Adam Ierymenko
988049f39b
Add new rule to rules engine: random match.
2016-09-30 14:07:00 -07:00
Adam Ierymenko
f0794e09b7
Controller cleanup.
2016-09-30 13:04:26 -07:00
Adam Ierymenko
1eeebba2f7
Drop old /active path from network.
2016-09-29 17:59:27 -07:00
Adam Ierymenko
2fc3d12fb6
Minor tweaks to member code in controller, and fix Linux build.
2016-09-29 14:48:39 -07:00
Adam Ierymenko
7e4b6b594b
It now builds.
2016-09-26 17:05:39 -07:00
Adam Ierymenko
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
Adam Ierymenko
68e549233d
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
2016-09-15 13:17:37 -07:00
Adam Ierymenko
ab9afbc749
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
2016-09-09 11:36:10 -07:00
Adam Ierymenko
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
Adam Ierymenko
c9ee8612e4
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
2016-09-07 12:12:52 -07:00
Adam Ierymenko
74afef8eb1
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61
rename SAMENESS to DIFFERENCE which is less confusing
2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b
Add overlooked MATCH_ICMP to rule set.
2016-08-31 14:01:15 -07:00
Adam Ierymenko
7a00036954
Tweak log length to fit JSON for members within two 4096-kb blocks.
2016-08-29 18:10:02 -07:00
Adam Ierymenko
914c42537c
Type fixes.
2016-08-29 17:48:36 -07:00
Adam Ierymenko
77c2bf3ad9
Kill dead field from network JSON.
2016-08-29 14:47:19 -07:00
Adam Ierymenko
297b1b4258
Another tiny API bug fix.
2016-08-26 14:16:55 -07:00
Adam Ierymenko
35ac995d05
Fix setting of v6AssignMode in controller.
2016-08-26 14:04:27 -07:00
Adam Ierymenko
ded5a53a6c
Documentation updates, add rules engine revision to network config request meta-data.
2016-08-26 10:38:43 -07:00
Adam Ierymenko
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
2016-08-25 18:21:20 -07:00
Adam Ierymenko
858e8c5217
one more...
2016-08-25 16:28:54 -07:00
Adam Ierymenko
df1ce856c9
A little bit more controller code cleanup.
2016-08-25 16:25:28 -07:00
Adam Ierymenko
b5e0d014ab
Controller bug fixes
2016-08-25 16:08:40 -07:00
Adam Ierymenko
5eaf397a94
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
2016-08-25 13:31:23 -07:00
Adam Ierymenko
1814016eb7
Add daemon thread to controller and move network member cache refreshes there.
2016-08-25 11:26:45 -07:00
Adam Ierymenko
6ecb42b031
docs and null check in controller code
2016-08-25 10:46:03 -07:00
Adam Ierymenko
60bc291414
Add noAutoAssignIps for member of networks.
2016-08-24 17:05:43 -07:00
Adam Ierymenko
ccea3d04d6
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
2016-08-24 13:37:57 -07:00
Adam Ierymenko
8d594f8b53
cleanup
2016-08-23 16:05:10 -07:00
Adam Ierymenko
5f4df0c6a9
Controller cleanup and perf improvements.
2016-08-23 15:30:36 -07:00
Adam Ierymenko
32fa061700
Compute credential TTL et al.
2016-08-23 13:02:59 -07:00
Adam Ierymenko
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
2016-08-22 18:06:46 -07:00
Adam Ierymenko
b0d888d235
Signing of Capability and Tag objects.
2016-08-22 14:25:59 -07:00
Adam Ierymenko
4dce71879f
.
2016-08-18 18:18:50 -07:00
Adam Ierymenko
212a5af9a5
Capabilities and tags in POST JSON.
2016-08-18 14:37:56 -07:00
Adam Ierymenko
1cadbfb4d1
Little fixes.
2016-08-18 13:47:02 -07:00
Adam Ierymenko
f119c4a456
Cache network members for performance, add network non-persisted fields.
