Commit Graph

1418 Commits

Author SHA1 Message Date
Adam Ierymenko
c8554504f3 . 2016-12-22 18:37:46 -08:00
Adam Ierymenko
6b12d86209 Add a workaround for an edge case in TEE/REDIRECT if we are the inbound destination and teeing is only being done on the outbound side. 2016-12-22 18:06:35 -08:00
Adam Ierymenko
fe530548bb Fix MATCH_RANDOM in controller. 2016-12-22 16:57:45 -08:00
Adam Ierymenko
2eaff6d484 Fix to characteristcs in rules engine. 2016-12-22 16:36:38 -08:00
Adam Ierymenko
244f37179c Minor security: lock roots to only be reachable via World IPs. 2016-12-05 16:09:42 -08:00
Adam Ierymenko
fa2bb91ae5 Kill some old debug code. 2016-11-30 10:48:09 -08:00
Adam Ierymenko
84732fcb12 Wire through external path lookup. Static paths should now work. 2016-11-22 14:23:13 -08:00
Adam Ierymenko
42ba70e79e Replace long callback arg list with struct, and implement path whitelisting, path blacklisting, and local.conf support for roles. 2016-11-22 10:54:58 -08:00
Adam Ierymenko
cbaef66e82 Fix a deadlock in federation/upstream code. 2016-11-21 16:04:01 -08:00
Adam Ierymenko
97d915b06c Expose relay policy in node settings. 2016-11-21 15:35:18 -08:00
Adam Ierymenko
ccdd4ffda7 Move split() to OSUtils since it is not used in core. 2016-11-18 15:49:28 -08:00
Adam Ierymenko
673c0c811e Wire through upstream stuff and add setRole(). 2016-11-18 13:48:49 -08:00
Adam Ierymenko
6e1da35c12 Remove debug. 2016-11-18 13:15:58 -08:00
Adam Ierymenko
25f9c294dc Small bug fix and warning removal. 2016-11-18 13:01:45 -08:00
Adam Ierymenko
2ea9f516e1 Rate gate expensive validation of new identities in HELLO. 2016-11-18 12:59:04 -08:00
Adam Ierymenko
ab4021dd0e Do packet MAC check before locallyValidate(), and add timing measurement in selftest. 2016-11-18 11:09:19 -08:00
Adam Ierymenko
1fcbb1fbed Proactively auto-load designated upstreams. 2016-11-18 10:39:26 -08:00
Adam Ierymenko
39333c9e8e Modify unite() to deal with a second layer of upstreams. 2016-11-17 16:59:04 -08:00
Adam Ierymenko
1615ef1114 Rename getBestRoot() etc. 2016-11-17 16:31:58 -08:00
Adam Ierymenko
bf8d71e82c Add notion of upstream that is separate from root in Topology, etc. 2016-11-17 16:20:41 -08:00
Adam Ierymenko
12d32b9311 Small fix to send pushes if not a reply. 2016-11-10 11:57:45 -08:00
Adam Ierymenko
226123ca08 Refactor controller to permit sending of pushes as well as just replies to config requests. 2016-11-10 11:54:47 -08:00
Adam Ierymenko
5ebf5077f5 Log last meta-data in controller, and ease up just a bit on keepalives. 2016-11-09 17:11:10 -08:00
Adam Ierymenko
c61ca1dea2 Keep connections up for netconf stuff as well as frames. 2016-11-09 16:04:08 -08:00
Grant Limberg
8ffae313fd add new files & remove old ones from VS project. Now builds & runs on Windows again 2016-11-03 12:10:50 -07:00
Adam Ierymenko
27d997a2e5 . 2016-10-13 15:17:17 -07:00
Adam Ierymenko
6469aa9df9 typo 2016-10-13 14:28:39 -07:00
Adam Ierymenko
ce6b5bc6f5 . 2016-10-13 14:21:24 -07:00
Adam Ierymenko
4f3775bb86 Fix ICMP match. 2016-10-13 14:21:00 -07:00
Adam Ierymenko
8850a8610a Fix filter trace. 2016-10-13 13:59:17 -07:00
Adam Ierymenko
2d6a4e5974 cleanup 2016-10-13 13:52:45 -07:00
Adam Ierymenko
93b4ac5cb2 Remove unused POW code, will revisit later. 2016-10-13 13:17:30 -07:00
Adam Ierymenko
3f4c166861 Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-10-11 12:00:38 -07:00
Adam Ierymenko
e53f63ca87 Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed. 2016-10-11 12:00:16 -07:00
Grant Limberg
6a50291aa2 Fix the case for InetAddress::containsAddress for IPv6 route of :: 2016-10-07 14:29:06 -07:00
Adam Ierymenko
45c4ccb153 Add a tags both equal match. 2016-10-05 16:38:42 -07:00
Adam Ierymenko
adeb7e7da0 Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want. 2016-10-05 12:54:46 -07:00
Adam Ierymenko
d5f4d381d0 Go ahead and loop back packets whose destination is self. Some OSes require this since they aactually follow the full network path even for local IPs. 2016-10-05 10:12:06 -07:00
Adam Ierymenko
988049f39b Add new rule to rules engine: random match. 2016-09-30 14:07:00 -07:00
Adam Ierymenko
9eaa3756f8 Fix deadlock-causing regression in Network. 2016-09-30 12:22:54 -07:00
Adam Ierymenko
4fe9a4fe83 Fix memory leak. 2016-09-28 16:13:59 -07:00
Adam Ierymenko
01129d02b3 hashCode() for InetAddress 2016-09-28 13:45:25 -07:00
