Adam Ierymenko
|
07b2a3818c
|
Fix TTL scaling in cert.
|
2016-11-15 14:26:05 -08:00 |
|
Adam Ierymenko
|
15c6e2ec70
|
Fix member deauthorization time threshold bug.
|
2016-11-15 14:06:25 -08:00 |
|
Adam Ierymenko
|
e26bee45fb
|
Multithreading in network controller. Threads are only started if controller is used.
|
2016-11-10 13:57:01 -08:00 |
|
Adam Ierymenko
|
1b10d3413a
|
Use circuit breaker only for requests.
|
2016-11-10 13:08:43 -08:00 |
|
Adam Ierymenko
|
f0fcd222a1
|
Actually push updates when things change.
|
2016-11-10 12:54:43 -08:00 |
|
Adam Ierymenko
|
298e4a9f14
|
Also avoid sending tags and caps to old members since there is no point.
|
2016-11-10 12:33:09 -08:00 |
|
Adam Ierymenko
|
226123ca08
|
Refactor controller to permit sending of pushes as well as just replies to config requests.
|
2016-11-10 11:54:47 -08:00 |
|
Adam Ierymenko
|
5ebf5077f5
|
Log last meta-data in controller, and ease up just a bit on keepalives.
|
2016-11-09 17:11:10 -08:00 |
|
Adam Ierymenko
|
eea712a1ae
|
Field in wrong place fixed.
|
2016-11-09 13:26:14 -08:00 |
|
Adam Ierymenko
|
1ebfca666d
|
Memo-ize some computed stuff to control CPU utilization.
|
2016-11-09 12:34:20 -08:00 |
|
Adam Ierymenko
|
3d948a930e
|
Send a blanket rule to old versions. New versions will still bidirecitonally enforce on the inbound side.
|
2016-11-08 14:24:30 -08:00 |
|
Adam Ierymenko
|
4524899e4d
|
Update LM time on members on request.
|
2016-11-08 12:41:27 -08:00 |
|
Adam Ierymenko
|
360c84e035
|
Minor fixes.
|
2016-11-08 00:05:18 +00:00 |
|
Adam Ierymenko
|
4868d21526
|
Bug fixes in controller refactor.
|
2016-11-07 23:49:03 +00:00 |
|
Adam Ierymenko
|
5f63d5039b
|
Bug fixes, self test of JSONDB disabled by default.
|
2016-11-07 14:01:23 -08:00 |
|
Adam Ierymenko
|
a454a37a6e
|
Self test JSONDB.
|
2016-11-07 13:27:17 -08:00 |
|
Adam Ierymenko
|
a78d7311a6
|
Fix network list API call.
|
2016-11-04 16:23:41 -07:00 |
|
Adam Ierymenko
|
08ff666e99
|
.
|
2016-11-04 16:14:58 -07:00 |
|
Adam Ierymenko
|
0d108d37f6
|
.
|
2016-11-04 16:12:44 -07:00 |
|
Adam Ierymenko
|
cae9041c2a
|
.
|
2016-11-04 15:52:01 -07:00 |
|
Adam Ierymenko
|
330a07a554
|
cleanup
|
2016-11-04 15:48:23 -07:00 |
|
Adam Ierymenko
|
7729cbe313
|
Fix ambiguous error on some compilers.
|
2016-11-04 15:34:49 -07:00 |
|
Adam Ierymenko
|
b03c7b2f30
|
Refactor controller to use split-out DB for better performance and less ugly.
|
2016-11-04 15:18:31 -07:00 |
|
Adam Ierymenko
|
3c00cd0f88
|
Separate out JSON store from controller code.
|
2016-11-03 14:17:46 -07:00 |
|
Grant Limberg
|
8ffae313fd
|
add new files & remove old ones from VS project. Now builds & runs on Windows again
|
2016-11-03 12:10:50 -07:00 |
|
Adam Ierymenko
|
2cb760e0ac
|
Fix ICMP json.
