Commit Graph

1980 Commits

Author SHA1 Message Date
Joseph Henry
0797adf223
Improve output of bond list command 2022-09-16 13:43:34 -07:00
Joseph Henry
85698860ae Merge branch 'dev-1734-policy-defaults' of https://github.com/grapexy/ZeroTierOne into grapexy-dev-1734-policy-defaults 2022-09-15 16:05:21 -07:00
Joseph Henry
50e131a4ff
Partial fix for discrepancy between docs and implementation 2022-09-15 15:56:23 -07:00
grapexy
b733bb8ead Fix sanity checks overwriting custom policy parameters 2022-09-16 00:18:05 +04:00
Joseph Henry
e18d206248
Add warm spare feature for balance modes 2022-09-14 10:09:29 -07:00
Joseph Henry
66b70a8043
Prevent re-armoring of packets when in multipath broadcast mode 2022-09-07 15:03:02 -07:00
Joseph Henry
1d1843bf3b
Forget links if QoS verbs fail to arrive 2022-09-07 09:08:13 -07:00
Joseph Henry
0e23ba8f1a
Add logic short-circuit to avoid unnecessary bond rebuild logic when appropriate 2022-09-01 15:16:21 -07:00
Joseph Henry
b6074da498
Fix nonsensical equality comparison which may prevent certain links from being regarded as preferred in multipath scenarios 2022-08-29 16:03:48 -07:00
Anders Jenbo
7e92d478a1
Add missing <algorithm> include (#1709)
This is required for building under VS2017
2022-08-29 10:39:04 -07:00
Joseph Henry
ff670d044a
Fix integer format specifier compiler warnings 2022-08-09 21:19:16 -07:00
Joseph Henry
7ed5bde426
Fix for ab-mode link failure, QoS metrics (WIP) 2022-06-08 10:01:54 -07:00
Adam Ierymenko
e672dc8094
Set version to correct 1.10.0. 2022-06-06 16:18:50 -04:00
Joseph Henry
1a400d33fd
Fix link creation bug in active-backup mode 2022-05-18 10:04:53 -07:00
Joseph Henry
c34325fee7
Fix attribute placement for debugging functions (#1587) 2022-05-06 17:25:15 -07:00
Joseph Henry
db8443ef7d
Remove attributes causing build failures on various platforms (#1587) 2022-05-06 15:19:59 -07:00
Joseph Henry
6c85f8c7a7
Safely handle disappearing bonded interfaces (See issue #1587) 2022-05-06 14:59:34 -07:00
David Baird
eea93d2607
Fix SEGV caused by format string on 32-bit platforms / armv7l, reported in #1587 (#1658)
Looks great. Thanks for this!
2022-05-06 09:11:47 -07:00
Joseph Henry
e9f8ecbf7e
Properly initialize active-backup path index as partial fix for #1587 2022-05-04 09:51:48 -07:00
Adam Ierymenko
166c7978ee ALMOST compiles for ARM64 Windows, only remaining barrier is ring in zeroidc. 2022-04-27 12:19:42 -04:00
Joseph Henry
66236e91a2
Style fix 2022-04-26 08:26:45 -07:00
Adam Ierymenko
76bce44280
Build fix. 2022-04-19 21:30:36 -04:00
Adam Ierymenko
ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9. 2022-04-19 21:29:11 -04:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
fe0068da52
A bit more auth cleanup in the local node. 2022-04-19 16:34:46 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff. 2022-04-19 16:06:53 -04:00
Adam Ierymenko
877f86a896
build fix 2022-04-19 12:44:18 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Adam Ierymenko
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes. 2022-04-19 10:37:58 -04:00
Joseph Henry
7e4da53c0b
Check reference to failover path before use in active-backup scenario 2022-04-17 21:03:57 -07:00
Adam Ierymenko
fe376f6a1e
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2022-04-15 14:23:40 -04:00
Adam Ierymenko
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine. 2022-04-15 14:23:26 -04:00
Joseph Henry
99df637aae
Improve relationship between QOS timers and bucket sizes 2022-04-15 09:55:00 -07:00
Adam Ierymenko
a7dcfa18a2
Oops forgot last part of that fix for MAC errors. 2022-04-14 20:13:57 -04:00
Adam Ierymenko
4389b9feff
Likely fix for invalid MAC problem. 2022-04-14 20:10:20 -04:00
Joseph Henry
6f4a69703b
Fix ZT_SSO_SUPPORTED flag behavior. Allow disabling for embedded targets. 2022-03-31 21:45:38 -07:00
Adam Ierymenko
68c9398f71
Merge branch 'master' into dev 2022-03-10 15:48:47 -05:00
Adam Ierymenko
34a64f30de
Bump the peer cache serialization version due to path changes, will cause peers to be re-learned. Technically the peer cache is optional anyway so it's not going to break anything and should guard against weird issues due to path learning changes on restart. 2022-03-09 09:13:26 -05:00
Joseph Henry
3ead6b67cd
Dynamically scale bonded link monitor frequency according to aliveness 2022-03-02 14:58:31 -08:00
Joseph Henry
8148c658cf
Remove bonds for peers that have fully expired. Remove notion of bond health 2022-03-02 09:55:23 -08:00
Joseph Henry
1cf8a1f493
More accurate accounting of bond layer overhead traffic 2022-02-25 15:04:48 -08:00
Joseph Henry
bc2c4cf80a Merge branch 'dev' of https://github.com/zerotier/zerotierone into dev 2022-02-25 11:39:21 -08:00
Joseph Henry
9933d83cf8
Merge pull request #1564 from zerotier/dev-whoami
Proactively seek, and distribute external surface addresses

