Commit Graph

46 Commits

Author SHA1 Message Date
Adam Ierymenko
2cb760e0ac Fix ICMP json. 2016-10-13 14:14:46 -07:00
Adam Ierymenko
2d6a4e5974 cleanup 2016-10-13 13:52:45 -07:00
Adam Ierymenko
e53f63ca87 Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed. 2016-10-11 12:00:16 -07:00
Adam Ierymenko
45c4ccb153 Add a tags both equal match. 2016-10-05 16:38:42 -07:00
Adam Ierymenko
adeb7e7da0 Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want. 2016-10-05 12:54:46 -07:00
Adam Ierymenko
988049f39b Add new rule to rules engine: random match. 2016-09-30 14:07:00 -07:00
Adam Ierymenko
f0794e09b7 Controller cleanup. 2016-09-30 13:04:26 -07:00
Adam Ierymenko
1eeebba2f7 Drop old /active path from network. 2016-09-29 17:59:27 -07:00
Adam Ierymenko
2fc3d12fb6 Minor tweaks to member code in controller, and fix Linux build. 2016-09-29 14:48:39 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
68e549233d Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness). 2016-09-15 13:17:37 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61 rename SAMENESS to DIFFERENCE which is less confusing 2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b Add overlooked MATCH_ICMP to rule set. 2016-08-31 14:01:15 -07:00
Adam Ierymenko
7a00036954 Tweak log length to fit JSON for members within two 4096-kb blocks. 2016-08-29 18:10:02 -07:00
Adam Ierymenko
914c42537c Type fixes. 2016-08-29 17:48:36 -07:00
Adam Ierymenko
297b1b4258 Another tiny API bug fix. 2016-08-26 14:16:55 -07:00
Adam Ierymenko
35ac995d05 Fix setting of v6AssignMode in controller. 2016-08-26 14:04:27 -07:00
Adam Ierymenko
d637988ccf Fix chicken or egg problem in tags, and better filter debug instrumentation. 2016-08-25 18:21:20 -07:00
Adam Ierymenko
858e8c5217 one more... 2016-08-25 16:28:54 -07:00
Adam Ierymenko
df1ce856c9 A little bit more controller code cleanup. 2016-08-25 16:25:28 -07:00
Adam Ierymenko
b5e0d014ab Controller bug fixes 2016-08-25 16:08:40 -07:00
Adam Ierymenko
5eaf397a94 Add a debug log feature in the filter, which only works if enabled in Network.cpp. 2016-08-25 13:31:23 -07:00
Adam Ierymenko
1814016eb7 Add daemon thread to controller and move network member cache refreshes there. 2016-08-25 11:26:45 -07:00
Adam Ierymenko
6ecb42b031 docs and null check in controller code 2016-08-25 10:46:03 -07:00
Adam Ierymenko
60bc291414 Add noAutoAssignIps for member of networks. 2016-08-24 17:05:43 -07:00
Adam Ierymenko
ccea3d04d6 Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller. 2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency. 2016-08-24 13:37:57 -07:00
Adam Ierymenko
8d594f8b53 cleanup 2016-08-23 16:05:10 -07:00
Adam Ierymenko
5f4df0c6a9 Controller cleanup and perf improvements. 2016-08-23 15:30:36 -07:00
Adam Ierymenko
32fa061700 Compute credential TTL et al. 2016-08-23 13:02:59 -07:00
Adam Ierymenko
9a3c652a51 Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity. 2016-08-22 18:06:46 -07:00
Adam Ierymenko
b0d888d235 Signing of Capability and Tag objects. 2016-08-22 14:25:59 -07:00
Adam Ierymenko
4dce71879f . 2016-08-18 18:18:50 -07:00
Adam Ierymenko
212a5af9a5 Capabilities and tags in POST JSON. 2016-08-18 14:37:56 -07:00
Adam Ierymenko
1cadbfb4d1 Little fixes. 2016-08-18 13:47:02 -07:00
Adam Ierymenko
f119c4a456 Cache network members for performance, add network non-persisted fields. 2016-08-18 12:59:48 -07:00
Adam Ierymenko
faa9a06bf5 Controller fixes... 2016-08-17 17:37:37 -07:00
Adam Ierymenko
b7ebf6edbf Cleanup and log how member was authorized. 2016-08-17 13:54:32 -07:00
Adam Ierymenko
b72847d504 Finally implement network join auth tokens, at least at the protocol level. 2016-08-17 13:41:45 -07:00
Adam Ierymenko
168b86fdcd Controller docs and API fix. 2016-08-17 12:27:07 -07:00
Adam Ierymenko
a13f4d8353 We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.) 2016-08-17 10:42:32 -07:00