|
2016-10-13 14:14:46 -07:00 |
|
Adam Ierymenko
|
2d6a4e5974
|
cleanup
|
2016-10-13 13:52:45 -07:00 |
|
Adam Ierymenko
|
e2509af163
|
Fix bug in default rules init in new networks.
|
2016-10-12 12:30:32 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
f0794e09b7
|
Controller cleanup.
|
2016-09-30 13:04:26 -07:00 |
|
Adam Ierymenko
|
1eeebba2f7
|
Drop old /active path from network.
|
2016-09-29 17:59:27 -07:00 |
|
Adam Ierymenko
|
2fc3d12fb6
|
Minor tweaks to member code in controller, and fix Linux build.
|
2016-09-29 14:48:39 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
7a00036954
|
Tweak log length to fit JSON for members within two 4096-kb blocks.
|
2016-08-29 18:10:02 -07:00 |
|
Adam Ierymenko
|
914c42537c
|
Type fixes.
|
2016-08-29 17:48:36 -07:00 |
|
Adam Ierymenko
|
77c2bf3ad9
|
Kill dead field from network JSON.
|
2016-08-29 14:47:19 -07:00 |
|
Adam Ierymenko
|
297b1b4258
|
Another tiny API bug fix.
|
2016-08-26 14:16:55 -07:00 |
|
Adam Ierymenko
|
35ac995d05
|
Fix setting of v6AssignMode in controller.
|
2016-08-26 14:04:27 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
858e8c5217
|
one more...
|
2016-08-25 16:28:54 -07:00 |
|
Adam Ierymenko
|
df1ce856c9
|
A little bit more controller code cleanup.
|
2016-08-25 16:25:28 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
1814016eb7
|
Add daemon thread to controller and move network member cache refreshes there.
|
2016-08-25 11:26:45 -07:00 |
|
Adam Ierymenko
|
6ecb42b031
|
docs and null check in controller code
|
2016-08-25 10:46:03 -07:00 |
|
Adam Ierymenko
|
60bc291414
|
Add noAutoAssignIps for member of networks.
|
2016-08-24 17:05:43 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
8d594f8b53
|
cleanup
|
2016-08-23 16:05:10 -07:00 |
|
Adam Ierymenko
|
5f4df0c6a9
|
Controller cleanup and perf improvements.
|
2016-08-23 15:30:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
4dce71879f
|
.
|
2016-08-18 18:18:50 -07:00 |
|
Adam Ierymenko
|
212a5af9a5
|
Capabilities and tags in POST JSON.
|
2016-08-18 14:37:56 -07:00 |
|
Adam Ierymenko
|
1cadbfb4d1
|
Little fixes.
|
2016-08-18 13:47:02 -07:00 |
|
Adam Ierymenko
|
f119c4a456
|
Cache network members for performance, add network non-persisted fields.
|
2016-08-18 12:59:48 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b7ebf6edbf
|
Cleanup and log how member was authorized.
|
2016-08-17 13:54:32 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
168b86fdcd
|
Controller docs and API fix.
|
2016-08-17 12:27:07 -07:00 |
|
Adam Ierymenko
|
a13f4d8353
|
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
|
2016-08-17 10:42:32 -07:00 |
|
Adam Ierymenko
|
cc808cc2dd
|
Rules parsing stuff.
|
2016-08-17 10:25:25 -07:00 |
|
Adam Ierymenko
|
ce001198d8
|
.
|
2016-08-16 16:57:45 -07:00 |
|
Adam Ierymenko
|
c0639ccd37
|
Just about ready to test.
|
2016-08-16 16:46:08 -07:00 |
|
Adam Ierymenko
|
58701c1ca8
|
.
|
2016-08-16 14:08:08 -07:00 |
|
Adam Ierymenko
|
b08ca49580
|
More controller work -- it builds!