2016-08-18 12:59:48 -07:00
Adam Ierymenko
faa9a06bf5
Controller fixes...
2016-08-17 17:37:37 -07:00
Adam Ierymenko
b7ebf6edbf
Cleanup and log how member was authorized.
2016-08-17 13:54:32 -07:00
Adam Ierymenko
b72847d504
Finally implement network join auth tokens, at least at the protocol level.
2016-08-17 13:41:45 -07:00
Adam Ierymenko
168b86fdcd
Controller docs and API fix.
2016-08-17 12:27:07 -07:00
Adam Ierymenko
a13f4d8353
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
2016-08-17 10:42:32 -07:00
Adam Ierymenko
cc808cc2dd
Rules parsing stuff.
2016-08-17 10:25:25 -07:00
Adam Ierymenko
ce001198d8
.
2016-08-16 16:57:45 -07:00
Adam Ierymenko
c0639ccd37
Just about ready to test.
2016-08-16 16:46:08 -07:00
Adam Ierymenko
58701c1ca8
.
2016-08-16 14:08:08 -07:00
Adam Ierymenko
b08ca49580
More controller work -- it builds!
2016-08-16 14:05:17 -07:00
Adam Ierymenko
bd15262e54
Bunch of rule JSON stuff.
2016-08-15 18:49:50 -07:00
Adam Ierymenko
3cb2e1197f
.
2016-08-12 15:32:45 -07:00
Adam Ierymenko
c30f74987f
Starting refactor of controller...
2016-08-12 11:30:27 -07:00
Adam Ierymenko
22e44c762b
More rules engine work: key/value pair matching for microsegmentation.
2016-07-28 10:58:10 -07:00
Adam Ierymenko
0e2964261f
docs
2016-07-08 13:42:04 -07:00
Adam Ierymenko
ffe7d8d024
docs
2016-07-08 13:40:21 -07:00
Adam Ierymenko
c01ebbcbde
docs
2016-07-08 13:38:47 -07:00
Adam Ierymenko
a6e5914aa7
docs
2016-07-08 13:37:51 -07:00
Adam Ierymenko
6d8de214eb
Docs and controller API version
2016-07-08 13:10:02 -07:00
Adam Ierymenko
2d7c58540f
v6AssignMode bug fix
2016-07-07 17:05:12 -07:00
Adam Ierymenko
951038a304
Ignore /bits in IP assignments and just copy it from the corresponding LAN-local route. Having each managed IP assignment have its own bits field was just a source of user error and poor UX and was completely worthless.
2016-07-07 16:28:43 -07:00
Adam Ierymenko
b9329dc49a
Fix to IPv6 picking for small ranges.
2016-07-07 15:55:40 -07:00
Adam Ierymenko
6e08e1ae97
A few controller changes: (1) assign managed IPs that are assigned regardless of "assign mode" which now only controls auto-assignment or special addressing, (2) support proper issuing of managed IPv6 IPs, (3) support IPv6 auto-assign ranges
2016-07-07 15:42:10 -07:00
Adam Ierymenko
dd1d2b4d00
GitHub issue #343 -- fix authorizedMemberCount
2016-07-07 14:49:54 -07:00
Adam Ierymenko
030dfde38e
Unused printf removal while we are at it.
2016-06-29 18:14:49 -07:00
Adam Ierymenko
bb63646682
Fix broken SQL in controller.
2016-06-29 11:37:28 -07:00
Adam Ierymenko
d9eacd1616
Controller fixes...
2016-06-29 17:02:03 +00:00
Adam Ierymenko
0410fd4824
Refactor recent member request history to fix performance problem in controller.
2016-06-28 12:44:47 -07:00
Adam Ierymenko
12037961ff
small perf improvement in sqlite db.
2016-06-27 18:48:02 -07:00
Adam Ierymenko
8c572dead1
Query optimization.
2016-06-27 18:28:18 -07:00
Adam Ierymenko
3ddfebe742
dead code removal
2016-06-27 17:15:39 -07:00
Adam Ierymenko
972bbb7e06
Allow further concurrency on network controller.
