Adam Ierymenko
|
c8554504f3
|
.
|
2016-12-22 18:37:46 -08:00 |
|
Adam Ierymenko
|
6b12d86209
|
Add a workaround for an edge case in TEE/REDIRECT if we are the inbound destination and teeing is only being done on the outbound side.
|
2016-12-22 18:06:35 -08:00 |
|
Adam Ierymenko
|
fe530548bb
|
Fix MATCH_RANDOM in controller.
|
2016-12-22 16:57:45 -08:00 |
|
Adam Ierymenko
|
2eaff6d484
|
Fix to characteristcs in rules engine.
|
2016-12-22 16:36:38 -08:00 |
|
Adam Ierymenko
|
244f37179c
|
Minor security: lock roots to only be reachable via World IPs.
|
2016-12-05 16:09:42 -08:00 |
|
Adam Ierymenko
|
fa2bb91ae5
|
Kill some old debug code.
|
2016-11-30 10:48:09 -08:00 |
|
Adam Ierymenko
|
84732fcb12
|
Wire through external path lookup. Static paths should now work.
|
2016-11-22 14:23:13 -08:00 |
|
Adam Ierymenko
|
42ba70e79e
|
Replace long callback arg list with struct, and implement path whitelisting, path blacklisting, and local.conf support for roles.
|
2016-11-22 10:54:58 -08:00 |
|
Adam Ierymenko
|
cbaef66e82
|
Fix a deadlock in federation/upstream code.
|
2016-11-21 16:04:01 -08:00 |
|
Adam Ierymenko
|
97d915b06c
|
Expose relay policy in node settings.
|
2016-11-21 15:35:18 -08:00 |
|
Adam Ierymenko
|
ccdd4ffda7
|
Move split() to OSUtils since it is not used in core.
|
2016-11-18 15:49:28 -08:00 |
|
Adam Ierymenko
|
673c0c811e
|
Wire through upstream stuff and add setRole().
|
2016-11-18 13:48:49 -08:00 |
|
Adam Ierymenko
|
6e1da35c12
|
Remove debug.
|
2016-11-18 13:15:58 -08:00 |
|
Adam Ierymenko
|
25f9c294dc
|
Small bug fix and warning removal.
|
2016-11-18 13:01:45 -08:00 |
|
Adam Ierymenko
|
2ea9f516e1
|
Rate gate expensive validation of new identities in HELLO.
|
2016-11-18 12:59:04 -08:00 |
|
Adam Ierymenko
|
ab4021dd0e
|
Do packet MAC check before locallyValidate(), and add timing measurement in selftest.
|
2016-11-18 11:09:19 -08:00 |
|
Adam Ierymenko
|
1fcbb1fbed
|
Proactively auto-load designated upstreams.
|
2016-11-18 10:39:26 -08:00 |
|
Adam Ierymenko
|
39333c9e8e
|
Modify unite() to deal with a second layer of upstreams.
|
2016-11-17 16:59:04 -08:00 |
|
Adam Ierymenko
|
1615ef1114
|
Rename getBestRoot() etc.
|
2016-11-17 16:31:58 -08:00 |
|
Adam Ierymenko
|
bf8d71e82c
|
Add notion of upstream that is separate from root in Topology, etc.
|
2016-11-17 16:20:41 -08:00 |
|
Adam Ierymenko
|
12d32b9311
|
Small fix to send pushes if not a reply.
|
2016-11-10 11:57:45 -08:00 |
|
Adam Ierymenko
|
226123ca08
|
Refactor controller to permit sending of pushes as well as just replies to config requests.
|
2016-11-10 11:54:47 -08:00 |
|
Adam Ierymenko
|
5ebf5077f5
|
Log last meta-data in controller, and ease up just a bit on keepalives.
|
2016-11-09 17:11:10 -08:00 |
|
Adam Ierymenko
|
c61ca1dea2
|
Keep connections up for netconf stuff as well as frames.
|
2016-11-09 16:04:08 -08:00 |
|
Grant Limberg
|
8ffae313fd
|
add new files & remove old ones from VS project. Now builds & runs on Windows again
|
2016-11-03 12:10:50 -07:00 |
|
Adam Ierymenko
|
27d997a2e5
|
.
