ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-19 04:57:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,861 Commits 15 Branches 105 Tags 179 MiB
5e6eae620b
Commit Graph

107 Commits

Author SHA1 Message Date
Adam Ierymenko
3adb183c5f Fix bad COM attachment bug and eliminate an unnecessary redundant check. 2015-10-19 13:38:27 -07:00
Adam Ierymenko
95953b48f9 Do not allow VERB_RENDEZVOUS from non-upstream peers to block potential DOS vector. 2015-10-19 12:56:29 -07:00
Adam Ierymenko
5ce3aac929 Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation. 2015-10-16 10:28:09 -07:00
Adam Ierymenko
2debde3451 GitHub issue #235, and I also see no reason not to communicate with people from other Worlds. 2015-10-15 07:22:17 -07:00
Adam Ierymenko
c312ae221f Fix for world size in OK(HELLO) 2015-10-14 10:45:33 -07:00
Adam Ierymenko
123c466843 Full integration of World and World updates. 2015-10-13 12:17:47 -07:00
Adam Ierymenko
5d2f523e81 World stuff... 2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1 More World stuff, and mkworld. 2015-10-13 08:49:36 -07:00
Adam Ierymenko
1b1945c63e Work in progress on refactoring root-topology into World and adding in-band updates. 2015-10-12 18:25:29 -07:00
Adam Ierymenko
eff1fe3c61 Create files for each hop (more convenient) and fix a packet parse bug. 2015-10-09 16:22:34 -07:00
Adam Ierymenko
aec13b50fd Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history. 2015-10-09 15:05:26 -07:00
Adam Ierymenko
0c498556d5 Unroll Salsa20 fully for a little more speed (non-SSE now almost as fast as SSE) 2015-10-09 09:39:27 -07:00
Adam Ierymenko
a3876353ca Abiltiy to post a test via the controller web API, and parsing of CIRCUIT_TEST_REPORT messages. 2015-10-08 13:25:38 -07:00
Adam Ierymenko
0ce0bc00d2 Make sure received() gets called for some new messages, and docs. 2015-10-07 16:20:54 -07:00
Adam Ierymenko
69b44bf9a5 Finally add an ECHO. 2015-10-07 16:11:50 -07:00
Adam Ierymenko
73cafbe0ec Limit proof of work difficulty to something sane. 2015-10-07 13:46:44 -07:00
Adam Ierymenko
e5f168f599 Add proof of work request for future DDOS mitigation use. 2015-10-07 13:35:46 -07:00
Adam Ierymenko
13f14c2f4c Kill debug line. 2015-10-07 10:56:47 -07:00
Adam Ierymenko
ab0228f626 More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class. 2015-10-07 10:30:47 -07:00
Adam Ierymenko
1b2cac0cc5 Trim some cruft that is not used and probably never would be. 2015-10-07 09:38:33 -07:00
Adam Ierymenko
3593fb3462 Send initial CIRCUIT_TEST packet. 2015-10-06 15:16:41 -07:00
Adam Ierymenko
d3f29d09e8 Plumbing through circuit test stuff. 2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd Handling of CIRCUIT_TEST, should be ready to test. 2015-10-06 11:47:16 -07:00
Adam Ierymenko
a3db7d0728 Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things. 2015-10-01 11:11:52 -07:00
Adam Ierymenko
1a4f16e0ed More work on circuit testing... 2015-09-30 13:59:05 -07:00
Adam Ierymenko
f69454ec98 (1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses. 2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c Plumb through localInterfaceId to track local interfaces corresponding with remote addresses. 2015-09-23 13:49:56 -07:00
Adam Ierymenko
0d386f1c31 Add a bit of useful testing instrumentation to SqliteNetworkController. 2015-09-08 11:35:55 -07:00
Adam Ierymenko
b31071463c Try another NAT traversal improvement. 2015-07-28 11:28:47 -07:00
Adam Ierymenko
b3516c599b Add a rate limiting circuit breaker to the network controller to prevent flooding attacks and race conditions. 2015-07-23 10:10:17 -07:00
Adam Ierymenko
3ba54c7e35 Eliminate some poorly thought out optimizations from the netconf/controller interaction, 
and go ahead and bump version to 1.0.4.

For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.

Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.

It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.

A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.

I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
 2015-07-23 09:50:10 -07:00
Adam Ierymenko
0b354803f3 Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank. 2015-07-13 10:03:04 -07:00
Adam Ierymenko
0b9524f23d Merge branch 'adamierymenko-dev' of http://git.int.zerotier.com/zerotier/zerotierone into adamierymenko-dev 2015-07-13 09:30:02 -07:00
Adam Ierymenko
4bf3bcbd55 Fixes to PUSH_DIRECT_PATHS. 2015-07-13 09:29:51 -07:00
Adam Ierymenko
3f0eca72f7 ZT_TRACE build fix. 2015-07-13 08:36:22 -07:00
Adam Ierymenko
412389ec75 Implement ERROR_UNWATNED_MULTICAST 2015-07-07 11:49:38 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02 A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable. 2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter. 2015-07-07 08:14:41 -07:00
Adam Ierymenko
6da9d2d36f Remove debug printf(). 2015-07-06 17:23:22 -07:00
Adam Ierymenko
f881cdd767 Add new .h file to VS build, and Windows side of local interface address enumeration. 2015-07-06 17:22:37 -07:00
Adam Ierymenko
79e9a8bcc2 Almost everything for GitHub issue #180 except direct path map setup. 2015-07-06 15:28:48 -07:00
Adam Ierymenko
fad9dff2db Almost all of GitHub issue #180 2015-07-06 15:05:04 -07:00
Adam Ierymenko
e5f7c55c54 Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch. 2015-07-06 12:34:35 -07:00
Adam Ierymenko
7bae95836c Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address. 2015-06-19 10:23:25 -07:00
Adam Ierymenko
87bb0086de Almost certain fix for GitHub issue #184 on -dev 2015-06-17 12:46:12 -07:00
Kees Bos
a425bbc673 Renamed supernode to rootserver 2015-05-06 12:05:20 +02:00
Adam Ierymenko
5341e32729 Fix to GitHub issue #140 -- network preferred relays. Also go ahead and allow RENDEZVOUS from regular peers. 2015-06-01 19:05:27 -07:00
Adam Ierymenko
d9006712f6 Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world. 2015-05-21 15:58:26 -07:00
Adam Ierymenko
b4b067bf12 So we need to keep track of external surface per reporter, since some NATs assign different external IPs for each external destination. Keeping just one known surface could create a race condition. 2015-05-04 18:34:30 -07:00