|
2016-08-16 14:05:17 -07:00 |
|
Adam Ierymenko
|
bd15262e54
|
Bunch of rule JSON stuff.
|
2016-08-15 18:49:50 -07:00 |
|
Adam Ierymenko
|
3cb2e1197f
|
.
|
2016-08-12 15:32:45 -07:00 |
|
Adam Ierymenko
|
c30f74987f
|
Starting refactor of controller...
|
2016-08-12 11:30:27 -07:00 |
|
Adam Ierymenko
|
22e44c762b
|
More rules engine work: key/value pair matching for microsegmentation.
|
2016-07-28 10:58:10 -07:00 |
|
Adam Ierymenko
|
0e2964261f
|
docs
|
2016-07-08 13:42:04 -07:00 |
|
Adam Ierymenko
|
ffe7d8d024
|
docs
|
2016-07-08 13:40:21 -07:00 |
|
Adam Ierymenko
|
c01ebbcbde
|
docs
|
2016-07-08 13:38:47 -07:00 |
|
Adam Ierymenko
|
a6e5914aa7
|
docs
|
2016-07-08 13:37:51 -07:00 |
|
Adam Ierymenko
|
6d8de214eb
|
Docs and controller API version
|
2016-07-08 13:10:02 -07:00 |
|
Adam Ierymenko
|
2d7c58540f
|
v6AssignMode bug fix
|
2016-07-07 17:05:12 -07:00 |
|
Adam Ierymenko
|
951038a304
|
Ignore /bits in IP assignments and just copy it from the corresponding LAN-local route. Having each managed IP assignment have its own bits field was just a source of user error and poor UX and was completely worthless.
|
2016-07-07 16:28:43 -07:00 |
|
Adam Ierymenko
|
b9329dc49a
|
Fix to IPv6 picking for small ranges.
|
2016-07-07 15:55:40 -07:00 |
|
Adam Ierymenko
|
6e08e1ae97
|
A few controller changes: (1) assign managed IPs that are assigned regardless of "assign mode" which now only controls auto-assignment or special addressing, (2) support proper issuing of managed IPv6 IPs, (3) support IPv6 auto-assign ranges
|
2016-07-07 15:42:10 -07:00 |
|
Adam Ierymenko
|
dd1d2b4d00
|
GitHub issue #343 -- fix authorizedMemberCount
|
2016-07-07 14:49:54 -07:00 |
|
Adam Ierymenko
|
030dfde38e
|
Unused printf removal while we are at it.
|
2016-06-29 18:14:49 -07:00 |
|
Adam Ierymenko
|
bb63646682
|
Fix broken SQL in controller.
|
2016-06-29 11:37:28 -07:00 |
|
Adam Ierymenko
|
d9eacd1616
|
Controller fixes...
|
2016-06-29 17:02:03 +00:00 |
|
Adam Ierymenko
|
0410fd4824
|
Refactor recent member request history to fix performance problem in controller.
|
2016-06-28 12:44:47 -07:00 |
|
Adam Ierymenko
|
12037961ff
|
small perf improvement in sqlite db.
|
2016-06-27 18:48:02 -07:00 |
|
Adam Ierymenko
|
8c572dead1
|
Query optimization.
|
2016-06-27 18:28:18 -07:00 |
|
Adam Ierymenko
|
3ddfebe742
|
dead code removal
|
2016-06-27 17:15:39 -07:00 |
|
Adam Ierymenko
|
972bbb7e06
|
Allow further concurrency on network controller.
|
2016-06-27 17:14:47 -07:00 |
|
Adam Ierymenko
|
3740b83f63
|
Don't back up sqlite db if it hasn't changed to prevent constant thrashing on inactive controllers.
|
2016-06-24 06:53:23 -07:00 |
|
Adam Ierymenko
|
90cdef8400
|
Forgot NDP emulation flag.
