Adam Ierymenko
|
cc4bacc199
|
Cleanup, and implement compression disable flag for networks.
|
2016-09-27 12:22:25 -07:00 |
|
Adam Ierymenko
|
15c07c58b6
|
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
|
2016-09-27 11:33:48 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
16df2c3363
|
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
2016-09-08 19:48:05 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
0ee4d3554a
|
Stub out USER_MESSAGE.
|
2016-08-23 14:38:20 -07:00 |
|
Adam Ierymenko
|
0a7a33ef8f
|
Instantaneous blacklisting and credential revocation.
|
2016-08-23 13:46:36 -07:00 |
|
Adam Ierymenko
|
0dfc08b317
|
Tidy up a few minor protocol things, improve documentation in Packet.hpp.
|
2016-08-23 11:29:02 -07:00 |
|
Adam Ierymenko
|
c9d7845fea
|
Minor bug fix and some instrumentation stuff for testing.
|
2016-08-09 17:00:01 -07:00 |
|
Adam Ierymenko
|
bcd05fbdfa
|
Chunking of network config replies.
|
2016-08-09 09:34:13 -07:00 |
|
Adam Ierymenko
|
00fd9c3a15
|
It builds... almost ready to test some rules engine stuff.
|
2016-08-08 17:33:26 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
404a0bbddd
|
...
|
2016-08-04 09:51:15 -07:00 |
|
Adam Ierymenko
|
7e6e56e2bc
|
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
|
2016-08-03 18:04:08 -07:00 |
|
Adam Ierymenko
|
ecc1324bb0
|
Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places.
|
2016-08-02 13:36:17 -07:00 |
|
Adam Ierymenko
|
4929be08f7
|
Cleanup and stub out new object transfer messages.
|
2016-07-26 12:33:51 -07:00 |
|
Adam Ierymenko
|
765082fdb6
|
Trusted path support, and version bump to 1.1.9
|
2016-07-12 08:29:50 -07:00 |
|
Adam Ierymenko
|
6c6b18d003
|
Fix include for system lz4.
|
2016-06-08 12:50:56 -07:00 |
|
Adam Ierymenko
|
523ea68ae2
|
Increment protocol version to indicate support for binary network config and config request meta-data.
|
2016-06-07 11:08:36 -07:00 |
|
Adam Ierymenko
|
9da8bf37d7
|
docs
|
2016-04-28 21:31:10 +02:00 |
|
Adam Ierymenko
|
4c455876f9
|
Revise peer path weighting to always prioritize cluster-optimal paths.
|
2016-04-19 09:22:51 -07:00 |
|
Adam Ierymenko
|
cecfa99b7b
|
(1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4)
|
2016-04-18 16:44:23 -07:00 |
|
Adam Ierymenko
|
43fff1a87e
|
Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this.
|
2016-02-22 12:59:26 -08:00 |
|
Adam Ierymenko
|
4e4fd51117
|
boring doc stuff
|
2016-01-12 14:04:55 -08:00 |
|
Adam Ierymenko
|
d8143a5e18
|
Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev)
|
2016-01-05 16:41:54 -08:00 |
|
Adam Ierymenko
|
cba739fd6b
|
more dead code
|
2016-01-05 14:46:26 -08:00 |
|
Adam Ierymenko
|
fb5237d5b6
|
Outline dead path detection mechanism.
|
2016-01-05 14:42:56 -08:00 |
|
Adam Ierymenko
|
258f95b2cd
|
dead code removal
|
2016-01-05 14:19:16 -08:00 |
|
Adam Ierymenko
|
436c1fac1d
|
Selectively move over changes from "edge" to "dev" excluding netcon.
|
2015-12-21 16:15:39 -08:00 |
|
Adam Ierymenko
|
57b71bfff0
|
Cluster simplification and refactor work in progress...
|
2015-11-08 13:57:02 -08:00 |
|
Adam Ierymenko
|
f1b6427e63
|
Decided to make this 1.1.0 (semantic versioning increment is warranted), and add a legacy hack for older clients working with clusters.
|
2015-11-02 09:32:56 -08:00 |
|
Adam Ierymenko
|
9617208e40
|
Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers.
|
2015-10-27 09:53:43 -07:00 |
|
Adam Ierymenko
|
619e113748
|
Work in progress on Cluster for new root infrastructure, multi-homing.
|
2015-10-14 14:12:12 -07:00 |
|
Adam Ierymenko
|
824ed99160
|
.
|
2015-10-13 12:42:54 -07:00 |
|
Adam Ierymenko
|
5d2f523e81
|
World stuff...
|
2015-10-13 12:10:44 -07:00 |
|
Adam Ierymenko
|
cae58f43f1
|
More World stuff, and mkworld.
