Adam Ierymenko
90e1262a8b
More refactoring to remove old Dictionary dependencies.
2016-04-26 08:20:03 -07:00
Adam Ierymenko
368efaa2ba
Kill some old debug code.
2016-04-19 12:55:48 -07:00
Adam Ierymenko
2f18a92e20
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
2016-04-19 12:09:35 -07:00
Adam Ierymenko
4c455876f9
Revise peer path weighting to always prioritize cluster-optimal paths.
2016-04-19 09:22:51 -07:00
Adam Ierymenko
cecfa99b7b
(1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4)
2016-04-18 16:44:23 -07:00
Adam Ierymenko
ad1e83d8b9
Refactor IncomingPacket for new NetworkConfig
2016-04-12 12:32:33 -07:00
Adam Ierymenko
fe3a84a422
Fix problems with previous commit.
2016-03-03 14:15:09 -08:00
Adam Ierymenko
7b5c1696eb
Fix a CIRCUIT_TEST bug in forwarding of tests along hop paths on private networks. Unfortunately this means full circuit testing for private nets will need an upgrade. :(
2016-02-23 14:56:51 -08:00
Adam Ierymenko
c7c61b4ac0
Fix checking of path address validity.
2016-02-22 16:01:35 -08:00
Adam Ierymenko
43fff1a87e
Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this.
2016-02-22 12:59:26 -08:00
Adam Ierymenko
2aa7138373
Reduce direct ping delay back to 1m and make SelfAwareness aware of local received-on address to eliminate false symmetric classification.
2016-02-22 09:47:50 -08:00
Adam Ierymenko
4e4fd51117
boring doc stuff
2016-01-12 14:04:55 -08:00
Adam Ierymenko
83ef98a9dc
Add a network-associated user ptr in API.
2016-01-12 11:04:35 -08:00
Adam Ierymenko
b3e3d4cacc
Instead of using binary packet comparison, add a callback to the API to explicitly check whether paths should be used. Check in with this callback (if present) when learning new paths or sending initial packets.
2016-01-11 10:17:44 -08:00
Adam Ierymenko
1023ef23b7
Remove somewhat ugly and costly anti-recursion hack -- we will switch to more explicit methods.
2016-01-11 09:06:10 -08:00
Adam Ierymenko
a56fbc1929
Close another potential anti-recursion loophole.
2016-01-06 15:35:27 -08:00
Adam Ierymenko
d8143a5e18
Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev)
2016-01-05 16:41:54 -08:00
Adam Ierymenko
436c1fac1d
Selectively move over changes from "edge" to "dev" excluding netcon.
2015-12-21 16:15:39 -08:00
Adam Ierymenko
94f4316a0e
Fix for possible high CPU usage on multicast queries.
2015-11-09 14:54:05 -08:00
Adam Ierymenko
57b71bfff0
Cluster simplification and refactor work in progress...
2015-11-08 13:57:02 -08:00
Adam Ierymenko
5f39d5b7ea
Further pare down Cluster messaging and rename some stuff.
2015-11-06 14:37:17 -08:00
Adam Ierymenko
8ef4edebbf
Deferred decode for HELLO to prevent HELLOcalypse under high load of new peers.
2015-11-05 12:22:58 -08:00
Adam Ierymenko
f1b6427e63
Decided to make this 1.1.0 (semantic versioning increment is warranted), and add a legacy hack for older clients working with clusters.
2015-11-02 09:32:56 -08:00
Adam Ierymenko
938d0a970b
TRACE build fixes.
2015-10-28 10:01:32 -07:00
Adam Ierymenko
da93712846
Clean up PUSH_DIRECT_PATH limits a bit more and make them a bit smarter.
2015-10-28 09:11:30 -07:00
Adam Ierymenko
cdc99bfee1
Add a circuit breaker for VERB_PUSH_DIRECT_PATHS.
2015-10-27 18:18:26 -07:00
Adam Ierymenko
88b100e5d0
More cleanup.
2015-10-27 17:59:17 -07:00
Adam Ierymenko
16bc3e0398
Factor out RemotePath subclass of Path -- no longer needed, just cruft.