2016-06-27 17:14:47 -07:00
Adam Ierymenko
3740b83f63
Don't back up sqlite db if it hasn't changed to prevent constant thrashing on inactive controllers.
2016-06-24 06:53:23 -07:00
Adam Ierymenko
90cdef8400
Forgot NDP emulation flag.
2016-06-24 06:43:23 -07:00
Adam Ierymenko
ee649ae69a
Add 6plane assignment support to network controller, and cleanup.
2016-06-24 06:40:50 -07:00
Adam Ierymenko
20d155e630
.
2016-06-24 05:21:25 -07:00
Adam Ierymenko
b2d048aa0e
Make Dictionary templatable so it can be used where we want a higher capacity.
2016-06-21 07:32:58 -07:00
Adam Ierymenko
37afa876a7
Linux bug fixes, small controller fix.
2016-06-17 00:21:58 +00:00
Adam Ierymenko
20d4dada40
Refactor controller for new merged format.
2016-06-16 16:05:57 -07:00
Adam Ierymenko
769351b30f
Fix to routes config in controller API.
2016-06-13 15:58:00 -07:00
Adam Ierymenko
734cbb2f1e
Controller modifications for default route are ready to test. Will require slight changes in ZeroTier Central when it goes live.
2016-06-10 15:58:35 -07:00
Adam Ierymenko
acbe8ad398
More controller work, and some RedHat fixes.
2016-06-10 08:26:27 -07:00
Adam Ierymenko
9898066b47
Remove some deprecated stuff in controller -- not done yet.
2016-06-09 11:02:42 -07:00
Adam Ierymenko
7e68791bee
Fix include for system json-parser.
2016-06-08 12:57:22 -07:00
Adam Ierymenko
683254a0db
Don't bother signing if we are not using the legacy netconf.
2016-06-07 11:17:38 -07:00
Adam Ierymenko
2885aea65c
Only send new format netconf for PV>=6
2016-06-07 11:13:18 -07:00
Adam Ierymenko
7ee3743c3d
Refactor controller to send both old and new format netconf.
2016-05-11 08:49:15 -07:00
Adam Ierymenko
8b9519f0af
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
2016-05-06 16:13:11 -07:00
Adam Ierymenko
2b3e1d5c10
Ignore IP assignment pool ranges that begin with 0.0.0.0 or that contain no IPs.
2016-03-24 13:34:01 -07:00
Adam Ierymenko
2c328d61ad
Do not auto-assign IP addresses on bridges. IPs can still be assigned manually.
2016-03-24 13:32:01 -07:00
Adam Ierymenko
9f31cbd8b8
Make /network/???/active return more info.
2016-03-17 13:05:51 -07:00
Adam Ierymenko
9b59bcd995
Clean controller circuit test memory.
2016-02-22 15:48:27 -08:00
Adam Ierymenko
69a438d64d
Small tweak to active threshold.
2016-02-19 09:10:31 -08:00
Adam Ierymenko
10bb9919f1
Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.
2016-02-10 09:32:42 -08:00
Adam Ierymenko
69b1da2e1d
return 200 instead of 404 when test is fetched
2016-02-04 16:27:25 -08:00
Adam Ierymenko
dc3d899e70
Return test ID when we post a test.
2016-02-04 16:09:26 -08:00
Adam Ierymenko
78c1d9006a
flood protection fix
2016-02-04 14:39:43 -08:00
Adam Ierymenko
5dad73647d
Lengthen backup period again
2016-02-04 14:22:54 -08:00
Adam Ierymenko
13b39a0c3e
SQLite perf tuning
2016-02-04 14:03:37 -08:00
Adam Ierymenko
90801a94d3
Track client version and tell whether active nodes support circuit test.
2016-02-04 13:38:42 -08:00
Adam Ierymenko
fab6f4450d
/active subpath off networks
2016-02-04 12:17:55 -08:00
Adam Ierymenko
2e04dc03f2
Logging to NodeHistory, SQL queries.
