Adam Ierymenko
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
2016-09-20 21:21:34 -07:00
Adam Ierymenko
68e549233d
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
2016-09-15 13:17:37 -07:00
Adam Ierymenko
15402933bc
Add physical MTU recommendation hint to network config via API.
2016-09-14 16:55:25 -07:00
Adam Ierymenko
83abc00aae
docs
2016-09-13 14:58:59 -07:00
Adam Ierymenko
ab9afbc749
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
2016-09-08 19:48:05 -07:00
Adam Ierymenko
1f6b13b7fd
Fix bug causing null addresses to get in memberships[] hash.
2016-09-08 16:09:56 -07:00
Adam Ierymenko
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
2016-09-07 15:47:20 -07:00
Adam Ierymenko
20278bb9e4
Also send MULTICAST_LIKEs to controllers.
2016-09-07 15:34:34 -07:00
Adam Ierymenko
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
2016-09-07 15:15:52 -07:00
Adam Ierymenko
eebcf08084
Tweaks to new Path code for dual-stack operation, and other fixes.
2016-09-03 15:39:05 -07:00
Adam Ierymenko
22271f2a49
Cleanup.
2016-09-01 13:36:41 -07:00
Adam Ierymenko
8b6d23b9f6
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
2016-09-01 12:07:17 -07:00
Adam Ierymenko
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
2016-08-31 17:56:59 -07:00
Adam Ierymenko
994b25af4e
Simplify some logic.
2016-08-31 17:45:55 -07:00
Adam Ierymenko
74afef8eb1
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61
rename SAMENESS to DIFFERENCE which is less confusing
2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b
Add overlooked MATCH_ICMP to rule set.
2016-08-31 14:01:15 -07:00
Adam Ierymenko
cb63babac4
Debug output fixes.
2016-08-29 16:38:10 -07:00
Adam Ierymenko
ac1c127b68
Debug output fixes.
2016-08-29 16:24:08 -07:00
Adam Ierymenko
cb82193333
Debug output fixes.
2016-08-29 16:19:26 -07:00
Adam Ierymenko
f0636ffd4a
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
2016-08-29 15:54:06 -07:00
Adam Ierymenko
51a420671f
Make rules engine debug a bit more verbose.
2016-08-29 15:17:34 -07:00
Adam Ierymenko
7223685b96
.
2016-08-26 15:30:20 -07:00
Adam Ierymenko
e7dff1c785
Change logic a little for self-as-destination in TEE and REDIRECT.
2016-08-26 15:28:31 -07:00
Adam Ierymenko
a5383d83d8
Do not TEE or REDIRECT to self.
2016-08-26 15:25:00 -07:00
Adam Ierymenko
fb5217761b
Add missing names in filter debug code.
2016-08-26 13:20:55 -07:00
Adam Ierymenko
90f3e94565
Always output trace info when debugging rules.
2016-08-26 12:21:44 -07:00
Adam Ierymenko
ded5a53a6c
Documentation updates, add rules engine revision to network config request meta-data.
2016-08-26 10:38:43 -07:00
Adam Ierymenko
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
2016-08-25 18:21:20 -07:00
Adam Ierymenko
b5e0d014ab
Controller bug fixes
2016-08-25 16:08:40 -07:00
Adam Ierymenko
5eaf397a94
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
2016-08-25 13:31:23 -07:00
Adam Ierymenko
2cdda38dc4
It basically works... at least on current controllers.
2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
2016-08-24 13:37:57 -07:00
Adam Ierymenko
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
2016-08-23 13:46:36 -07:00
Adam Ierymenko
68b4ca9b31
Cleanup.
2016-08-23 11:52:10 -07:00
Adam Ierymenko
77f7dcf40a
Obsolete "test network" removal.
2016-08-23 09:39:38 -07:00
Adam Ierymenko
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
2016-08-22 18:06:46 -07:00
Adam Ierymenko
7d906df805
Better instrumentation for filter, and filter bug fixes.