|
2016-10-13 15:17:17 -07:00 |
|
Adam Ierymenko
|
6469aa9df9
|
typo
|
2016-10-13 14:28:39 -07:00 |
|
Adam Ierymenko
|
ce6b5bc6f5
|
.
|
2016-10-13 14:21:24 -07:00 |
|
Adam Ierymenko
|
4f3775bb86
|
Fix ICMP match.
|
2016-10-13 14:21:00 -07:00 |
|
Adam Ierymenko
|
8850a8610a
|
Fix filter trace.
|
2016-10-13 13:59:17 -07:00 |
|
Adam Ierymenko
|
2d6a4e5974
|
cleanup
|
2016-10-13 13:52:45 -07:00 |
|
Adam Ierymenko
|
93b4ac5cb2
|
Remove unused POW code, will revisit later.
|
2016-10-13 13:17:30 -07:00 |
|
Adam Ierymenko
|
3f4c166861
|
Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev
|
2016-10-11 12:00:38 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Grant Limberg
|
6a50291aa2
|
Fix the case for InetAddress::containsAddress for IPv6 route of ::
|
2016-10-07 14:29:06 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
d5f4d381d0
|
Go ahead and loop back packets whose destination is self. Some OSes require this since they aactually follow the full network path even for local IPs.
|
2016-10-05 10:12:06 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
9eaa3756f8
|
Fix deadlock-causing regression in Network.
|
2016-09-30 12:22:54 -07:00 |
|
Adam Ierymenko
|
4fe9a4fe83
|
Fix memory leak.
|
2016-09-28 16:13:59 -07:00 |
|
Adam Ierymenko
|
01129d02b3
|
hashCode() for InetAddress
|
2016-09-28 13:45:25 -07:00 |
|
Adam Ierymenko
|
e1fbf7b34c
|
Check multicast limit on send after NDP emulation code.
|
2016-09-28 12:21:08 -07:00 |
|
Adam Ierymenko
|
7e90ab3534
|
TRACE verbosity increase on exceptions in NETWORK_CREDENTIALS.
|
2016-09-28 11:06:44 -07:00 |
|
Adam Ierymenko
|
5ee1ccd659
|
Send need credential error on more cases.
|
2016-09-27 16:41:08 -07:00 |
|
Adam Ierymenko
|
0b44919ba2
|
Clusters can send multiple OKs so we must allow this.
|
2016-09-27 16:33:37 -07:00 |
|
Adam Ierymenko
|
9f550292fe
|
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
|
2016-09-27 13:49:43 -07:00 |
|
Adam Ierymenko
|
5ba7ca91c0
|
TRACE build fix.
|
2016-09-27 12:44:44 -07:00 |
|
Adam Ierymenko
|
cc4bacc199
|
Cleanup, and implement compression disable flag for networks.
|
2016-09-27 12:22:25 -07:00 |
|
Adam Ierymenko
|
15c07c58b6
|
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
|
2016-09-27 11:33:48 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
d3524f3609
|
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
2016-09-20 21:21:34 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
740b34124f
|
Naming...
|
2016-09-14 17:35:50 -07:00 |
|
Adam Ierymenko
|
15402933bc
|
Add physical MTU recommendation hint to network config via API.
|
2016-09-14 16:55:25 -07:00 |
|
Adam Ierymenko
|
83abc00aae
|
docs
|
2016-09-13 14:58:59 -07:00 |
|
Adam Ierymenko
|
5b6d27e659
|
Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected.
|
2016-09-13 14:27:18 -07:00 |
|
Adam Ierymenko
|
8ef0e4bbaf
|
Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP.
|
2016-09-13 10:46:36 -07:00 |
|
Adam Ierymenko
|
0da9a9a3e0
|
Set trustEstablished in a few more places.
|
2016-09-13 10:33:03 -07:00 |
|
Adam Ierymenko
|
cba37c6107
|
Add a few more rate limit gates for anti-DOS hardening.
|
2016-09-13 10:13:23 -07:00 |
|
Adam Ierymenko
|
ea1da3321a
|
Rate gate requests for COM.
|
2016-09-12 15:19:21 -07:00 |
|
Adam Ierymenko
|
debc4c45ee
|
Set trust established flag in MULTICAST_GATHER.