2016-02-03 18:10:56 -08:00
Adam Ierymenko
f8eb6b0067
Add NodeHistory table on sqlite controller.
2016-02-03 13:56:35 -08:00
Adam Ierymenko
9cb4bbe2b8
Save test results for circuit tests in memory and then cancel the test and send the results when the test is queried later. This way you can POST a test and then come GET the result at the appointed time.
2016-01-26 12:42:44 -08:00
Ren Jie
21656ba015
Update controller README.md
...
Sync make parameter with code.
2016-01-12 22:51:08 +08:00
Adam Ierymenko
436c1fac1d
Selectively move over changes from "edge" to "dev" excluding netcon.
2015-12-21 16:15:39 -08:00
Adam Ierymenko
523412edfb
Abort backup in progress if thread is told to shut down.
2015-11-03 16:03:00 -08:00
Adam Ierymenko
f7a407ffa0
Tweak timings and use lock in backup to make it a bit faster and still permit main thread to work.
2015-11-03 15:56:24 -08:00
Adam Ierymenko
7903f24a8f
Create periodic backup copies of controller.db in network controller from the main process itself to facilitate easier and safer backups of controller.db.
2015-11-03 15:52:10 -08:00
Adam Ierymenko
eff1fe3c61
Create files for each hop (more convenient) and fix a packet parse bug.
2015-10-09 16:22:34 -07:00
Adam Ierymenko
7d01fab132
Reorg fields to be in same order as FS scheme.
2015-10-09 15:18:01 -07:00
Adam Ierymenko
aec13b50fd
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
2015-10-09 15:05:26 -07:00
Adam Ierymenko
a95fa379cc
Circuit tests basically work but need some tweaks, and fix some issues found with valgrind.
2015-10-09 14:51:38 -07:00
Adam Ierymenko
6b5bb0b278
Eliminate format string warnings.
2015-10-09 12:22:13 -07:00
Adam Ierymenko
59da8b2a4b
Logging of circuit test results to disk.
2015-10-08 15:44:06 -07:00
Adam Ierymenko
a3876353ca
Abiltiy to post a test via the controller web API, and parsing of CIRCUIT_TEST_REPORT messages.
2015-10-08 13:25:38 -07:00
Adam Ierymenko
7394ec6f6a
Prep in controller code to run tests.
2015-10-06 15:56:18 -07:00
Adam Ierymenko
a7bd1eaa40
Never assign v4 IPs ending in .255 even within range.
2015-09-28 15:28:30 -07:00
Adam Ierymenko
ddf3d1f949
Controller side support for IPv6 assignment.
2015-09-18 13:35:00 -07:00
Adam Ierymenko
610ab0750c
Drop Sqlite-based Log table for now and switch to an in-memory log for recent activity. Log table gets too big on busy nodes. Should probably support push of events to some kind of event system later.
2015-09-15 10:59:23 -07:00
Adam Ierymenko
ef316ced3b
Fix JSON.
2015-09-14 11:59:43 -07:00
Adam Ierymenko
cd005341c5
Extra statement to clean up Members -- cascade did not seem to work, possibly due to dual key.
2015-09-11 15:02:26 -07:00
Adam Ierymenko
a35fa7ac93
Add expansion of netconf in _test field.
2015-09-10 15:14:10 -07:00
Adam Ierymenko
bebe3d7cfa
Fix deadlock in test mode.
2015-09-10 14:47:04 -07:00
Adam Ierymenko
1f7a41cff8
Fix to allowing identity to be populated if not present.
2015-09-10 14:37:34 -07:00
Adam Ierymenko
4fbcad2468
Allow identity to be populated for newly inserted Member objects to permit transfer from old network controller and testing.
2015-09-08 13:02:42 -07:00
Adam Ierymenko
0d386f1c31
Add a bit of useful testing instrumentation to SqliteNetworkController.
2015-09-08 11:35:55 -07:00
Adam Ierymenko
2aa1b5d9b7
Add clock helper field to both member and network to permit time duration calculation easily.