2016-08-10 14:27:52 -07:00
Adam Ierymenko
d166b494ee
Rule parse fix.
2016-08-10 13:41:22 -07:00
Adam Ierymenko
c9d7845fea
Minor bug fix and some instrumentation stuff for testing.
2016-08-09 17:00:01 -07:00
Adam Ierymenko
e1310a764a
More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff).
2016-08-09 15:45:26 -07:00
Adam Ierymenko
4d498b3765
Handling of multi-part chunked network configs on the inbound side.
2016-08-09 13:14:38 -07:00
Adam Ierymenko
2ba9343607
Encode and decode of tags and capabilities in NetworkConfig.
2016-08-09 08:32:42 -07:00
Adam Ierymenko
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
2016-08-08 16:50:00 -07:00
Adam Ierymenko
4d7f625aa1
.
2016-08-05 15:55:38 -07:00
Adam Ierymenko
e2f783ebbd
.
2016-08-05 15:02:01 -07:00
Adam Ierymenko
331382cf2f
More cleanup and a tiny federation prep item.
2016-08-04 12:14:13 -07:00
Adam Ierymenko
5cf410490e
.
2016-08-04 10:18:33 -07:00
Adam Ierymenko
7e6e56e2bc
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
2016-08-03 18:04:08 -07:00
Adam Ierymenko
b2d048aa0e
Make Dictionary templatable so it can be used where we want a higher capacity.
2016-06-21 07:32:58 -07:00
Adam Ierymenko
e09c1a1c11
Big refactor mostly builds. We now have a uniform backward compatible netconf.
2016-06-16 12:28:43 -07:00
Adam Ierymenko
4446dbde5e
Big refactor in service code to prep for plumbing through route management.
2016-06-14 10:09:26 -07:00
Adam Ierymenko
9161eebc68
Carry virtual network routes through to API.
2016-06-07 12:15:19 -07:00
Adam Ierymenko
93b673043c
Fix new binary meta-data deserialization and add some debug code (will disable later).
2016-05-16 18:37:37 -07:00
Adam Ierymenko
548730660b
Ready to test whole new netconf refactor.
2016-05-11 10:19:14 -07:00
Adam Ierymenko
8b9519f0af
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
2016-05-06 16:13:11 -07:00
Adam Ierymenko
529515d1d1
Changes to how new-style binary network configs are detected, and a new-style binary serialized meta-data representation.
2016-05-06 13:29:10 -07:00
Adam Ierymenko
59eb09d063
Deserialize new style netconf.
2016-04-26 17:20:31 -07:00
Adam Ierymenko
90e1262a8b
More refactoring to remove old Dictionary dependencies.
2016-04-26 08:20:03 -07:00
Adam Ierymenko
2f18a92e20
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
2016-04-19 12:09:35 -07:00
Adam Ierymenko
51fecc0be9
Refactor Network for new NetworkConfig.
2016-04-12 12:16:29 -07:00
Adam Ierymenko
6f854c8391
NetworkConfig refactor part 1
2016-04-12 12:11:34 -07:00
Adam Ierymenko
4e4fd51117
boring doc stuff
2016-01-12 14:04:55 -08:00
Adam Ierymenko
3883ac08c7
Docs and cleanup.
2016-01-12 13:17:30 -08:00
Adam Ierymenko
d6f0f1a82a
Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup.
2016-01-12 11:34:22 -08:00
Adam Ierymenko
83ef98a9dc
Add a network-associated user ptr in API.
2016-01-12 11:04:35 -08:00
Adam Ierymenko
16bc3e0398
Factor out RemotePath subclass of Path -- no longer needed, just cruft.
2015-10-27 15:00:16 -07:00
Adam Ierymenko
35676217e8
Refactor multicast group announcement to work directly or indirectly.
