Commit Graph

152 Commits

Author SHA1 Message Date
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko
daf8a66ced More correct and efficient to initialize member relationship push stuff lazily when member is learned. 2016-09-07 15:47:20 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
f0636ffd4a EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule. 2016-08-29 15:54:06 -07:00
Adam Ierymenko
2cdda38dc4 It basically works... at least on current controllers. 2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6 Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller. 2016-08-24 14:28:16 -07:00
Adam Ierymenko
0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00
Adam Ierymenko
4d498b3765 Handling of multi-part chunked network configs on the inbound side. 2016-08-09 13:14:38 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first. 2016-08-08 16:50:00 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
37d139177d Integrate Filter into OutboundMulticast properly. 2016-08-04 13:01:14 -07:00
Adam Ierymenko
e09c1a1c11 Big refactor mostly builds. We now have a uniform backward compatible netconf. 2016-06-16 12:28:43 -07:00
Adam Ierymenko
4446dbde5e Big refactor in service code to prep for plumbing through route management. 2016-06-14 10:09:26 -07:00
Adam Ierymenko
90e1262a8b More refactoring to remove old Dictionary dependencies. 2016-04-26 08:20:03 -07:00
Adam Ierymenko
2f18a92e20 Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route. 2016-04-19 12:09:35 -07:00
Adam Ierymenko
51fecc0be9 Refactor Network for new NetworkConfig. 2016-04-12 12:16:29 -07:00
Adam Ierymenko
6f854c8391 NetworkConfig refactor part 1 2016-04-12 12:11:34 -07:00
Adam Ierymenko
4e4fd51117 boring doc stuff 2016-01-12 14:04:55 -08:00
Adam Ierymenko
3883ac08c7 Docs and cleanup. 2016-01-12 13:17:30 -08:00
Adam Ierymenko
d6f0f1a82a Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup. 2016-01-12 11:34:22 -08:00
Adam Ierymenko
83ef98a9dc Add a network-associated user ptr in API. 2016-01-12 11:04:35 -08:00
Adam Ierymenko
35676217e8 Refactor multicast group announcement to work directly or indirectly. 2015-10-23 14:50:07 -07:00
Adam Ierymenko
d6676a9d6c Always announce multicast groups, not just to peers with direct links, and push network COMs to any MULTICAST_LIKE recipient for future use. 2015-10-01 12:50:19 -07:00
Adam Ierymenko
9405150b11 Restore group announcement on Peer::receive() but centralize packet composition in one place. 2015-10-01 11:37:02 -07:00
Adam Ierymenko
a3db7d0728 Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things. 2015-10-01 11:11:52 -07:00
Adam Ierymenko
f69454ec98 (1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses. 2015-09-24 16:21:36 -07:00
Adam Ierymenko
307e44f7c8 Two for one! (std::map removal) 2015-09-04 14:14:32 -07:00
Adam Ierymenko
d1341578d8 ... and another one! 2015-09-04 13:53:48 -07:00
Adam Ierymenko
7b8ce16057 Another std::map<> dies. 2015-09-04 13:42:19 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
f398952a6c Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter. 2015-07-07 08:14:41 -07:00
Adam Ierymenko
57c7992c78 GitHub issue #191 - kill intra-network multicast rate limits (which were not well supported or easily configurable anyway) -- this is really left over from the old collaborative multicast propagation algorithm. New algorithm (in for a while) has been sender-side replication in which sender "pays" all bandwidth, which intrinsically limits multicast. 2015-06-26 12:36:45 -07:00
Adam Ierymenko
5e3c6d9e0d Some nodeJS work, and apply fix from GitHub issue #166 plus a small optimization to avoid repeated calls to _allMulticastGroups(). 2015-05-25 14:21:05 -07:00
Adam Ierymenko
bdce679d84 Should fix deadlock issue in GitHub issue #166 2015-05-13 16:55:18 -07:00
Adam Ierymenko
6369c264e2 Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency. 2015-04-15 15:12:09 -07:00
Adam Ierymenko
1c9ca73065 Fix some deadlock issues, move awareness of broadcast subscription into core, other bug fixes. 2015-04-15 13:09:20 -07:00
Adam Ierymenko
67f1f1892f Bunch of tap stuff, IP address assignment hookups, etc. 2015-04-14 17:57:51 -07:00
Adam Ierymenko
4d5a6a25d3 Add events for packet decode errors, etc., and re-implement TRACE as an event. 2015-04-08 16:49:21 -07:00
Adam Ierymenko
bf2ff964e1 Utils::now() removal and a bunch of compile fixes. 2015-04-08 15:26:45 -07:00
Adam Ierymenko
76ad19f411 Use binary_search for multicast groups, which are kept in sorted order. 2015-04-06 19:41:55 -07:00