This patch introduces a new "self-awareness" behavior which proactively queries peers for external surface addresses and distributes them via PUSH_DIRECT_PATHS. This has the effect of making ZT more responsive to interface changes.

Current behavior:

Previously, this type of information was only mediated via RENDEZVOUS and was only triggered when the client detected that it no longer had a single alive path to a peer. While PUSH_DIRECT_PATHS would correctly (and often) send local addresses, this was not the case for external addresses collected from response HELLOs. This would lead to situations where only one physical address would be distributed to peers. Additionally, if a new physical interface were to be made available to the client, the client would correctly bind to it but never seek information about its external mapping from a peer, and thus the new physical interface would remain unavailable for other peers to learn about until all paths on the previous interface have expired which can take a couple of minutes. In traditional usage of ZT this is not usually a problem, but it becomes a problem in the following scenarios:

    Network interfaces go up and down while ZT is running (e.g. switching to LTE or WiFi from a wired connection)
    Network interfaces are added or removed in multipath setups

Proposed behavior:

I propose that normal full HELLOs are sent not only on the first interface in use, but all interfaces. This causes planets to respond with a HELLO containing the surface address for each interface. We then collect each address using SelfAwareness::whoami() and distribute them via the normal PUSH_DIRECT_PATHS mechanism.
2022-02-25 11:30:45 -08:00
Joseph Henry
1918c29fd7
Change ECHO divisor from 20 to 6 2022-02-25 11:29:07 -08:00
Joseph Henry
618202d426
Increase min failover to 500 ms and probe period to 1/3rd of failover 2022-02-25 10:52:39 -08:00
Joseph Henry
d1335dca11
Change ECHO rate-limit divsor from 16 to 20 2022-02-21 16:22:33 -08:00
Joseph Henry
5e13b42abc
Rate gate ECHO per Path instead of per Peer 2022-02-21 14:37:39 -08:00
Joseph Henry
96aa1c30a6
Proactively seek, enumerate, and distribute external surface addresses 2022-02-17 15:39:17 -08:00
Joseph Henry
1b0c183913
Force non-leaf peers into local active-backup bond when multipath is enabled 2022-02-17 15:16:33 -08:00
Joseph Henry
40269c2a97
Comment out debug traces 2022-02-16 20:39:18 -08:00
Adam Ierymenko
3c85a7f074
Rev roots. 2022-02-15 09:13:58 -05:00
Joseph Henry
f9c84c8c52
Remove stray debug trace 2022-02-08 15:32:25 -08:00
Grant Limberg
aa97aabb4e
for now, only enable sso on certain platforms
mac, windows, linux x86/x86_64/aarch64
2022-02-01 11:07:37 -08:00
Joseph Henry
4190318c85
Fix typo in constant name 2022-01-28 10:41:21 -08:00
Joseph Henry
2f554fd6f8
Merge pull request #1552 from Shawn8410/master
FIX: fix wrong flag usage of rateGateCredentialsReceived
2022-01-28 10:12:16 -08:00
Shawn
ae93cccde6 FIX: fix wrong flag usage of rateGateCredentialsReceived 2022-01-27 11:59:21 +08:00
Joseph Henry
46e955e3a1
Split bond logs into two categories to reduce logging size 2022-01-26 15:14:02 -08:00
Joseph Henry
2850f131e2
Fix code style 2022-01-25 18:03:36 -08:00
Grant Limberg
d719137565
temp workaround for oidc auth dropping issue
Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED.  This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
2022-01-20 09:44:56 -08:00
Grant Limberg
dceba1f2f1
Merge branch 'dev' into zeroidc 2022-01-05 08:35:15 -08:00
Grant Limberg
73878fbdc4
Merge pull request #1531 from StephenCWills/mingw32-disable-salsasse
Disable Salsa20 SSE on MinGW 32-bit compiler
2022-01-04 17:42:40 -08:00
staphen
87d17088cc