|
2016-09-09 11:45:34 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
ef87069957
|
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
|
2016-09-09 09:32:00 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
16df2c3363
|
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
2016-09-08 19:48:05 -07:00 |
|
Adam Ierymenko
|
1f6b13b7fd
|
Fix bug causing null addresses to get in memberships[] hash.
|
2016-09-08 16:09:56 -07:00 |
|
Adam Ierymenko
|
daf8a66ced
|
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
2016-09-07 15:47:20 -07:00 |
|
Adam Ierymenko
|
20278bb9e4
|
Also send MULTICAST_LIKEs to controllers.
|
2016-09-07 15:34:34 -07:00 |
|
Adam Ierymenko
|
c7a4da3dd3
|
Turns out we do not need to pass network to receive().
|
2016-09-07 15:24:53 -07:00 |
|
Adam Ierymenko
|
1908aa55f5
|
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
2016-09-07 15:15:52 -07:00 |
|
Adam Ierymenko
|
1c08f5e857
|
Tweak some expire times.
|
2016-09-07 12:25:19 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
a7d988745b
|
Use ECHO instead of HELLO where possible.
|
2016-09-07 12:01:03 -07:00 |
|
Adam Ierymenko
|
ff9f8b1c2b
|
Typo fix.
|
2016-09-07 11:15:36 -07:00 |
|
Adam Ierymenko
|
b5c86b6ba4
|
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
|
2016-09-07 11:13:17 -07:00 |
|
Adam Ierymenko
|
f2d2df2b11
|
Cluster build fix.
|
2016-09-06 15:06:07 -07:00 |
|
Adam Ierymenko
|
48a374c82c
|
(1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection.
|
2016-09-06 14:05:58 -07:00 |
|
Adam Ierymenko
|
8a2e8bd585
|
Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be.
|
2016-09-06 12:45:28 -07:00 |
|
Adam Ierymenko
|
43780742b0
|
comments, docs
|
2016-09-06 11:10:04 -07:00 |
|
Adam Ierymenko
|
d7f2287ce9
|
More tweaks to path behavior.
|
2016-09-05 15:47:22 -07:00 |
|
Adam Ierymenko
|
eebcf08084
|
Tweaks to new Path code for dual-stack operation, and other fixes.
|
2016-09-03 15:39:05 -07:00 |
|
Adam Ierymenko
|
01aa469591
|
Remove debug line.
|
2016-09-02 14:26:04 -07:00 |
|
Adam Ierymenko
|
4992ac2d9f
|
Cluster sub-optimal is in fact necessary...
|
2016-09-02 14:20:55 -07:00 |
|
Adam Ierymenko
|
412979ba8f
|
Attempt to reactivate dead paths.
|
2016-09-02 13:55:33 -07:00 |
|
Adam Ierymenko
|
4f8253dcdb
|
Tweaks to path handling...
|
2016-09-02 13:33:56 -07:00 |
|
Adam Ierymenko
|
4931e44998
|
Implement "weak pointer" behavior on Topology Path canonicalization hash table.
|
2016-09-02 12:34:02 -07:00 |
|
Adam Ierymenko
|
d1101441b3
|
Tweak some timings.
|
2016-09-02 11:54:59 -07:00 |
|
Adam Ierymenko
|
e8f6b4b5d3
|
Rest of big Path canonicalization refactor.
|
2016-09-02 11:51:33 -07:00 |
|
Adam Ierymenko
|
a3bdae9735
|
Work in progress: Path canonicalization refactor.
|
2016-09-01 15:43:07 -07:00 |
|
Adam Ierymenko
|
d5e6f59004
|
.
|
2016-09-01 13:45:32 -07:00 |
|
Adam Ierymenko
|
22271f2a49
|
Cleanup.
|
2016-09-01 13:36:41 -07:00 |
|
Adam Ierymenko
|
8b6d23b9f6
|
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
|
2016-09-01 12:07:17 -07:00 |
|
Adam Ierymenko
|
25056de5d3
|
Also need to send credentials when TEEing and REDIRECTing.
|
2016-08-31 17:56:59 -07:00 |
|
Adam Ierymenko
|
994b25af4e
|
Simplify some logic.
|
2016-08-31 17:45:55 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|