8dd3639576
set ssoEnabled = true on network config if we get ERROR_NETWORK_AUTHENTICATION_REQUIRED
2021-06-05 14:00:03 -07:00
810e2a761f
Fix authentication URL...
2021-05-25 14:49:06 -04:00
b270d527f4
Basic plumbing for authentication requirement and piping through of URL information.
2021-05-24 22:58:17 -04:00
06730c7d1d
BSL date bump
2020-08-20 12:51:39 -07:00
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1
2019-08-23 09:23:39 -07:00
75ebe5172f
Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced)
2019-08-02 20:43:02 -07:00
a019c3dd5d
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
2019-06-25 13:42:20 -07:00
63ec19674c
.
2019-03-19 16:43:43 -07:00
e03102dbcb
Clean out some unnecessarily pedantic auth stuff in favor of a simpler way of gating multicast gathers.
2019-03-14 14:29:15 -07:00
0e597191b8
Updated licenses for 2019
2019-01-14 10:25:53 -08:00
28cb40529d
Rough draft of fq-codel implementation
2018-07-10 16:50:12 -07:00
9681fedbb4
Spellcheck sweep across codebase
2018-06-07 17:25:27 -07:00
6d8e1e8783
More cleanup of old stuff.
2018-01-26 21:34:56 -05:00
65c07afe05
Copyright updates for 2018.
2018-01-08 14:33:28 -08:00
b1d60df44c
timestamps changed from uint64_t to int64_t
...
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability. This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
b9e1d53d7a
Minor cleanup.
2017-07-17 14:21:09 -07:00
495c5ce81d
Bunch of remote tracing work.
2017-07-13 10:51:05 -07:00
6015b529a0
More clustering work.
2017-06-01 12:33:05 -07:00
1b68d6dbdc
License header update.
2017-04-27 20:47:25 -07:00
88a4a3b1ba
Pass tptr on leave.
2017-04-11 08:47:02 -07:00
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
2017-03-27 17:03:17 -07:00
e10325e133
GitHub issue #461 -- plus a bit of cleanup and optimization
2017-03-17 17:15:23 -07:00
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
2017-02-23 11:47:36 -08:00
ed31cb76d6
Fix to cluster network configs.
2017-01-30 16:04:05 -08:00
226123ca08
Refactor controller to permit sending of pushes as well as just replies to config requests.
2016-11-10 11:54:47 -08:00
9f550292fe
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
2016-09-27 13:49:43 -07:00
15c07c58b6
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
2016-09-27 11:33:48 -07:00
eac3667ec1
Bunch more refactoring and work on revocations, etc.
2016-09-26 16:17:02 -07:00
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
2016-09-20 21:21:34 -07:00
ab9afbc749
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
2016-09-09 11:36:10 -07:00
ef87069957
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
2016-09-09 09:32:00 -07:00
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
2016-09-08 19:48:05 -07:00
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
2016-09-07 15:47:20 -07:00
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
2016-09-07 15:15:52 -07:00
74afef8eb1
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
2016-08-31 16:50:22 -07:00
f0636ffd4a
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
2016-08-29 15:54:06 -07:00
2cdda38dc4
It basically works... at least on current controllers.
2016-08-24 15:26:18 -07:00
ccea3d04d6
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
2016-08-24 14:28:16 -07:00
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
2016-08-23 13:46:36 -07:00
4d498b3765
Handling of multi-part chunked network configs on the inbound side.
2016-08-09 13:14:38 -07:00
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
2016-08-08 17:33:26 -07:00
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
2016-08-08 16:50:00 -07:00
e2f783ebbd
.
2016-08-05 15:02:01 -07:00
37d139177d
Integrate Filter into OutboundMulticast properly.
2016-08-04 13:01:14 -07:00
e09c1a1c11
Big refactor mostly builds. We now have a uniform backward compatible netconf.
2016-06-16 12:28:43 -07:00
4446dbde5e
Big refactor in service code to prep for plumbing through route management.
2016-06-14 10:09:26 -07:00
90e1262a8b
More refactoring to remove old Dictionary dependencies.
2016-04-26 08:20:03 -07:00
2f18a92e20
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
2016-04-19 12:09:35 -07:00
