Adam Ierymenko
c21882da9c
Put selftest back and turn off tracing in PortMapper.
2015-11-30 16:07:02 -08:00
Adam Ierymenko
6768521330
Ton of uPnP work and adding NAT-PMP support, still testing...
2015-11-30 13:10:22 -08:00
Adam Ierymenko
0d9f33dc4f
Fix: (1) Windows stack overflow due to buffer too large in peer deserialize, (2) clean up some other stuff seen during debugging and reduce the sizes of some buffers due to Windows small stack size, (3) remove a redundant try/catch.
2015-11-13 12:14:28 -08:00
Adam Ierymenko
c9e6e60c09
Handle ZeroTier-RFC4193 IPv6 address NDP queries inline by spoofing responses if the addressing scheme matches -- this allows multicast-free instant lookup of local IPv6 for better performance and reliability.
2015-11-03 10:46:41 -08:00
Adam Ierymenko
1b4cc4af5c
Fix evil bug, and instrument/assert on some other stuff, and a bit of cleanup.
2015-10-30 15:54:40 -07:00
Adam Ierymenko
7295fcfa86
Merge Phy<> from netcon.
2015-10-27 12:50:23 -07:00
Adam Ierymenko
1b1945c63e
Work in progress on refactoring root-topology into World and adding in-band updates.
2015-10-12 18:25:29 -07:00
Adam Ierymenko
0c498556d5
Unroll Salsa20 fully for a little more speed (non-SSE now almost as fast as SSE)
2015-10-09 09:39:27 -07:00
Adam Ierymenko
e5f168f599
Add proof of work request for future DDOS mitigation use.
2015-10-07 13:35:46 -07:00
Adam Ierymenko
477feee8a3
Some work on CIRCUIT_TEST, and a significant speedup to Poly1305.
2015-10-06 17:55:57 -07:00
Adam Ierymenko
9dc2ef5549
Rename some stuff in Phy since it can be used with any stream socket.
2015-09-10 15:55:48 -07:00
Adam Ierymenko
9a723be263
Add socketpair support to Phy.
2015-09-10 13:18:57 -07:00
Adam Ierymenko
da9a720c3f
Hash table bug fix, and add copy constructor and assignment operator for principle of least surprise.
2015-09-03 17:33:06 -07:00
Adam Ierymenko
4838cbc350
Unix domain sockets in Phy<>
2015-09-02 14:32:01 -07:00
Adam Ierymenko
3947807b1f
A simple and fast Hashtable, tested but not yet integrated with anything.
2015-08-27 15:36:13 -07:00
Adam Ierymenko
40d5c79b62
Enable SO_NO_CHECK if available to skip UDP checksum on packet send for slight performance improvement. We do our own cryptographically secure authentication so UDP checksum is worthless.
2015-07-28 10:29:25 -07:00
Adam Ierymenko
d78e3bb307
Disable HTTP test in selftest since it works, and GitHub issue #207 .
2015-07-13 07:42:20 -07:00
Adam Ierymenko
feddd946f9
For curiosity add Salsa20/8 to benchmarks.
2015-07-06 13:51:25 -07:00
Adam Ierymenko
a9a390a930
Apply @marning suggested SSE auto-detect to make builds easier on non-x86 platforms: aa2fd044cb
2015-06-01 19:43:06 -07:00
Adam Ierymenko
61021fc778
BackgroundResolver test.
2015-05-21 14:11:44 -07:00
Adam Ierymenko
2810cd7c15
Build fixes for G++, building without SQLite3 present, and warning removal.
2015-05-17 23:56:47 +00:00
Adam Ierymenko
e94518590d
First stab of PFS design work with PKC security -- may not implement in 1.0.3 but stubbing out.
2015-05-14 17:41:05 -07:00
Adam Ierymenko
f5848972f9
Windows now builds and runs selftest correctly, and fixed a Windows (and possibly other platforms) issue in Phy<>.
2015-04-24 15:05:28 -07:00
Adam Ierymenko
86c87875a7
OSUtils::resolve()
2015-04-20 16:07:38 -07:00
Adam Ierymenko
60f05518aa
(1) now builds and works on Linux, (2) fix a threading problem causing carsh on shutdown, (3) cleanup in selftest, re-enable Phy and Http tests.
2015-04-20 15:12:31 -07:00
Adam Ierymenko
740121504f
Add a timestamp to netconf cache, fix some SQL queries in NC.
2015-04-17 15:21:53 -07:00
Adam Ierymenko
53cbe485f0
Some cleanup, and bite the bullet and go ahead and write a simple Http client. Need a cross-platform built-in one to do cli right.
2015-04-16 14:13:44 -07:00
Adam Ierymenko
6369c264e2
Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency.
