00
Adam Ierymenko
797bba04dd Get rid of not used and maybe never to be used Filter code. 2013-10-17 13:07:53 -04:00
Adam Ierymenko
ce14ba9004 Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones. 2013-10-17 06:41:52 -04:00
Adam Ierymenko
46f868bd4f Lots of cleanup, more work on certificates, some security fixes. 2013-10-16 17:47:26 -04:00
Adam Ierymenko
58fa6cab43 Auto-pushing of membership certs on: MULTICAST_FRAME,FRAME,MULTICAST_LIKE and on receipt of MULTICAST_LIKE. 2013-10-07 17:00:53 -04:00
Adam Ierymenko
c7590634e8 Eliminate a lot of redundant WHOIS requests, clean up WHOIS clutter in TRACE, flesh out multicast tracing a bit. 2013-10-03 14:38:07 -04:00
Adam Ierymenko
58538500f2 Clean up some routine stuff like pings, and stop keeping links open forever even if there are no frames passing between them. 2013-10-02 16:12:10 -04:00
Adam Ierymenko
2cfa76fa8b Multicast propagation is now working from non-supernodes, and working quite well. Time for some more simulation before 0.5.0! 2013-10-02 13:50:42 -04:00
Adam Ierymenko
3443b203e4 Each peer now tracks the last time it announced multicast LIKEs independently and does so frequently enough to prevent expires. Also add a multicast debug facility for use on the testnet. 2013-10-01 16:01:36 -04:00
Adam Ierymenko
9db7939d38 Make new multicast depth and prefix bits parameters configurable. 2013-09-30 13:51:56 -04:00
Adam Ierymenko
4ecb9369b5 Fix for multicast propagation -- supernodes must always keep propagating. Also fix mac-tap build on new version of Xcode CL tools. Must use old llvm-g++ instead of clang for i686 -mkernel. 2013-09-30 11:05:35 -04:00
Adam Ierymenko
0dca9964bf Whew, it builds! 2013-09-27 16:03:13 -04:00
Adam Ierymenko
f9079a110e Make network multicast breadth/depth parameters configurable on a per-net basis. 2013-09-17 16:11:57 -04:00
Adam Ierymenko
0133da1dcd Get rid of onSent(), which was never used consistently anyway. 2013-09-17 15:33:34 -04:00
Adam Ierymenko
e376c6f6a9 New crypto integrated -- going to be testing new identity address generation algo a bit more before finalizing. 2013-09-16 13:57:57 -04:00
Adam Ierymenko
ceb024ab03 Integrating new crypto, work still in progress... 2013-09-16 13:02:10 -04:00
Adam Ierymenko
55e7ddba1e Get a default rate that works for multicast. 2013-09-12 12:11:21 -04:00
Adam Ierymenko
a40b8c07f4 Apply multicast rate limits to my own multicasts. Will run locally and on a variety of system types to test the result of this. 2013-09-07 15:49:38 -04:00
Adam Ierymenko
55616388ea Check network ethernet type whitelist instead of hard-coded ethernet types. 2013-08-28 16:01:27 -04:00
Adam Ierymenko
487eb17ec0 ZeroTierOne for Windows binary project, builds and runs and mostly works but still some issues with tap. 2013-08-26 17:22:20 -04:00
Adam Ierymenko
2efc9b31bd Huge convoluted logic de-tangling in multicast propagation, supernodes now do random propagation for more efficient coverage with less bias in sparse graph cases. 2013-08-21 11:45:06 -04:00
Adam Ierymenko
d6414c9ff7 Windows compiles! (w/Visual Studio 2012) That's about all it does, but it's a start. 2013-08-12 21:25:36 -04:00
Adam Ierymenko
5076c75b07 More Windows port work. 2013-08-12 16:57:34 -04:00
Adam Ierymenko
f5717f4427 Fix a bug and wow, it works. 2013-08-07 11:55:55 -04:00
Adam Ierymenko
e4c5ad9f43 More work on network membership certs, and it builds now. Still in heavy development. 2013-07-29 17:11:00 -04:00
Adam Ierymenko
9cf734b74a Sane-ify Address, get rid of goofy union thingy. 2013-07-25 13:24:39 -04:00
Adam Ierymenko
195ded4608 Cleanup, comments, regularize TRACE messages. 2013-07-13 14:45:39 -04:00
Adam Ierymenko
97cbd98bc5 Compile fixes, integration of fast PRNG. 2013-07-13 14:28:26 -04:00
Adam Ierymenko
aa59c1de10 Bunch of little bug fixes in newly refactored code. 2013-07-12 22:07:48 -04:00
Adam Ierymenko
f934b81703 Several bug fixes in newly refactored code. 2013-07-12 16:40:59 -04:00
Adam Ierymenko
a86e1cdb88 A bit more minor cleanup before testing. 2013-07-11 22:45:12 -04:00
Adam Ierymenko
2510f594e5 It builds now. The Switch object has been put on a diet. Now to test on the testnet before merge to master. 2013-07-11 22:25:12 -04:00
Adam Ierymenko
339b2314ea More work in progress on Switch / PacketDecoder refactor. 2013-07-11 22:06:25 -04:00
Adam Ierymenko
ae93c95151 More major Switch refactor work... still in progress. 2013-07-11 17:52:04 -04:00
Adam Ierymenko
ffad0b2780 Factoring out packet decoder from Switch to put that object on a little bit of a diet. Work in progress, wont build yet. 2013-07-11 16:19:06 -04:00
Adam Ierymenko
bcd079b70e Adding signatures to multicast frames, work in progress, does not build yet 2013-07-10 22:58:43 -04:00
Adam Ierymenko
9e28bbfbb2 Factored out multicast propagation algorithm from Switch and Topology, also cleaned up and clarified it a bit. 2013-07-10 17:24:27 -04:00
Adam Ierymenko
41cd980bf7 Further increase verbosity of TRACE messages for duplicate multicasts 2013-07-09 10:13:13 -04:00
Adam Ierymenko
775fef9ce9 Silly multicast propagation fix: exclude upstream sender to never send duplicate multicasts back to where they came from 2013-07-08 20:53:05 -04:00
Adam Ierymenko
e7f20ad5f9 More filter development. It builds but is not integrated with the rest of the code. 2013-07-08 19:52:40 -04:00
Adam Ierymenko
3397273322 Increase verbosity of TRACE messages for dropped duplicate multicast frames to help debug multicast propagation 2013-07-06 22:18:19 -04:00
Adam Ierymenko
ef08494237 Send HELLO instead of NOP for NAT-t in order to measure latency always. Also prevents a race that can cause the first NAT-t to fail where the NOP arrives before the WHOIS reply from the supernode. Now NAT-t initiators will push their own public keys anyway so that doesnt matter. 2013-07-06 16:20:35 -04:00
Adam Ierymenko
2eaac3891e Enable ff:ff:ff:ff:ff:ff w/no ADI a.k.a. broadcast. YOLO. 2013-07-06 15:56:12 -04:00
Adam Ierymenko
150850b800 New git repository for release - version 0.2.0 tagged 2013-07-04 16:56:19 -04:00