Joseph Henry
b02a41751c
Fix unresponsiveness when moving flows in balance-aware (See #1764 )
2022-11-02 08:46:11 -07:00
Joseph Henry
3b11915eab
Merge remote-tracking branch 'origin/expose-surface-addresses' into dev
2022-10-25 13:55:21 -07:00
travis laduke
82c799b9d1
Expose surface addresses in info json
...
Surface Addresses are the addresses that
the roots report back to you.
This is helpful for trouble shooting.
If you're behind NAT, the source port is different
than what zerotier is bound to.
If the list of surface address ports is larger than the list of
bound addresses, you are probably behind symmetric NAT.
Anways this can be added to later with a more simple
"easy" or "hard" nat computed message somewhere.
2022-10-25 11:25:21 -07:00
Joseph Henry
e1f60e3f83
Behavioral changes to multipath balance modes (See: #1745 and #1753 )
2022-10-09 23:07:16 -07:00
Adam Ierymenko
86a436e9bf
Small string fix.
2022-10-06 16:53:35 -04:00
Joseph Henry
bc521504ca
Improved multipath link monitoring
2022-09-20 14:27:34 -07:00
Joseph Henry
0797adf223
Improve output of bond list command
2022-09-16 13:43:34 -07:00
Joseph Henry
85698860ae
Merge branch 'dev-1734-policy-defaults' of https://github.com/grapexy/ZeroTierOne into grapexy-dev-1734-policy-defaults
2022-09-15 16:05:21 -07:00
Joseph Henry
50e131a4ff
Partial fix for discrepancy between docs and implementation
2022-09-15 15:56:23 -07:00
grapexy
b733bb8ead
Fix sanity checks overwriting custom policy parameters
2022-09-16 00:18:05 +04:00
Joseph Henry
e18d206248
Add warm spare feature for balance modes
2022-09-14 10:09:29 -07:00
Joseph Henry
66b70a8043
Prevent re-armoring of packets when in multipath broadcast mode
2022-09-07 15:03:02 -07:00
Joseph Henry
1d1843bf3b
Forget links if QoS verbs fail to arrive
2022-09-07 09:08:13 -07:00
Joseph Henry
0e23ba8f1a
Add logic short-circuit to avoid unnecessary bond rebuild logic when appropriate
2022-09-01 15:16:21 -07:00
Joseph Henry
b6074da498
Fix nonsensical equality comparison which may prevent certain links from being regarded as preferred in multipath scenarios
2022-08-29 16:03:48 -07:00
Anders Jenbo
7e92d478a1
Add missing <algorithm> include ( #1709 )
...
This is required for building under VS2017
2022-08-29 10:39:04 -07:00
Joseph Henry
ff670d044a
Fix integer format specifier compiler warnings
2022-08-09 21:19:16 -07:00
Joseph Henry
7ed5bde426
Fix for ab-mode link failure, QoS metrics (WIP)
2022-06-08 10:01:54 -07:00
Adam Ierymenko
e672dc8094
Set version to correct 1.10.0.
2022-06-06 16:18:50 -04:00
Joseph Henry
1a400d33fd
Fix link creation bug in active-backup mode
2022-05-18 10:04:53 -07:00
Joseph Henry
c34325fee7
Fix attribute placement for debugging functions ( #1587 )
2022-05-06 17:25:15 -07:00
Joseph Henry
db8443ef7d
Remove attributes causing build failures on various platforms ( #1587 )
2022-05-06 15:19:59 -07:00
Joseph Henry
6c85f8c7a7
Safely handle disappearing bonded interfaces (See issue #1587 )
2022-05-06 14:59:34 -07:00
David Baird
eea93d2607
Fix SEGV caused by format string on 32-bit platforms / armv7l, reported in #1587 ( #1658 )
...
Looks great. Thanks for this!
2022-05-06 09:11:47 -07:00
Joseph Henry
e9f8ecbf7e
Properly initialize active-backup path index as partial fix for #1587
2022-05-04 09:51:48 -07:00
Adam Ierymenko
166c7978ee
ALMOST compiles for ARM64 Windows, only remaining barrier is ring in zeroidc.
2022-04-27 12:19:42 -04:00
Joseph Henry
66236e91a2
Style fix
2022-04-26 08:26:45 -07:00
Adam Ierymenko
76bce44280
Build fix.
2022-04-19 21:30:36 -04:00
Adam Ierymenko
ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9.
2022-04-19 21:29:11 -04:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
2022-04-19 19:59:54 -04:00
Adam Ierymenko
fe0068da52
A bit more auth cleanup in the local node.
2022-04-19 16:34:46 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff.
2022-04-19 16:06:53 -04:00
Adam Ierymenko
877f86a896
build fix
2022-04-19 12:44:18 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
2022-04-19 12:41:38 -04:00
Adam Ierymenko
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.
