Adam Ierymenko
|
2cb760e0ac
|
Fix ICMP json.
|
2016-10-13 14:14:46 -07:00 |
|
Adam Ierymenko
|
2d6a4e5974
|
cleanup
|
2016-10-13 13:52:45 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
f0794e09b7
|
Controller cleanup.
|
2016-09-30 13:04:26 -07:00 |
|
Adam Ierymenko
|
1eeebba2f7
|
Drop old /active path from network.
|
2016-09-29 17:59:27 -07:00 |
|
Adam Ierymenko
|
2fc3d12fb6
|
Minor tweaks to member code in controller, and fix Linux build.
|
2016-09-29 14:48:39 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
7a00036954
|
Tweak log length to fit JSON for members within two 4096-kb blocks.
|
2016-08-29 18:10:02 -07:00 |
|
Adam Ierymenko
|
914c42537c
|
Type fixes.
|
2016-08-29 17:48:36 -07:00 |
|
Adam Ierymenko
|
297b1b4258
|
Another tiny API bug fix.
|
2016-08-26 14:16:55 -07:00 |
|
Adam Ierymenko
|
35ac995d05
|
Fix setting of v6AssignMode in controller.
|
2016-08-26 14:04:27 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
858e8c5217
|
one more...
|
2016-08-25 16:28:54 -07:00 |
|
Adam Ierymenko
|
df1ce856c9
|
A little bit more controller code cleanup.
|
2016-08-25 16:25:28 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
1814016eb7
|
Add daemon thread to controller and move network member cache refreshes there.
|
2016-08-25 11:26:45 -07:00 |
|
Adam Ierymenko
|
6ecb42b031
|
docs and null check in controller code
|
2016-08-25 10:46:03 -07:00 |
|
Adam Ierymenko
|
60bc291414
|
Add noAutoAssignIps for member of networks.
|
2016-08-24 17:05:43 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
8d594f8b53
|
cleanup
|
2016-08-23 16:05:10 -07:00 |
|
Adam Ierymenko
|
5f4df0c6a9
|
Controller cleanup and perf improvements.
|
2016-08-23 15:30:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
4dce71879f
|
.
|
2016-08-18 18:18:50 -07:00 |
|
Adam Ierymenko
|
212a5af9a5
|
Capabilities and tags in POST JSON.
|
2016-08-18 14:37:56 -07:00 |
|
Adam Ierymenko
|
1cadbfb4d1
|
Little fixes.
|
2016-08-18 13:47:02 -07:00 |
|
Adam Ierymenko
|
f119c4a456
|
Cache network members for performance, add network non-persisted fields.
|
2016-08-18 12:59:48 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b7ebf6edbf
|
Cleanup and log how member was authorized.
|
2016-08-17 13:54:32 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
168b86fdcd
|
Controller docs and API fix.
|
2016-08-17 12:27:07 -07:00 |
|
Adam Ierymenko
|
a13f4d8353
|
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
|
2016-08-17 10:42:32 -07:00 |
|