2015-10-23 14:50:07 -07:00
Adam Ierymenko
7d62dbe9f7
Tune NAT-t keepalives so that timing is better obeyed, clean up a build warning, and fix a potential source of network recursion (though harmless).
2015-10-07 11:57:59 -07:00
Adam Ierymenko
57c857e89a
Fix TRACE output.
2015-10-06 06:57:00 -07:00
Grant Limberg
c16ad053b6
no toString() method on peer. Commenting out for now.
2015-10-02 19:39:46 -07:00
Adam Ierymenko
d6676a9d6c
Always announce multicast groups, not just to peers with direct links, and push network COMs to any MULTICAST_LIKE recipient for future use.
2015-10-01 12:50:19 -07:00
Adam Ierymenko
9405150b11
Restore group announcement on Peer::receive() but centralize packet composition in one place.
2015-10-01 11:37:02 -07:00
Adam Ierymenko
a3db7d0728
Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things.
2015-10-01 11:11:52 -07:00
Adam Ierymenko
f69454ec98
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
2015-09-24 16:21:36 -07:00
Adam Ierymenko
0d386f1c31
Add a bit of useful testing instrumentation to SqliteNetworkController.
2015-09-08 11:35:55 -07:00
Adam Ierymenko
307e44f7c8
Two for one! (std::map removal)
2015-09-04 14:14:32 -07:00
Adam Ierymenko
d1341578d8
... and another one!
2015-09-04 13:53:48 -07:00
Adam Ierymenko
7b8ce16057
Another std::map<> dies.
2015-09-04 13:42:19 -07:00
Adam Ierymenko
facb009a1d
Add security notice to auto-update info in -h output, and fix a missing paren.
2015-07-31 09:50:55 -07:00
Adam Ierymenko
8d09c37140
Remove a bit of redundant logic, and also announce MULTICAST_LIKEs to controllers (for future use).
2015-07-31 09:37:13 -07:00
Adam Ierymenko
3ba54c7e35
Eliminate some poorly thought out optimizations from the netconf/controller interaction,
...
and go ahead and bump version to 1.0.4.
For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.
Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.
It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.
A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.
I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
2015-07-23 09:50:10 -07:00
Adam Ierymenko
07ea4fd4f9
Fix potential bug in controller config request.
2015-07-07 10:02:48 -07:00
Adam Ierymenko
f398952a6c
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
2015-07-07 08:14:41 -07:00
Adam Ierymenko
dbee1b38b3
Fix semantics of std::unique() to actually remove duplicates (hidden memory leak?)
2015-06-29 10:21:28 -07:00
Kees Bos
8a68624dae
Fix cert verification check for self signed signatures
2015-06-26 07:22:13 +02:00
Adam Ierymenko
57c7992c78
GitHub issue #191 - kill intra-network multicast rate limits (which were not well supported or easily configurable anyway) -- this is really left over from the old collaborative multicast propagation algorithm. New algorithm (in for a while) has been sender-side replication in which sender "pays" all bandwidth, which intrinsically limits multicast.
2015-06-26 12:36:45 -07:00
Adam Ierymenko
7bae95836c
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673
Renamed supernode to rootserver
2015-05-06 12:05:20 +02:00
Adam Ierymenko
960ceb4791
Rest of GitHub issue #140 implementation.
2015-06-01 17:50:44 -07:00
Adam Ierymenko
b3b9af0dd8
Fix for GitHub issue #170
2015-06-01 11:56:15 -07:00
Adam Ierymenko
5e3c6d9e0d
Some nodeJS work, and apply fix from GitHub issue #166 plus a small optimization to avoid repeated calls to _allMulticastGroups().
2015-05-25 14:21:05 -07:00
Adam Ierymenko
bdce679d84
Should fix deadlock issue in GitHub issue #166
2015-05-13 16:55:18 -07:00
Adam Ierymenko
f5848972f9
Windows now builds and runs selftest correctly, and fixed a Windows (and possibly other platforms) issue in Phy<>.
2015-04-24 15:05:28 -07:00