2022-04-19 10:37:58 -04:00
Joseph Henry
7e4da53c0b
Check reference to failover path before use in active-backup scenario
2022-04-17 21:03:57 -07:00
Adam Ierymenko
fe376f6a1e
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev
2022-04-15 14:23:40 -04:00
Adam Ierymenko
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
2022-04-15 14:23:26 -04:00
Joseph Henry
99df637aae
Improve relationship between QOS timers and bucket sizes
2022-04-15 09:55:00 -07:00
Adam Ierymenko
a7dcfa18a2
Oops forgot last part of that fix for MAC errors.
2022-04-14 20:13:57 -04:00
Adam Ierymenko
4389b9feff
Likely fix for invalid MAC problem.
2022-04-14 20:10:20 -04:00
Joseph Henry
6f4a69703b
Fix ZT_SSO_SUPPORTED flag behavior. Allow disabling for embedded targets.
2022-03-31 21:45:38 -07:00
Adam Ierymenko
68c9398f71
Merge branch 'master' into dev
2022-03-10 15:48:47 -05:00
Adam Ierymenko
34a64f30de
Bump the peer cache serialization version due to path changes, will cause peers to be re-learned. Technically the peer cache is optional anyway so it's not going to break anything and should guard against weird issues due to path learning changes on restart.
2022-03-09 09:13:26 -05:00
Joseph Henry
3ead6b67cd
Dynamically scale bonded link monitor frequency according to aliveness
2022-03-02 14:58:31 -08:00
Joseph Henry
8148c658cf
Remove bonds for peers that have fully expired. Remove notion of bond health
2022-03-02 09:55:23 -08:00
Joseph Henry
1cf8a1f493
More accurate accounting of bond layer overhead traffic
2022-02-25 15:04:48 -08:00
Joseph Henry
bc2c4cf80a
Merge branch 'dev' of https://github.com/zerotier/zerotierone into dev
2022-02-25 11:39:21 -08:00
Joseph Henry
9933d83cf8
Merge pull request #1564 from zerotier/dev-whoami
...
Proactively seek, and distribute external surface addresses
This patch introduces a new "self-awareness" behavior which proactively queries peers for external surface addresses and distributes them via PUSH_DIRECT_PATHS. This has the effect of making ZT more responsive to interface changes.
Current behavior:
Previously, this type of information was only mediated via RENDEZVOUS and was only triggered when the client detected that it no longer had a single alive path to a peer. While PUSH_DIRECT_PATHS would correctly (and often) send local addresses, this was not the case for external addresses collected from response HELLOs. This would lead to situations where only one physical address would be distributed to peers. Additionally, if a new physical interface were to be made available to the client, the client would correctly bind to it but never seek information about its external mapping from a peer, and thus the new physical interface would remain unavailable for other peers to learn about until all paths on the previous interface have expired which can take a couple of minutes. In traditional usage of ZT this is not usually a problem, but it becomes a problem in the following scenarios:
Network interfaces go up and down while ZT is running (e.g. switching to LTE or WiFi from a wired connection)
Network interfaces are added or removed in multipath setups
Proposed behavior:
I propose that normal full HELLOs are sent not only on the first interface in use, but all interfaces. This causes planets to respond with a HELLO containing the surface address for each interface. We then collect each address using SelfAwareness::whoami() and distribute them via the normal PUSH_DIRECT_PATHS mechanism.
2022-02-25 11:30:45 -08:00
Joseph Henry
1918c29fd7
Change ECHO divisor from 20 to 6
2022-02-25 11:29:07 -08:00
Joseph Henry
618202d426
Increase min failover to 500 ms and probe period to 1/3rd of failover
2022-02-25 10:52:39 -08:00
Joseph Henry
d1335dca11
Change ECHO rate-limit divsor from 16 to 20
2022-02-21 16:22:33 -08:00
Joseph Henry
5e13b42abc
Rate gate ECHO per Path instead of per Peer
2022-02-21 14:37:39 -08:00
Joseph Henry
96aa1c30a6
Proactively seek, enumerate, and distribute external surface addresses
2022-02-17 15:39:17 -08:00
Joseph Henry
1b0c183913
Force non-leaf peers into local active-backup bond when multipath is enabled
2022-02-17 15:16:33 -08:00
Joseph Henry
40269c2a97
Comment out debug traces
2022-02-16 20:39:18 -08:00
Adam Ierymenko
3c85a7f074
Rev roots.
2022-02-15 09:13:58 -05:00
Joseph Henry
f9c84c8c52
Remove stray debug trace
2022-02-08 15:32:25 -08:00
Grant Limberg
aa97aabb4e
for now, only enable sso on certain platforms
...
mac, windows, linux x86/x86_64/aarch64
2022-02-01 11:07:37 -08:00
Joseph Henry
4190318c85
Fix typo in constant name
2022-01-28 10:41:21 -08:00
Joseph Henry
2f554fd6f8
Merge pull request #1552 from Shawn8410/master
...
