Adam Ierymenko
|
9f550292fe
|
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
|
2016-09-27 13:49:43 -07:00 |
|
Adam Ierymenko
|
15c07c58b6
|
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
|
2016-09-27 11:33:48 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
d3524f3609
|
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
2016-09-20 21:21:34 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
ef87069957
|
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
|
2016-09-09 09:32:00 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
16df2c3363
|
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
2016-09-08 19:48:05 -07:00 |
|
Adam Ierymenko
|
daf8a66ced
|
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
2016-09-07 15:47:20 -07:00 |
|
Adam Ierymenko
|
1908aa55f5
|
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
2016-09-07 15:15:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
f0636ffd4a
|
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
|
2016-08-29 15:54:06 -07:00 |
|
Adam Ierymenko
|
2cdda38dc4
|
It basically works... at least on current controllers.
|
2016-08-24 15:26:18 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
0a7a33ef8f
|
Instantaneous blacklisting and credential revocation.
|
2016-08-23 13:46:36 -07:00 |
|
Adam Ierymenko
|
4d498b3765
|
Handling of multi-part chunked network configs on the inbound side.
|
2016-08-09 13:14:38 -07:00 |
|
Adam Ierymenko
|
00fd9c3a15
|
It builds... almost ready to test some rules engine stuff.
|
2016-08-08 17:33:26 -07:00 |
|
Adam Ierymenko
|
8007ca56aa
|
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
|
2016-08-08 16:50:00 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
37d139177d
|
Integrate Filter into OutboundMulticast properly.
|
2016-08-04 13:01:14 -07:00 |
|
Adam Ierymenko
|
e09c1a1c11
|
Big refactor mostly builds. We now have a uniform backward compatible netconf.
|
2016-06-16 12:28:43 -07:00 |
|
Adam Ierymenko
|
4446dbde5e
|
Big refactor in service code to prep for plumbing through route management.
|
2016-06-14 10:09:26 -07:00 |
|
Adam Ierymenko
|
90e1262a8b
|
More refactoring to remove old Dictionary dependencies.
|
2016-04-26 08:20:03 -07:00 |
|
Adam Ierymenko
|
2f18a92e20
|
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
|
2016-04-19 12:09:35 -07:00 |
|
Adam Ierymenko
|
51fecc0be9
|
Refactor Network for new NetworkConfig.
|
2016-04-12 12:16:29 -07:00 |
|
Adam Ierymenko
|
6f854c8391
|
NetworkConfig refactor part 1
|
2016-04-12 12:11:34 -07:00 |
|
Adam Ierymenko
|
4e4fd51117
|
boring doc stuff
|
2016-01-12 14:04:55 -08:00 |
|
Adam Ierymenko
|
3883ac08c7
|
Docs and cleanup.
|
2016-01-12 13:17:30 -08:00 |
|
Adam Ierymenko
|
d6f0f1a82a
|
Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup.
|
2016-01-12 11:34:22 -08:00 |
|
Adam Ierymenko
|
83ef98a9dc
|
Add a network-associated user ptr in API.
|
2016-01-12 11:04:35 -08:00 |
|
Adam Ierymenko
|
35676217e8
|
Refactor multicast group announcement to work directly or indirectly.
|
2015-10-23 14:50:07 -07:00 |
|
Adam Ierymenko
|
d6676a9d6c
|
Always announce multicast groups, not just to peers with direct links, and push network COMs to any MULTICAST_LIKE recipient for future use.
|
2015-10-01 12:50:19 -07:00 |
|
Adam Ierymenko
|
9405150b11
|
Restore group announcement on Peer::receive() but centralize packet composition in one place.
|
2015-10-01 11:37:02 -07:00 |
|
Adam Ierymenko
|
a3db7d0728
|
Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things.
|
2015-10-01 11:11:52 -07:00 |
|
Adam Ierymenko
|
f69454ec98
|
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
|
2015-09-24 16:21:36 -07:00 |
|
Adam Ierymenko
|
307e44f7c8
|
Two for one! (std::map removal)
|
2015-09-04 14:14:32 -07:00 |
|
Adam Ierymenko
|
d1341578d8
|
... and another one!
|
2015-09-04 13:53:48 -07:00 |
|
Adam Ierymenko
|
7b8ce16057
|
Another std::map<> dies.
|
2015-09-04 13:42:19 -07:00 |
|
Adam Ierymenko
|
778c7e6e70
|
More cleanup to direct path push, comment fixes, etc.
|
2015-07-07 10:00:34 -07:00 |
|
Adam Ierymenko
|
f398952a6c
|
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
|
2015-07-07 08:14:41 -07:00 |
|
Adam Ierymenko
|
57c7992c78
|
GitHub issue #191 - kill intra-network multicast rate limits (which were not well supported or easily configurable anyway) -- this is really left over from the old collaborative multicast propagation algorithm. New algorithm (in for a while) has been sender-side replication in which sender "pays" all bandwidth, which intrinsically limits multicast.
|
2015-06-26 12:36:45 -07:00 |
|
Adam Ierymenko
|
5e3c6d9e0d
|
Some nodeJS work, and apply fix from GitHub issue #166 plus a small optimization to avoid repeated calls to _allMulticastGroups().
|
2015-05-25 14:21:05 -07:00 |
|
Adam Ierymenko
|
bdce679d84
|
Should fix deadlock issue in GitHub issue #166
|
2015-05-13 16:55:18 -07:00 |
|
Adam Ierymenko
|
6369c264e2
|
Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency.
|
2015-04-15 15:12:09 -07:00 |
|
Adam Ierymenko
|
1c9ca73065
|
Fix some deadlock issues, move awareness of broadcast subscription into core, other bug fixes.
|
2015-04-15 13:09:20 -07:00 |
|
Adam Ierymenko
|
67f1f1892f
|
Bunch of tap stuff, IP address assignment hookups, etc.
|
2015-04-14 17:57:51 -07:00 |
|
Adam Ierymenko
|
4d5a6a25d3
|
Add events for packet decode errors, etc., and re-implement TRACE as an event.
|
2015-04-08 16:49:21 -07:00 |
|
Adam Ierymenko
|
bf2ff964e1
|
Utils::now() removal and a bunch of compile fixes.
|
2015-04-08 15:26:45 -07:00 |
|
Adam Ierymenko
|
76ad19f411
|
Use binary_search for multicast groups, which are kept in sorted order.
|
2015-04-06 19:41:55 -07:00 |
|