Disable Salsa20 SSE on MinGW 32-bit compiler 2022-01-04 20:39:08 -05:00
Grant Limberg
cc6c48fca8
Merge pull request #1525 from StephenCWills/lowercase-windows-headers
Use lowercase when including Windows headers
2022-01-04 17:11:51 -08:00
staphen
1c956494a4
Use lowercase when including Windows headers 2021-12-29 16:29:08 -05:00
Grant Limberg
eee31605b1
Merge branch 'dev' into zeroidc 2021-12-15 14:17:26 -08:00
Andrej Binder
aeec7dae36 Prevent arithmetic error on interface change. 2021-12-15 22:22:02 +01:00
Adam Ierymenko
fa58909d44
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-12-15 12:32:41 -05:00
Adam Ierymenko
06ed114fb6
Release notes and GitHub issue #1512 2021-12-15 12:32:28 -05:00
Joseph Henry
bdef9d3bd7
Fix situation where too many ECHOs are sent to multipath peer 2021-12-14 21:20:58 -08:00
Joseph Henry
b154b7296c
Improve multipath logging output 2021-12-14 21:13:19 -08:00
Joseph Henry
1c6fd4125d
Fix custom policy parsing bug mentioned in issue #1507 2021-12-14 11:49:43 -08:00
Joseph Henry
e9375b50b0
Prevent path-amnesia 2021-12-13 11:54:23 -08:00
Joseph Henry
1f43a736b2
Fix active-backup path selection bug 2021-12-09 13:43:52 -08:00
Joseph Henry
05a0a20197
Fix multipath flow reallocation. Prevent allocation to dead paths 2021-12-08 14:32:58 -08:00
Grant Limberg
48b39ab005
removing comments 2021-12-03 17:46:37 -08:00
Grant Limberg
1192b1b422
refresh token run loop
Need central-side work to complete
2021-12-03 15:44:04 -08:00
Grant Limberg
663a09b38d
oidc stuff coming across the wire properly and generating a working login URL 2021-12-01 13:01:32 -08:00
Grant Limberg
eaccce743f
moar plumbing progress 2021-12-01 12:07:05 -08:00
Grant Limberg
7cce23ae79
wip 2021-12-01 10:44:29 -08:00
Grant Limberg
9ef75c0e13
Merge branch 'dev' into zeroidc 2021-11-29 14:12:10 -08:00
Grant Limberg
91e9b736dd
make service objs dependent on zeroidc 2021-11-18 10:42:12 -08:00
Adam Ierymenko
1ef385b685
Spinlock removed, causes long standing issues on single core machines. 2021-11-12 16:44:54 -05:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
4d021e16a5
update field lengths 2021-11-08 09:30:13 -08:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Joseph Henry
cc6de583be
Prevent balance-xor from de-allocating from bad paths 2021-10-20 10:48:07 -07:00
Joseph Henry
9e8de2a702
Compilation fix 2021-10-01 11:19:04 -07:00
Joseph Henry
165757176a
Potential fix fro deadlock bug 2021-10-01 11:11:20 -07:00
Adam Ierymenko
9bc79f94df
Revert "Don't assume roots validated the identity, just in case they did not."
This reverts commit 39b97f9163.
2021-09-20 22:05:49 -04:00
Adam Ierymenko
a0239e17e9
Revert "Use a faster method of fingerprinting identities."
This reverts commit b72e5e8386.
2021-09-20 22:05:39 -04:00
Adam Ierymenko
b72e5e8386
Use a faster method of fingerprinting identities. 2021-09-20 20:02:39 -04:00
Adam Ierymenko
3f49570f45
Remove ancient controller support. 2021-09-20 18:38:29 -04:00
Adam Ierymenko
7c3166e9be
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 18:26:49 -04:00
Adam Ierymenko
39b97f9163
Don't assume roots validated the identity, just in case they did not. 2021-09-20 16:15:59 -04:00
Joseph Henry
ff8044f0c0
Improve multipath startup time 2021-09-10 13:26:29 -07:00
Joseph Henry
e607348c7e
Fix bad index bug (during switching) in balance-rr 2021-09-07 21:41:54 -07:00
Joseph Henry
b6ed919fbc
Call recordOutgoingPacket regardless of policy to generate sufficient entropy for bond layer 2021-09-07 13:44:02 -07:00
Joseph Henry
109252be4e
Remove debug trace 2021-09-06 20:13:13 -07:00
Joseph Henry
a4b98518e3
Nominate newly-learned paths to bond 2021-09-06 15:29:03 -07:00
Joseph Henry
e1af003e4f
Consolidation of multipath logic. Better system separation 2021-09-01 21:37:49 -07:00