FIX: fix wrong flag usage of rateGateCredentialsReceived
2022-01-28 10:12:16 -08:00
Shawn
ae93cccde6
FIX: fix wrong flag usage of rateGateCredentialsReceived
2022-01-27 11:59:21 +08:00
Joseph Henry
46e955e3a1
Split bond logs into two categories to reduce logging size
2022-01-26 15:14:02 -08:00
Joseph Henry
2850f131e2
Fix code style
2022-01-25 18:03:36 -08:00
Grant Limberg
d719137565
temp workaround for oidc auth dropping issue
...
Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED. This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
2022-01-20 09:44:56 -08:00
Grant Limberg
dceba1f2f1
Merge branch 'dev' into zeroidc
2022-01-05 08:35:15 -08:00
Grant Limberg
73878fbdc4
Merge pull request #1531 from StephenCWills/mingw32-disable-salsasse
...
Disable Salsa20 SSE on MinGW 32-bit compiler
2022-01-04 17:42:40 -08:00
staphen
87d17088cc
Disable Salsa20 SSE on MinGW 32-bit compiler
2022-01-04 20:39:08 -05:00
Grant Limberg
cc6c48fca8
Merge pull request #1525 from StephenCWills/lowercase-windows-headers
...
Use lowercase when including Windows headers
2022-01-04 17:11:51 -08:00
staphen
1c956494a4
Use lowercase when including Windows headers
2021-12-29 16:29:08 -05:00
Grant Limberg
eee31605b1
Merge branch 'dev' into zeroidc
2021-12-15 14:17:26 -08:00
Andrej Binder
aeec7dae36
Prevent arithmetic error on interface change.
2021-12-15 22:22:02 +01:00
Adam Ierymenko
fa58909d44
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev
2021-12-15 12:32:41 -05:00
Adam Ierymenko
06ed114fb6
Release notes and GitHub issue #1512
2021-12-15 12:32:28 -05:00
Joseph Henry
bdef9d3bd7
Fix situation where too many ECHOs are sent to multipath peer
2021-12-14 21:20:58 -08:00
Joseph Henry
b154b7296c
Improve multipath logging output
2021-12-14 21:13:19 -08:00
Joseph Henry
1c6fd4125d
Fix custom policy parsing bug mentioned in issue #1507
2021-12-14 11:49:43 -08:00
Joseph Henry
e9375b50b0
Prevent path-amnesia
2021-12-13 11:54:23 -08:00
Joseph Henry
1f43a736b2
Fix active-backup path selection bug
2021-12-09 13:43:52 -08:00
Joseph Henry
05a0a20197
Fix multipath flow reallocation. Prevent allocation to dead paths
2021-12-08 14:32:58 -08:00
Grant Limberg
48b39ab005
removing comments
2021-12-03 17:46:37 -08:00
Grant Limberg
1192b1b422
refresh token run loop
...
Need central-side work to complete
2021-12-03 15:44:04 -08:00
Grant Limberg
663a09b38d
oidc stuff coming across the wire properly and generating a working login URL
2021-12-01 13:01:32 -08:00
Grant Limberg
eaccce743f
moar plumbing progress
2021-12-01 12:07:05 -08:00
Grant Limberg
7cce23ae79
wip
2021-12-01 10:44:29 -08:00
Grant Limberg
9ef75c0e13
Merge branch 'dev' into zeroidc
2021-11-29 14:12:10 -08:00
Grant Limberg
91e9b736dd
make service objs dependent on zeroidc
2021-11-18 10:42:12 -08:00
Adam Ierymenko
1ef385b685
Spinlock removed, causes long standing issues on single core machines.
2021-11-12 16:44:54 -05:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
...
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
4d021e16a5
update field lengths
2021-11-08 09:30:13 -08:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network
2021-11-04 15:40:08 -07:00
Joseph Henry
cc6de583be
Prevent balance-xor from de-allocating from bad paths
2021-10-20 10:48:07 -07:00
Joseph Henry
9e8de2a702
Compilation fix
2021-10-01 11:19:04 -07:00
Joseph Henry
165757176a
Potential fix fro deadlock bug
2021-10-01 11:11:20 -07:00
Adam Ierymenko
9bc79f94df
Revert "Don't assume roots validated the identity, just in case they did not."
...
This reverts commit 39b97f9163
.
2021-09-20 22:05:49 -04:00
Adam Ierymenko
a0239e17e9
Revert "Use a faster method of fingerprinting identities."
...
This reverts commit b72e5e8386
.
2021-09-20 22:05:39 -04:00
Adam Ierymenko
b72e5e8386
Use a faster method of fingerprinting identities.
2021-09-20 20:02:39 -04:00
Adam Ierymenko
3f49570f45
Remove ancient controller support.
2021-09-20 18:38:29 -04:00
Adam Ierymenko
7c3166e9be
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
2021-09-20 18:26:49 -04:00
Adam Ierymenko
39b97f9163
Don't assume roots validated the identity, just in case they did not.
2021-09-20 16:15:59 -04:00