2015-10-27 15:00:16 -07:00
Adam Ierymenko
a1a0ee4edb
Fix infinite loop in Cluster, clean up some stuff elsewhere, and back out rate limiting in PUSH_DIRECT_PATHS for now (but we will do something else to mitigate amplification attacks)
2015-10-27 12:01:00 -07:00
Adam Ierymenko
54a99d8e32
Well that was broken.
2015-10-27 11:14:07 -07:00
Adam Ierymenko
700c3166b7
Fix inverted sense bug.
2015-10-27 10:51:11 -07:00
Adam Ierymenko
9617208e40
Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers.
2015-10-27 09:53:43 -07:00
Adam Ierymenko
2258e36a59
Move replication of COMs to avoid race condition.
2015-10-20 16:34:21 -07:00
Adam Ierymenko
59e1444b27
Finish wiring up Cluster, fix some issues with other recent changes.
2015-10-20 16:31:41 -07:00
Adam Ierymenko
eb79d4a2f3
Wire up peer announcement in cluster.
2015-10-20 16:24:21 -07:00
Adam Ierymenko
57e29857cf
Cluster work -- integrating with the rest of the code.
2015-10-20 15:27:53 -07:00
Adam Ierymenko
3adb183c5f
Fix bad COM attachment bug and eliminate an unnecessary redundant check.
2015-10-19 13:38:27 -07:00
Adam Ierymenko
95953b48f9
Do not allow VERB_RENDEZVOUS from non-upstream peers to block potential DOS vector.
2015-10-19 12:56:29 -07:00
Adam Ierymenko
5ce3aac929
Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation.
2015-10-16 10:28:09 -07:00
Adam Ierymenko
2debde3451
GitHub issue #235 , and I also see no reason not to communicate with people from other Worlds.
2015-10-15 07:22:17 -07:00
Adam Ierymenko
c312ae221f
Fix for world size in OK(HELLO)
2015-10-14 10:45:33 -07:00
Adam Ierymenko
123c466843
Full integration of World and World updates.
2015-10-13 12:17:47 -07:00
Adam Ierymenko
5d2f523e81
World stuff...
2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1
More World stuff, and mkworld.
2015-10-13 08:49:36 -07:00
Adam Ierymenko
1b1945c63e
Work in progress on refactoring root-topology into World and adding in-band updates.
2015-10-12 18:25:29 -07:00
Adam Ierymenko
eff1fe3c61
Create files for each hop (more convenient) and fix a packet parse bug.
2015-10-09 16:22:34 -07:00
Adam Ierymenko
aec13b50fd
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
2015-10-09 15:05:26 -07:00
Adam Ierymenko
0c498556d5
Unroll Salsa20 fully for a little more speed (non-SSE now almost as fast as SSE)
2015-10-09 09:39:27 -07:00
Adam Ierymenko
a3876353ca
Abiltiy to post a test via the controller web API, and parsing of CIRCUIT_TEST_REPORT messages.
2015-10-08 13:25:38 -07:00
Adam Ierymenko
0ce0bc00d2
Make sure received() gets called for some new messages, and docs.
2015-10-07 16:20:54 -07:00
Adam Ierymenko
69b44bf9a5
Finally add an ECHO.
2015-10-07 16:11:50 -07:00
Adam Ierymenko
73cafbe0ec
Limit proof of work difficulty to something sane.
2015-10-07 13:46:44 -07:00
Adam Ierymenko
e5f168f599
Add proof of work request for future DDOS mitigation use.
2015-10-07 13:35:46 -07:00
Adam Ierymenko
13f14c2f4c
Kill debug line.
2015-10-07 10:56:47 -07:00
Adam Ierymenko
ab0228f626
More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class.
2015-10-07 10:30:47 -07:00
Adam Ierymenko
1b2cac0cc5
Trim some cruft that is not used and probably never would be.
2015-10-07 09:38:33 -07:00
Adam Ierymenko
3593fb3462
Send initial CIRCUIT_TEST packet.
2015-10-06 15:16:41 -07:00
Adam Ierymenko
d3f29d09e8
Plumbing through circuit test stuff.
2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd
Handling of CIRCUIT_TEST, should be ready to test.
