Commit Graph

3414 Commits

Author SHA1 Message Date
Adam Ierymenko
5ee1ccd659 Send need credential error on more cases. 2016-09-27 16:41:08 -07:00
Adam Ierymenko
0b44919ba2 Clusters can send multiple OKs so we must allow this. 2016-09-27 16:33:37 -07:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
5ba7ca91c0 TRACE build fix. 2016-09-27 12:44:44 -07:00
Adam Ierymenko
cc4bacc199 Cleanup, and implement compression disable flag for networks. 2016-09-27 12:22:25 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
236fdb450c cleanup attic 2016-09-27 07:02:16 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
siigna
e35bca2c3c Move debian/format to debian/source/format
Fixes the following error during package building:
dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1)

Reference:
https://www.debian.org/doc/manuals/maint-guide/dother.en.html#sourcef
2016-09-23 20:13:37 -07:00
Adam Ierymenko
46049a1ef6 Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-23 16:08:44 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Grant Limberg
40d3993ceb java code still needed to reflect PEER_ROLE_RELAY rename to PEER_ROLE_UPSTREAM 2016-09-21 14:12:20 -07:00
Grant Limberg
0564bb3b35 added missing copyright/license info from ZT_jniutils 2016-09-21 14:09:46 -07:00
Adam Ierymenko
29711e123f Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-20 21:21:43 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Grant Limberg
d87f0293e3 Don't print a few error messages when they don't matter. 2016-09-19 13:40:53 -07:00
Grant Limberg
5fadd8bdd2 ZT_PEER_ROLE_RELAY -> ZT_PEER_ROLE_UPSTREAM in JNI glue 2016-09-19 12:54:19 -07:00
Grant Limberg
3366b53247 Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev 2016-09-18 18:10:03 -07:00
Adam Ierymenko
68e549233d Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness). 2016-09-15 13:17:37 -07:00
Adam Ierymenko
24fce0be86 No, definitely have to back out GitHub issue #385 (non-bisected routes) since this breaks IPv6 on OSX and probably IPv4 too if you were to encounter a 6-only situation. 2016-09-14 22:23:56 -07:00
Adam Ierymenko
740b34124f Naming... 2016-09-14 17:35:50 -07:00
Adam Ierymenko
15402933bc Add physical MTU recommendation hint to network config via API. 2016-09-14 16:55:25 -07:00
Adam Ierymenko
8d0b2b781e Route management bug fixes. 2016-09-13 16:25:48 -07:00
Adam Ierymenko
83abc00aae docs 2016-09-13 14:58:59 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
ced8dfc639 Try a version of GitHub issue #385 (non-bifurcated default if not present) on Mac. This version adds the bifurcated routes always but also adds a device-specific non-bifurcated route. Will have to see if this still interferes with OSX route settings, since by definition device specific routes should not conflict with general routes. 2016-09-13 11:07:59 -07:00
Adam Ierymenko
8ef0e4bbaf Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. 2016-09-13 10:46:36 -07:00
Adam Ierymenko
0da9a9a3e0 Set trustEstablished in a few more places. 2016-09-13 10:33:03 -07:00
Adam Ierymenko
cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko
ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko
34b146f28b Back out of GitHub issue #385 for now and maybe for this release. Would be nice but it is non-critical and rules are the priority. Current implementation bangs heads with OSX route assignment on WiFi join, etc. 2016-09-12 14:56:18 -07:00
Adam Ierymenko
fb46a546db Just always do route bifurcation on Linux for now... basically the old behavior. 2016-09-09 12:53:44 -07:00
Adam Ierymenko
debc4c45ee Set trust established flag in MULTICAST_GATHER. 2016-09-09 11:45:34 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Grant Limberg
5ed5b22525 Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev 2016-09-08 17:45:46 -07:00
Grant Limberg
dccca7df1a another couple of missing semicolons 2016-09-08 17:45:40 -07:00
Adam Ierymenko
1f6b13b7fd Fix bug causing null addresses to get in memberships[] hash. 2016-09-08 16:09:56 -07:00
Adam Ierymenko
d23ade879b Do not bifurcate if not replacing an existing route. (Still need to tie up Linux and Windows.) 2016-09-08 15:42:46 -07:00
Adam Ierymenko
8afdb0aa65 GitHub issue #346 2016-09-07 17:07:06 -07:00
Adam Ierymenko
daf8a66ced More correct and efficient to initialize member relationship push stuff lazily when member is learned. 2016-09-07 15:47:20 -07:00
Adam Ierymenko
20278bb9e4 Also send MULTICAST_LIKEs to controllers. 2016-09-07 15:34:34 -07:00
Adam Ierymenko
c7a4da3dd3 Turns out we do not need to pass network to receive(). 2016-09-07 15:24:53 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
1c08f5e857 Tweak some expire times. 2016-09-07 12:25:19 -07:00
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00