2015-08-24 12:44:07 -07:00
Adam Ierymenko
9a5be0a092
typo
2015-08-24 11:24:33 -07:00
Adam Ierymenko
4da794b389
Add authorizedMemberCount to controller network config records.
2015-08-19 11:43:56 -07:00
Adam Ierymenko
0a5429cab0
Lookup of member must be a left outer join in case the member is being manually inserted before we see the node.
2015-08-17 21:08:02 +00:00
Adam Ierymenko
fcc5bf1e66
Go ahead and spec out controller DB support for AuthToken -- GitHub issue #211 -- even though full implementation won't make it into 1.0.4.
2015-07-29 15:09:23 -07:00
Adam Ierymenko
d57ea671d7
Add version to log.
2015-07-24 09:59:17 -07:00
Adam Ierymenko
d647a587a1
(1) Fix updating of network revision counter on member change.
...
(2) Go back to timestamp as certificate revision number. This is simpler
and more robust than using the network revision number for this and
forcing network revision fast-forward, which could cause some peers
to fall off the horizon when you don't want them to.
2015-07-23 17:18:20 -07:00
Adam Ierymenko
b3516c599b
Add a rate limiting circuit breaker to the network controller to prevent flooding attacks and race conditions.
2015-07-23 10:10:17 -07:00
Adam Ierymenko
3ba54c7e35
Eliminate some poorly thought out optimizations from the netconf/controller interaction,
...
and go ahead and bump version to 1.0.4.
For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.
Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.
It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.
A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.
I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
2015-07-23 09:50:10 -07:00
Adam Ierymenko
e2a2993b18
Add a Log table to log queries for debugging and security logging. No JSON API support for querying the log yet, but will probably come via /network/###/member/###/log/... or something.
2015-07-22 14:01:49 -07:00
Kees Bos
53c7f61f98
Fix for output of empty (no members) network
2015-07-05 13:27:27 +02:00
Adam Ierymenko
7c761dea72
Fix to member listing: I wanted an object with member IDs as keys and member revisions as values, not an array.
2015-07-21 14:12:22 -07:00
Adam Ierymenko
3f8a5b8b76
List members in the form of a hash of member ID and member revision so code can quickly detect which members have changed.
2015-07-21 13:38:59 -07:00
Adam Ierymenko
a061aa3d87
Remove "members" from Network record and instead enumerate members via specific query to /network/nwid/member sub-path. More RESTful, scalable, and compatible with how OnePoint code works.
2015-07-21 12:57:01 -07:00
Adam Ierymenko
b343eac10d
Fix IP auto-assign bug due to missing subnet routes.
2015-07-21 12:42:43 -07:00
Adam Ierymenko
649a12472b
Report controllerInstanceId in all objects so that controller resets can be easily detected by whatever is using the service.
2015-07-21 10:39:29 -07:00
Adam Ierymenko
cac6be87ba
Fix bug in rules JSON output.
2015-07-20 16:31:37 -07:00
Adam Ierymenko
38d34a7495
Proper handling of NULL entry for etherType in rules table.
2015-07-20 15:11:53 -07:00
Adam Ierymenko
fb4c3dd8d4
Fix string overwrite bug.
2015-07-20 14:31:33 -07:00
Adam Ierymenko
1ffd67e014
Get rid of false foreign key in Relay.
2015-07-20 14:28:30 -07:00
Adam Ierymenko
bca8886ff8
IP assignment pool range bug fix.
2015-07-17 15:09:28 -07:00
Adam Ierymenko
1f7bb67069
Fix some SQL and make instanceId more robustly random.
2015-07-17 13:09:53 -07:00
Adam Ierymenko
712e2785f2
Fix bad JSON in response.
2015-07-17 12:24:42 -07:00
Adam Ierymenko
5515909c1e
Add a concept of an "instanceId" to the controller, which the OnePoint can use to determine whether it is the same running database instance it already knows.
2015-07-17 10:47:21 -07:00
Adam Ierymenko
0db7c94c90
Add memberRevision stuff to JSON output, and update docs.
2015-07-16 17:42:47 -07:00