|
2016-06-24 06:43:23 -07:00 |
|
Adam Ierymenko
|
ee649ae69a
|
Add 6plane assignment support to network controller, and cleanup.
|
2016-06-24 06:40:50 -07:00 |
|
Adam Ierymenko
|
20d155e630
|
.
|
2016-06-24 05:21:25 -07:00 |
|
Adam Ierymenko
|
b2d048aa0e
|
Make Dictionary templatable so it can be used where we want a higher capacity.
|
2016-06-21 07:32:58 -07:00 |
|
Adam Ierymenko
|
37afa876a7
|
Linux bug fixes, small controller fix.
|
2016-06-17 00:21:58 +00:00 |
|
Adam Ierymenko
|
20d4dada40
|
Refactor controller for new merged format.
|
2016-06-16 16:05:57 -07:00 |
|
Adam Ierymenko
|
769351b30f
|
Fix to routes config in controller API.
|
2016-06-13 15:58:00 -07:00 |
|
Adam Ierymenko
|
734cbb2f1e
|
Controller modifications for default route are ready to test. Will require slight changes in ZeroTier Central when it goes live.
|
2016-06-10 15:58:35 -07:00 |
|
Adam Ierymenko
|
acbe8ad398
|
More controller work, and some RedHat fixes.
|
2016-06-10 08:26:27 -07:00 |
|
Adam Ierymenko
|
9898066b47
|
Remove some deprecated stuff in controller -- not done yet.
|
2016-06-09 11:02:42 -07:00 |
|
Adam Ierymenko
|
7e68791bee
|
Fix include for system json-parser.
|
2016-06-08 12:57:22 -07:00 |
|
Adam Ierymenko
|
683254a0db
|
Don't bother signing if we are not using the legacy netconf.
|
2016-06-07 11:17:38 -07:00 |
|
Adam Ierymenko
|
2885aea65c
|
Only send new format netconf for PV>=6
|
2016-06-07 11:13:18 -07:00 |
|
Adam Ierymenko
|
7ee3743c3d
|
Refactor controller to send both old and new format netconf.
|
2016-05-11 08:49:15 -07:00 |
|
Adam Ierymenko
|
8b9519f0af
|
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
|
2016-05-06 16:13:11 -07:00 |
|
Adam Ierymenko
|
2b3e1d5c10
|
Ignore IP assignment pool ranges that begin with 0.0.0.0 or that contain no IPs.
|
2016-03-24 13:34:01 -07:00 |
|
Adam Ierymenko
|
2c328d61ad
|
Do not auto-assign IP addresses on bridges. IPs can still be assigned manually.
|
2016-03-24 13:32:01 -07:00 |
|
Adam Ierymenko
|
9f31cbd8b8
|
Make /network/???/active return more info.
|
2016-03-17 13:05:51 -07:00 |
|
Adam Ierymenko
|
9b59bcd995
|
Clean controller circuit test memory.
|
2016-02-22 15:48:27 -08:00 |
|
Adam Ierymenko
|
69a438d64d
|
Small tweak to active threshold.
|
2016-02-19 09:10:31 -08:00 |
|
Adam Ierymenko
|
10bb9919f1
|
Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.
|
2016-02-10 09:32:42 -08:00 |
|
Adam Ierymenko
|
69b1da2e1d
|
return 200 instead of 404 when test is fetched
|
2016-02-04 16:27:25 -08:00 |
|
Adam Ierymenko
|
dc3d899e70
|
Return test ID when we post a test.
|
2016-02-04 16:09:26 -08:00 |
|
Adam Ierymenko
|
78c1d9006a
|
flood protection fix
|
2016-02-04 14:39:43 -08:00 |
|
Adam Ierymenko
|
5dad73647d
|
Lengthen backup period again
|
2016-02-04 14:22:54 -08:00 |
|
Adam Ierymenko
|
13b39a0c3e
|
SQLite perf tuning
|
2016-02-04 14:03:37 -08:00 |
|
Adam Ierymenko
|
90801a94d3
|
Track client version and tell whether active nodes support circuit test.