2015-04-15 15:12:09 -07:00
Adam Ierymenko
5572b7ffb6
Simplify Phy<> to get rid of more indirections.
2015-04-10 17:07:06 -07:00
Adam Ierymenko
a61acf36d2
osnet -> osdep
2015-03-31 14:11:21 -07:00
Adam Ierymenko
fe94c9460b
Phy is a better name than Wire, and other cleanup.
2015-03-31 11:52:10 -07:00
Adam Ierymenko
3c1a59fa24
Wire selftest, and passes all tests.
2015-03-30 15:37:44 -07:00
Adam Ierymenko
b6241f6cb1
Build fixes.
2015-03-30 13:21:35 -07:00
Adam Ierymenko
cea3f28155
DB init works now.
2015-03-17 16:27:52 -07:00
Adam Ierymenko
93012b0ee5
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
2015-02-17 13:11:34 -08:00
Adam Ierymenko
4e95384ad6
Cleanup, add tristate to config code in Network, and happy new year!
2015-01-05 17:47:59 -08:00
Adam Ierymenko
4a5756e7fb
cleanup
2014-10-21 16:21:45 -07:00
Adam Ierymenko
8d2e20ede6
Get rid of __align stuff in Salsa20 -- not portable, does not seem to help much on newer chips.
2014-09-16 08:53:18 -07:00
Adam Ierymenko
4f0fcc582e
Refactor HttpClient a bit.
2014-08-16 09:08:52 -07:00
Adam Ierymenko
49ef980ecf
Scale back Salsa20 benchmark a bit to not take too long on slow boxes.
2014-07-15 21:02:56 -04:00
Adam Ierymenko
12692c551e
SSE optimized Salsa20 -- anywhere from 20% to 50% faster than plain C version
2014-07-15 17:56:09 -07:00
Adam Ierymenko
7831c4bfef
Cleanup, dead code removal, some pretty insignificant security stuff that's based on recommendations.
2014-04-18 00:14:12 -07:00
Adam Ierymenko
abc82d6a52
IPC changes and SocketManager changes all build!
2014-03-19 13:56:48 -07:00
Adam Ierymenko
b5c3a92be2
Boring stuff: update dates in copyrights across all files.
2014-02-16 12:40:22 -08:00
Adam Ierymenko
370dd6c4da
Several things:
...
(1) Add a bunch of tedious type casts to eliminate unnecessary compiler warnings on Windows X64 builds.
(2) Some EthernetTap work to integrate Windows custom IOCTL for multicast group lookup (not done quite yet).
(3) Dump some more info in selftest to make sure our Windows path lookup functions are returning sane results.
2014-01-21 13:07:22 -08:00
Adam Ierymenko
b59a7cf1d8
HTTP self-test.
2013-12-06 16:27:00 -08:00
Adam Ierymenko
518410b7e0
HTTP client works!
2013-12-06 16:00:12 -08:00
Adam Ierymenko
7015017686
Make Makefile for Mac use clang options instead of old GCC options, and fix a nasty but obvious bug I introduced into Utils::getSecureRandom.
2013-10-28 15:53:40 -04:00
Adam Ierymenko
d496304bbf
Put back rest of selftest.
2013-10-21 15:59:22 -04:00
Adam Ierymenko
719dd2870d
Self-test for certificate of membership.
2013-10-21 15:47:33 -04:00
Adam Ierymenko
c89cdcc3fd
Blech... moving on!
2013-10-20 15:54:32 -04:00
Adam Ierymenko
1ed8a22d19
And then it turns out to be too slow on a slower 32-bit machine... we do want to do tablets eventually.
2013-10-20 15:46:36 -04:00
Adam Ierymenko
bad043729f
Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it.
2013-10-20 15:31:32 -04:00
Adam Ierymenko
8c9b73f67b
Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.
2013-10-18 17:39:48 -04:00
Adam Ierymenko
0c8614b9c6
Add a second arg to idtool generate to make generating both secret and public easier, add new supernode identities after generating them, fix known good and bad IDs in selftest.
2013-10-07 09:36:20 -04:00
Adam Ierymenko
bc715fbd51
Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users.
2013-10-05 14:15:59 -04:00
Adam Ierymenko
0e43e5e8f2
Rest of work on new hashcash based identity scheme.
2013-10-05 07:00:55 -04:00
Adam Ierymenko
b0187f4472
Hashcash-based identity, work in progress... committing to test speed on other boxes.
2013-10-05 06:00:47 -04:00
Adam Ierymenko
141b858737
Self-test fixes for new packet armor/dearmor functions that combine old encrypt and MAC functions.
2013-09-27 16:25:35 -04:00
Adam Ierymenko
903b5b4218
Add validation of known-good identity to selftest to check endian and similar issues across platforms.