|
2015-10-13 08:49:36 -07:00 |
|
Adam Ierymenko
|
1b1945c63e
|
Work in progress on refactoring root-topology into World and adding in-band updates.
|
2015-10-12 18:25:29 -07:00 |
|
Adam Ierymenko
|
aec13b50fd
|
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
|
2015-10-09 15:05:26 -07:00 |
|
Adam Ierymenko
|
3fa6dd377f
|
docs
|
2015-10-09 08:51:57 -07:00 |
|
Adam Ierymenko
|
273f0d18b0
|
docs
|
2015-10-08 09:05:25 -07:00 |
|
Adam Ierymenko
|
fea1b6b2c3
|
docs
|
2015-10-07 16:25:08 -07:00 |
|
Adam Ierymenko
|
0ce0bc00d2
|
Make sure received() gets called for some new messages, and docs.
|
2015-10-07 16:20:54 -07:00 |
|
Adam Ierymenko
|
69b44bf9a5
|
Finally add an ECHO.
|
2015-10-07 16:11:50 -07:00 |
|
Adam Ierymenko
|
e5f168f599
|
Add proof of work request for future DDOS mitigation use.
|
2015-10-07 13:35:46 -07:00 |
|
Adam Ierymenko
|
ab0228f626
|
More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class.
|
2015-10-07 10:30:47 -07:00 |
|
Adam Ierymenko
|
d3f29d09e8
|
Plumbing through circuit test stuff.
|
2015-10-06 14:42:51 -07:00 |
|
Adam Ierymenko
|
5341afcdcd
|
Handling of CIRCUIT_TEST, should be ready to test.
|
2015-10-06 11:47:16 -07:00 |
|
Adam Ierymenko
|
0d0039674f
|
Add new verb names, and fix some Mac compiler flags.
|
2015-09-30 14:48:07 -07:00 |
|
Adam Ierymenko
|
1a4f16e0ed
|
More work on circuit testing...
|
2015-09-30 13:59:05 -07:00 |
|
Adam Ierymenko
|
2d0adb562d
|
Specify circuit test messages.
|
2015-09-27 11:37:39 -07:00 |
|
Adam Ierymenko
|
0b354803f3
|
Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank.
|
2015-07-13 10:03:04 -07:00 |
|
Adam Ierymenko
|
778c7e6e70
|
More cleanup to direct path push, comment fixes, etc.
|
2015-07-07 10:00:34 -07:00 |
|
Adam Ierymenko
|
c863ff3f02
|
A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable.
|
2015-07-07 08:54:48 -07:00 |
|
Adam Ierymenko
|
f398952a6c
|
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
|
2015-07-07 08:14:41 -07:00 |
|
Adam Ierymenko
|
79e9a8bcc2
|
Almost everything for GitHub issue #180 except direct path map setup.
|
2015-07-06 15:28:48 -07:00 |
|
Adam Ierymenko
|
255320e2a6
|
pushDirectPaths() implementation
|
2015-07-06 14:39:28 -07:00 |
|
Adam Ierymenko
|
93bb934d4e
|
Some cleanup, docs, and Path -> Path > RemotePath refactor.
|
2015-07-06 14:08:13 -07:00 |
|
Adam Ierymenko
|
9743db3538
|
docs
|
2015-07-06 12:37:37 -07:00 |
|
Adam Ierymenko
|
e5f7c55c54
|
Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch.
|
2015-07-06 12:34:35 -07:00 |
|
Adam Ierymenko
|
0cbbcf2884
|
Rename VERB_CMA to the more descriptive VERB_PHYSICAL_ADDRESS_PUSH
|
2015-06-29 16:01:01 -07:00 |
|
Adam Ierymenko
|
7bae95836c
|
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
|
2015-06-19 10:23:25 -07:00 |
|
Kees Bos
|
a425bbc673
|
Renamed supernode to rootserver
|
2015-05-06 12:05:20 +02:00 |
|
Adam Ierymenko
|
845955dea5
|
Add definition for VERB_CMA -- GitHub issue #180
|
2015-06-13 18:08:00 +02:00 |
|
Adam Ierymenko
|
0bdd56ebd6
|
A few revisions to PFS design.
|
2015-05-15 09:04:39 -07:00 |
|
Adam Ierymenko
|
e94518590d
|
First stab of PFS design work with PKC security -- may not implement in 1.0.3 but stubbing out.
|
2015-05-14 17:41:05 -07:00 |
|
Adam Ierymenko
|
a8835cd8b3
|
Some prep work to make room for perfect forward security (PFS). Will not affect existing clients.
|
2015-05-13 18:53:37 -07:00 |
|
Adam Ierymenko
|
e922324bc6
|
Stop inlining all the Packet armor/dearmor stuff to reduce binary bloat. This stuff is called all over the place.