|
2016-02-04 13:38:42 -08:00 |
|
Adam Ierymenko
|
fab6f4450d
|
/active subpath off networks
|
2016-02-04 12:17:55 -08:00 |
|
Adam Ierymenko
|
2e04dc03f2
|
Logging to NodeHistory, SQL queries.
|
2016-02-03 18:10:56 -08:00 |
|
Adam Ierymenko
|
f8eb6b0067
|
Add NodeHistory table on sqlite controller.
|
2016-02-03 13:56:35 -08:00 |
|
Adam Ierymenko
|
9cb4bbe2b8
|
Save test results for circuit tests in memory and then cancel the test and send the results when the test is queried later. This way you can POST a test and then come GET the result at the appointed time.
|
2016-01-26 12:42:44 -08:00 |
|
Ren Jie
|
21656ba015
|
Update controller README.md
Sync make parameter with code.
|
2016-01-12 22:51:08 +08:00 |
|
Adam Ierymenko
|
436c1fac1d
|
Selectively move over changes from "edge" to "dev" excluding netcon.
|
2015-12-21 16:15:39 -08:00 |
|
Adam Ierymenko
|
523412edfb
|
Abort backup in progress if thread is told to shut down.
|
2015-11-03 16:03:00 -08:00 |
|
Adam Ierymenko
|
f7a407ffa0
|
Tweak timings and use lock in backup to make it a bit faster and still permit main thread to work.
|
2015-11-03 15:56:24 -08:00 |
|
Adam Ierymenko
|
7903f24a8f
|
Create periodic backup copies of controller.db in network controller from the main process itself to facilitate easier and safer backups of controller.db.
|
2015-11-03 15:52:10 -08:00 |
|
Adam Ierymenko
|
eff1fe3c61
|
Create files for each hop (more convenient) and fix a packet parse bug.
|
2015-10-09 16:22:34 -07:00 |
|
Adam Ierymenko
|
7d01fab132
|
Reorg fields to be in same order as FS scheme.
|
2015-10-09 15:18:01 -07:00 |
|
Adam Ierymenko
|
aec13b50fd
|
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
|
2015-10-09 15:05:26 -07:00 |
|
Adam Ierymenko
|
a95fa379cc
|
Circuit tests basically work but need some tweaks, and fix some issues found with valgrind.
|
2015-10-09 14:51:38 -07:00 |
|
Adam Ierymenko
|
6b5bb0b278
|
Eliminate format string warnings.
|
2015-10-09 12:22:13 -07:00 |
|
Adam Ierymenko
|
59da8b2a4b
|
Logging of circuit test results to disk.
|
2015-10-08 15:44:06 -07:00 |
|
Adam Ierymenko
|
a3876353ca
|
Abiltiy to post a test via the controller web API, and parsing of CIRCUIT_TEST_REPORT messages.
|
2015-10-08 13:25:38 -07:00 |
|
Adam Ierymenko
|
7394ec6f6a
|
Prep in controller code to run tests.
|
2015-10-06 15:56:18 -07:00 |
|
Adam Ierymenko
|
a7bd1eaa40
|
Never assign v4 IPs ending in .255 even within range.
|
2015-09-28 15:28:30 -07:00 |
|
Adam Ierymenko
|
ddf3d1f949
|
Controller side support for IPv6 assignment.
|
2015-09-18 13:35:00 -07:00 |
|
Adam Ierymenko
|
610ab0750c
|
Drop Sqlite-based Log table for now and switch to an in-memory log for recent activity. Log table gets too big on busy nodes. Should probably support push of events to some kind of event system later.
|
2015-09-15 10:59:23 -07:00 |
|
Adam Ierymenko
|
ef316ced3b
|
Fix JSON.
|
2015-09-14 11:59:43 -07:00 |
|