2013-09-19 12:57:35 -04:00
Adam Ierymenko
e376c6f6a9
New crypto integrated -- going to be testing new identity address generation algo a bit more before finalizing.
2013-09-16 13:57:57 -04:00
Adam Ierymenko
300d26973a
Test vectors for all new crypto.
2013-09-15 10:41:52 -04:00
Adam Ierymenko
660f92b6a7
Add test vectors for ensuring identical C25519 operation across systems.
2013-09-14 13:51:08 -04:00
Adam Ierymenko
09c8b4bbb3
More new crypto: Ed25519 signatures.
2013-09-13 19:18:01 -04:00
Adam Ierymenko
77965af288
Add new crypto: SHA512 and C25519 -- not integrated yet.
2013-09-13 15:47:00 -04:00
Adam Ierymenko
f3ad05347e
Improve code security posture by replacing sprintf with a safer function.
2013-08-30 17:05:43 -04:00
Adam Ierymenko
9f16707b0b
Cut out tap test code from selftest.
2013-08-25 18:25:22 -04:00
Adam Ierymenko
bbbc032959
Tap works! At least in isolation. Time to create the Windows executable and the Windows service to run it and handle auto-update.
2013-08-25 18:18:02 -04:00
Adam Ierymenko
e2effbd1ce
Tap driver basically builds in VS2012... fork of tap-windows from OpenVPN (compatible license).
2013-08-23 17:39:21 -04:00
Adam Ierymenko
f6e7be102a
Decided to abandon the winpcap direction for Windows tap... re-evaluating using OpenVPN tap driver in some form for now.
2013-08-23 09:50:51 -04:00
Adam Ierymenko
c8213a3f58
Commit of a draft of the pcap-based strategy for a Windows tap. This may, in the end, not work, since winpcap may not support immediate capture and also because some software flags winpcap as malware. Like I said, trying to do anything interesting with Windows is PAIN.
2013-08-22 22:33:32 -04:00
Adam Ierymenko
ca5334509c
Tap now creates Microsoft Loopback Adapter instances and tags them with a special ID... work in progress.
2013-08-22 14:30:55 -04:00
Adam Ierymenko
150a53eb17
Self test almost builds, now need skeleton EthernetTap implementation for Windows.
2013-08-14 11:19:21 -04:00
Adam Ierymenko
fc18334dbb
Version 0.4.3 (the real one): fix Gentoo ip config failures and crashes
...
This version fixes problems with locating the 'ip' command on Gentoo
and possibly other Linux systems, and a problem that could cause a
crash if EthernetTap was unable to locate one of the commands it
invokes to configure IP information on tap devices.
The code also now builds on Windows. It doesn't run yet, but it's a
step. Windows port is in full swing.
Finally, the multicast rate limit defaults were raised a little. More
testing is needed here, and real world measurments.
2013-08-13 15:14:03 -04:00
Adam Ierymenko
f5d77a1bc2
Clean up a bunch of valgrind errors, nix a potentially unsafe op in Buffer assignment operator.
2013-08-12 13:17:03 -04:00
Adam Ierymenko
93a7eef2a5
Replace libcrypto RAND_ with our own to avoid valgrind errors.
2013-08-10 10:27:53 -04:00
Adam Ierymenko
67acba4bc9
Stop using RAND_ in libcrypto for Utils::getSecureRandom() due to annoying valgrind spew from libcrypto use of uninitialized RAM as a random source. Might look into replacing RAND_ in libcrypto with our own simple /dev/urandom / Windows CAPI plugin.
2013-08-10 10:12:16 -04:00
Adam Ierymenko
fb975ead23
Add simple key=value dictionary, sorta like java.util.Properties.
2013-07-27 15:09:51 -04:00
Adam Ierymenko
a816f56426
Dump huffman, doesnt add much and complicates porting to other languages. Also fix compile error in idtool.
2013-07-27 14:01:19 -04:00
Adam Ierymenko
c345c699fd
Self test for command bus encode/decode.
2013-07-18 13:27:46 -04:00
Adam Ierymenko
ef3e319c64
Several things:
...
(1) Probable fix for issue #7 and major cleanup of EthernetTap code with consolidation for all unix-like systems and specialization for different flavors only when needed.
(2) Refactor of Buffer<> to make its members private, and Packet to use Buffer's methods exclusively to access them. This improves clarity and means we're no longer lying about Buffer's role in the code's security posture.
(3) Add -fstack-protect to Makefile to bounds check stack variables.
2013-07-09 14:06:55 -04:00
Adam Ierymenko
150850b800
New git repository for release - version 0.2.0 tagged
2013-07-04 16:56:19 -04:00