2015-10-06 11:47:16 -07:00
Adam Ierymenko
a3db7d0728
Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things.
2015-10-01 11:11:52 -07:00
Adam Ierymenko
1a4f16e0ed
More work on circuit testing...
2015-09-30 13:59:05 -07:00
Adam Ierymenko
f69454ec98
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c
Plumb through localInterfaceId to track local interfaces corresponding with remote addresses.
2015-09-23 13:49:56 -07:00
Adam Ierymenko
0d386f1c31
Add a bit of useful testing instrumentation to SqliteNetworkController.
2015-09-08 11:35:55 -07:00
Adam Ierymenko
b31071463c
Try another NAT traversal improvement.
2015-07-28 11:28:47 -07:00
Adam Ierymenko
b3516c599b
Add a rate limiting circuit breaker to the network controller to prevent flooding attacks and race conditions.
2015-07-23 10:10:17 -07:00
Adam Ierymenko
3ba54c7e35
Eliminate some poorly thought out optimizations from the netconf/controller interaction,
...
and go ahead and bump version to 1.0.4.
For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.
Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.
It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.
A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.
I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
2015-07-23 09:50:10 -07:00
Adam Ierymenko
0b354803f3
Clean up some YAGNI issues with implementation of GitHub issue #180 , and make best path choice aware of path rank.
2015-07-13 10:03:04 -07:00
Adam Ierymenko
0b9524f23d
Merge branch 'adamierymenko-dev' of http://git.int.zerotier.com/zerotier/zerotierone into adamierymenko-dev
2015-07-13 09:30:02 -07:00
Adam Ierymenko
4bf3bcbd55
Fixes to PUSH_DIRECT_PATHS.
2015-07-13 09:29:51 -07:00
Adam Ierymenko
3f0eca72f7
ZT_TRACE build fix.
2015-07-13 08:36:22 -07:00
Adam Ierymenko
412389ec75
Implement ERROR_UNWATNED_MULTICAST
2015-07-07 11:49:38 -07:00
Adam Ierymenko
778c7e6e70
More cleanup to direct path push, comment fixes, etc.
2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02
A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable.
2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
2015-07-07 08:14:41 -07:00
Adam Ierymenko
6da9d2d36f
Remove debug printf().
2015-07-06 17:23:22 -07:00
Adam Ierymenko
f881cdd767
Add new .h file to VS build, and Windows side of local interface address enumeration.
2015-07-06 17:22:37 -07:00
Adam Ierymenko
79e9a8bcc2
Almost everything for GitHub issue #180 except direct path map setup.
2015-07-06 15:28:48 -07:00
Adam Ierymenko
fad9dff2db
Almost all of GitHub issue #180
2015-07-06 15:05:04 -07:00
Adam Ierymenko
e5f7c55c54
Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch.
2015-07-06 12:34:35 -07:00
Adam Ierymenko
7bae95836c
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
2015-06-19 10:23:25 -07:00
Adam Ierymenko
87bb0086de
Almost certain fix for GitHub issue #184 on -dev
2015-06-17 12:46:12 -07:00
Kees Bos
a425bbc673
Renamed supernode to rootserver
2015-05-06 12:05:20 +02:00
Adam Ierymenko
5341e32729
Fix to GitHub issue #140 -- network preferred relays. Also go ahead and allow RENDEZVOUS from regular peers.
2015-06-01 19:05:27 -07:00
Adam Ierymenko
d9006712f6
Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world.
2015-05-21 15:58:26 -07:00
Adam Ierymenko
b4b067bf12
So we need to keep track of external surface per reporter, since some NATs assign different external IPs for each external destination. Keeping just one known surface could create a race condition.
2015-05-04 18:34:30 -07:00
Adam Ierymenko
d3820049b8
Add reported external address to OK(HELLO) TRACE to verify SN behavior.
2015-04-30 18:25:31 -07:00
Adam Ierymenko
9eb7698f0e
Learn external IP addresses on OK(HELLO) too.
2015-04-30 16:40:04 -07:00
Adam Ierymenko
f5848972f9
Windows now builds and runs selftest correctly, and fixed a Windows (and possibly other platforms) issue in Phy<>.