|
2015-05-04 18:39:53 -07:00 |
|
Adam Ierymenko
|
49f031ccb4
|
Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc.
|
2015-04-07 19:31:11 -07:00 |
|
Adam Ierymenko
|
a2821e9000
|
Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz.
|
2015-04-06 20:17:21 -07:00 |
|
Adam Ierymenko
|
6eb9289367
|
Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch.
|
2015-04-03 16:52:53 -07:00 |
|
Adam Ierymenko
|
1f28ce3980
|
Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc.
|
2015-04-01 19:09:18 -07:00 |
|
Adam Ierymenko
|
93012b0ee5
|
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
|
2015-02-17 13:11:34 -08:00 |
|
Adam Ierymenko
|
89f0c948f8
|
Physical address change message verb.
|
2015-02-04 11:59:02 -08:00 |
|
Adam Ierymenko
|
64ba596e0b
|
C++ network config master ready to test.
|
2015-01-08 14:27:55 -08:00 |
|
Adam Ierymenko
|
4e95384ad6
|
Cleanup, add tristate to config code in Network, and happy new year!
|
2015-01-05 17:47:59 -08:00 |
|
Adam Ierymenko
|
96e9a90e8e
|
docs
|
2015-01-05 16:19:56 -08:00 |
|
Adam Ierymenko
|
87c599df5c
|
Back out service message type -- YAGNI violation.
|
2015-01-05 15:52:02 -08:00 |
|
Adam Ierymenko
|
56cfe1d603
|
Strip out old Service code, add new service message type.
|
2015-01-05 11:47:22 -08:00 |
|
Adam Ierymenko
|
5484cf4309
|
More cleanup, and fix a bug in Multicaster::gather()
|
2014-10-29 16:24:19 -07:00 |
|
Adam Ierymenko
|
5bb854e504
|
Fix a nasty bug introduced in packet fragmentation a while back during refactoring, and a few other things related to multicast.
|
2014-10-28 17:25:34 -07:00 |
|
Adam Ierymenko
|
4941c8a1f3
|
New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes.
|
2014-10-09 17:58:31 -07:00 |
|
Adam Ierymenko
|
d5e0f7e3e4
|
Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership.
|
2014-10-09 12:42:25 -07:00 |
|
Adam Ierymenko
|
87f1b1b1e3
|
Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way.
|
2014-10-06 13:16:16 -07:00 |
|
Adam Ierymenko
|
1109046782
|
Last steps before test: parse OK(MULTICAST_GATHER) and OK(MULTICAST_FRAME)
|
2014-10-02 13:50:37 -07:00 |
|
Adam Ierymenko
|
dee86e2448
|
But since we are now using middle 3 bits we can assign sane values for the cipher suite enum.
|
2014-10-02 11:13:53 -07:00 |
|
Adam Ierymenko
|
17da733f97
|
Gotta support old encrypted flag, move cipher spec to middle 3 bits... due to some shortsighted design early-on. In the future this can die once there are no old peers.
|
2014-10-02 11:08:59 -07:00 |
|
Adam Ierymenko
|
23836d4c11
|
Change "encrypted" flag to full cipher suite selector. Go ahead and reserve AES256-GCM which might be added in the future.
|
2014-10-02 10:54:34 -07:00 |
|
Adam Ierymenko
|
e53d208ea4
|
Improve security posture by eliminating non-const data() accessor from Buffer.
|
2014-10-02 10:06:29 -07:00 |
|
Adam Ierymenko
|
b41437780b
|
Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket...
|
2014-09-30 17:26:34 -07:00 |
|
Adam Ierymenko
|
2659427864
|
Multicaster needs to be global, not per-network, and a bunch of other stuff.
|
2014-09-30 16:28:25 -07:00 |
|
Adam Ierymenko
|
8607aa7c3c
|
Everything in for new multicast except IncomingPacket parsing...
|
2014-09-30 08:38:03 -07:00 |
|
Adam Ierymenko
|
ed0ba49502
|
A few more revisions to new multicast verbs.
|
2014-09-26 14:18:25 -07:00 |
|
Adam Ierymenko
|
9e186bbd89
|
.
|
2014-09-25 15:57:43 -07:00 |
|
Adam Ierymenko
|
431476e2e4
|
Some more multicast algo work...
|
2014-09-24 13:45:58 -07:00 |
|
Adam Ierymenko
|
954f9cbc13
|
Yet more WIP on mulitcast algo...
|
2014-09-22 13:18:24 -07:00 |
|
Adam Ierymenko
|
d9abd4d9be
|
Work on defining new direct broadcast multicast algorithm.
|
2014-09-18 18:28:14 -07:00 |
|