Adam Ierymenko
e1fbf7b34c Check multicast limit on send after NDP emulation code. 2016-09-28 12:21:08 -07:00
Adam Ierymenko
7e90ab3534 TRACE verbosity increase on exceptions in NETWORK_CREDENTIALS. 2016-09-28 11:06:44 -07:00
Adam Ierymenko
5ee1ccd659 Send need credential error on more cases. 2016-09-27 16:41:08 -07:00
Adam Ierymenko
0b44919ba2 Clusters can send multiple OKs so we must allow this. 2016-09-27 16:33:37 -07:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
5ba7ca91c0 TRACE build fix. 2016-09-27 12:44:44 -07:00
Adam Ierymenko
cc4bacc199 Cleanup, and implement compression disable flag for networks. 2016-09-27 12:22:25 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
68e549233d Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness). 2016-09-15 13:17:37 -07:00
Adam Ierymenko
740b34124f Naming... 2016-09-14 17:35:50 -07:00
Adam Ierymenko
15402933bc Add physical MTU recommendation hint to network config via API. 2016-09-14 16:55:25 -07:00
Adam Ierymenko
83abc00aae docs 2016-09-13 14:58:59 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
8ef0e4bbaf Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. 2016-09-13 10:46:36 -07:00
Adam Ierymenko
0da9a9a3e0 Set trustEstablished in a few more places. 2016-09-13 10:33:03 -07:00
Adam Ierymenko
cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko
ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko
debc4c45ee Set trust established flag in MULTICAST_GATHER. 2016-09-09 11:45:34 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko
1f6b13b7fd Fix bug causing null addresses to get in memberships[] hash. 2016-09-08 16:09:56 -07:00
Adam Ierymenko
daf8a66ced More correct and efficient to initialize member relationship push stuff lazily when member is learned. 2016-09-07 15:47:20 -07:00
Adam Ierymenko
20278bb9e4 Also send MULTICAST_LIKEs to controllers. 2016-09-07 15:34:34 -07:00
Adam Ierymenko
c7a4da3dd3 Turns out we do not need to pass network to receive(). 2016-09-07 15:24:53 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
1c08f5e857 Tweak some expire times. 2016-09-07 12:25:19 -07:00
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00
Adam Ierymenko
ff9f8b1c2b Typo fix. 2016-09-07 11:15:36 -07:00
Adam Ierymenko
b5c86b6ba4 Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. 2016-09-07 11:13:17 -07:00
Adam Ierymenko
f2d2df2b11 Cluster build fix. 2016-09-06 15:06:07 -07:00
Adam Ierymenko
48a374c82c (1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection. 2016-09-06 14:05:58 -07:00
Adam Ierymenko
8a2e8bd585 Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be. 2016-09-06 12:45:28 -07:00
Adam Ierymenko
43780742b0 comments, docs 2016-09-06 11:10:04 -07:00
Adam Ierymenko
d7f2287ce9 More tweaks to path behavior. 2016-09-05 15:47:22 -07:00
Adam Ierymenko
eebcf08084 Tweaks to new Path code for dual-stack operation, and other fixes. 2016-09-03 15:39:05 -07:00
Adam Ierymenko
01aa469591 Remove debug line. 2016-09-02 14:26:04 -07:00
Adam Ierymenko
4992ac2d9f Cluster sub-optimal is in fact necessary... 2016-09-02 14:20:55 -07:00
Adam Ierymenko
412979ba8f Attempt to reactivate dead paths. 2016-09-02 13:55:33 -07:00
Adam Ierymenko
4f8253dcdb Tweaks to path handling... 2016-09-02 13:33:56 -07:00
Adam Ierymenko
4931e44998 Implement "weak pointer" behavior on Topology Path canonicalization hash table. 2016-09-02 12:34:02 -07:00
Adam Ierymenko
d1101441b3 Tweak some timings. 2016-09-02 11:54:59 -07:00
Adam Ierymenko
e8f6b4b5d3 Rest of big Path canonicalization refactor. 2016-09-02 11:51:33 -07:00
Adam Ierymenko
a3bdae9735 Work in progress: Path canonicalization refactor. 2016-09-01 15:43:07 -07:00
Adam Ierymenko
d5e6f59004 . 2016-09-01 13:45:32 -07:00
Adam Ierymenko
22271f2a49 Cleanup. 2016-09-01 13:36:41 -07:00
Adam Ierymenko
8b6d23b9f6 Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table. 2016-09-01 12:07:17 -07:00
Adam Ierymenko
25056de5d3 Also need to send credentials when TEEing and REDIRECTing. 2016-08-31 17:56:59 -07:00
Adam Ierymenko
994b25af4e Simplify some logic. 2016-08-31 17:45:55 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61 rename SAMENESS to DIFFERENCE which is less confusing 2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b Add overlooked MATCH_ICMP to rule set. 2016-08-31 14:01:15 -07:00