2015-04-24 15:05:28 -07:00
Adam Ierymenko
417f56de2f
Add some TRACE instrumentation to external surface address awareness.
2015-04-17 12:19:01 -07:00
Adam Ierymenko
ea1859541c
More cleanup, and fix for the extremely unlikely case of identity collision.
2015-04-15 18:32:25 -07:00
Adam Ierymenko
6369c264e2
Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency.
2015-04-15 15:12:09 -07:00
Adam Ierymenko
98bcc3d4b5
Disable a few noisy TRACEs, and limit how often we confirm new paths to avoid flooding.
2015-04-15 13:15:09 -07:00
Adam Ierymenko
068d311ecc
TRACE compile fixes, other fixes, and it basically works! It says HELLO.
2015-04-09 20:54:00 -07:00
Adam Ierymenko
4d5a6a25d3
Add events for packet decode errors, etc., and re-implement TRACE as an event.
2015-04-08 16:49:21 -07:00
Adam Ierymenko
52c3b7c34e
Implemented empirical determination of external addressing, paritioned per scope.
2015-04-07 11:56:10 -07:00
Adam Ierymenko
817824b88b
Some external surface awareness work, and IP scope classification.
2015-04-07 10:57:59 -07:00
Adam Ierymenko
a2821e9000
Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz.
2015-04-06 20:17:21 -07:00
Adam Ierymenko
f4fd2d4971
Bring IncomingPacket into line with new changes.
2015-04-06 14:50:53 -07:00
Adam Ierymenko
1f28ce3980
Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc.
2015-04-01 19:09:18 -07:00
Adam Ierymenko
b6fba5934a
RedisNetworkConfigMaster in its own folder. Also fix some hex/decimal Redis database confusion.
2015-02-24 14:17:57 -08:00
Adam Ierymenko
ff255a34de
Make NetworkConfigMaster a plugin to get Redis and other non-endpoint code out of node/
2015-02-24 12:28:58 -08:00
Adam Ierymenko
93012b0ee5
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
2015-02-17 13:11:34 -08:00
Adam Ierymenko
b1bf3f68c3
Drop support for legacy P5 multicast, as there are fewer than 1% of these remaining on the network.
2015-02-02 16:34:01 -08:00
Adam Ierymenko
0b84c10ccc
Add confirmation step to new netconf, with the caveat that it will be disabled for older netconf servers to avoid race. Also add some comments.
2015-01-09 16:35:20 -05:00
Adam Ierymenko
afea153a0b
Build fixes.
2015-01-08 18:17:02 -05:00
Adam Ierymenko
64ba596e0b
C++ network config master ready to test.
2015-01-08 14:27:55 -08:00
Adam Ierymenko
4e95384ad6
Cleanup, add tristate to config code in Network, and happy new year!
2015-01-05 17:47:59 -08:00
Adam Ierymenko
56cfe1d603
Strip out old Service code, add new service message type.
2015-01-05 11:47:22 -08:00
Adam Ierymenko
ff539c22f9
locallyValidate() is expensive -- stop doing it on every HELLO since in most cases we already know the identity and know it is valid
2014-12-16 09:29:40 -08:00
Adam Ierymenko
8c64046a53
docs
2014-11-26 14:59:43 -08:00
Adam Ierymenko
15d3e383e6
Add ZT_SUPPORT_LEGACY_MULTICAST ifdef to enable the legacy code to all be toggled.
2014-11-25 12:46:51 -08:00
Adam Ierymenko
7619b0ecbd
Send multicasts in random order.
...
This should not affect most users, but on large networks it should cause service
announcements to work a lot better. This is the result of a prolonged discussion
with a user about the visibility of game servers on a large network. The old
multicast algorithm was de-facto randomized due to its distributed nature, while
the new algorithm is more deterministic. This will restore some randomization
beyond limit-overflow conditions.
It won't affect small networks at all.
2014-11-21 10:50:27 -08:00
Adam Ierymenko
c61e9c0ef9
Prevent "software laser" in legacy multicast support. Already hotpatched in supernodes.
2014-11-13 14:21:06 -05:00
Adam Ierymenko
5484cf4309
More cleanup, and fix a bug in Multicaster::gather()
2014-10-29 16:24:19 -07:00
Adam Ierymenko
22d8aa4dc9
Moderate efficiency improvement on multicast gather result parsing, and go ahead and keep track of total known peers.
2014-10-29 15:26:32 -07:00
Adam Ierymenko
0e47f13f14
Simplify locking semantics some more to address a deadlock.
2014-10-21 10:42:04 -07:00
Adam Ierymenko
42d644a57e
More fixes to legacy support, and to a potential issue on quit.
2014-10-14 12:37:35 -07:00
Adam Ierymenko
2416491cbc
Permanently retire peers.persist, but make iddb.d always enabled instead since identities are what we really want to cache.
2014-10-13 14:12:51 -07:00
Adam Ierymenko
8b0846d077
Delete bunch of commented out code.
2014-10-11 16:53:21 -07:00
Adam Ierymenko
0d017c043f
Stop persisting last announcement time since Multicaster is volatile. Also some more legacy multicast fixes.
2014-10-11 16:26:02 -07:00
Adam Ierymenko
c2aac69a9f
Fixes to legacy peer support.
2014-10-11 15:49:31 -07:00
Adam Ierymenko
e071c05f1b
Add a sanity limit to legacy multicast repeater function in supernode-mode nodes, and change netconf-master to issue multicast limit (ml) instead of old p5 stuff.
2014-10-10 14:59:07 -07:00
Adam Ierymenko
1774e615a1
<= MTU
2014-10-10 09:09:56 -07:00
Adam Ierymenko
56f8f8aa24
Return self in GATHER requests if self is a member of multicast group, and reinstate legacy support.
2014-10-09 18:32:05 -07:00
Adam Ierymenko
4941c8a1f3
New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes.
2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4
Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership.
2014-10-09 12:42:25 -07:00
Adam Ierymenko
620e64c58f
Supernode propagation of legacy multicast frames was brokezored.
2014-10-09 09:03:12 -07:00
Adam Ierymenko
87f1b1b1e3
Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way.
2014-10-06 13:16:16 -07:00
Adam Ierymenko
ab22feba9a
Bump version to 1.0.0, add legacy support code to Multicaster to not send new frame to known-to-be-old peers.
2014-10-05 10:34:25 -07:00
Adam Ierymenko
3f7e7e8a88
Do not multicast to self.
2014-10-03 18:42:41 -07:00
Adam Ierymenko
1109046782
Last steps before test: parse OK(MULTICAST_GATHER) and OK(MULTICAST_FRAME)
2014-10-02 13:50:37 -07:00
Adam Ierymenko
49dc47ff38
Make multicast gathering a bit smarter.
2014-10-02 11:35:37 -07:00
Adam Ierymenko
23836d4c11
Change "encrypted" flag to full cipher suite selector. Go ahead and reserve AES256-GCM which might be added in the future.
2014-10-02 10:54:34 -07:00
Adam Ierymenko
e53d208ea4
Improve security posture by eliminating non-const data() accessor from Buffer.
2014-10-02 10:06:29 -07:00
Adam Ierymenko
28646eee0a
A bit more IncomingPacket cleanup... almost ready to test, just need OK() handling.
2014-10-01 16:29:52 -07:00
Adam Ierymenko
ea6124dd2f
IncomingPacket builds!
2014-09-30 17:33:20 -07:00
Adam Ierymenko
b41437780b
Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket...
2014-09-30 17:26:34 -07:00
Adam Ierymenko
2659427864
Multicaster needs to be global, not per-network, and a bunch of other stuff.
2014-09-30 16:28:25 -07:00
Adam Ierymenko
ed0ba49502
A few more revisions to new multicast verbs.
2014-09-26 14:18:25 -07:00
Adam Ierymenko
81b12b6826
Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables.
2014-09-24 13:53:03 -07:00
Adam Ierymenko
557801a09e
Rename PacketDecoder to much more descriptive IncomingPacket
2014-09-24 09:04:09 -07:00
Adam Ierymenko
9180a30986
.
2014-09-24 09:01:58 -07:00