Adam Ierymenko
bd15262e54
Bunch of rule JSON stuff.
2016-08-15 18:49:50 -07:00
Adam Ierymenko
7d906df805
Better instrumentation for filter, and filter bug fixes.
2016-08-10 14:27:52 -07:00
Adam Ierymenko
d166b494ee
Rule parse fix.
2016-08-10 13:41:22 -07:00
Adam Ierymenko
81959f14af
Refactor and redesign symmetric NAT predictor. This is cleaner.
2016-08-10 10:28:54 -07:00
Adam Ierymenko
c9d7845fea
Minor bug fix and some instrumentation stuff for testing.
2016-08-09 17:00:01 -07:00
Adam Ierymenko
0b0cda2be4
ZT_TRACE fix.
2016-08-09 15:55:41 -07:00
Adam Ierymenko
e1310a764a
More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff).
2016-08-09 15:45:26 -07:00
Adam Ierymenko
dbf3e6c3c9
Dead code removal.
2016-08-09 15:01:46 -07:00
Adam Ierymenko
dee7f75f7e
Minor cleanup.
2016-08-09 14:46:11 -07:00
Adam Ierymenko
774c7e0ea5
Put CONFIG_REFRESH back.
2016-08-09 13:52:08 -07:00
Adam Ierymenko
4d498b3765
Handling of multi-part chunked network configs on the inbound side.
2016-08-09 13:14:38 -07:00
Adam Ierymenko
bcd05fbdfa
Chunking of network config replies.
2016-08-09 09:34:13 -07:00
Adam Ierymenko
2ba9343607
Encode and decode of tags and capabilities in NetworkConfig.
2016-08-09 08:32:42 -07:00
Adam Ierymenko
51cf49a24f
cleanup
2016-08-08 17:40:22 -07:00
Adam Ierymenko
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
2016-08-08 16:50:00 -07:00
Adam Ierymenko
4d7f625aa1
.
2016-08-05 15:55:38 -07:00
Adam Ierymenko
e2f783ebbd
.
2016-08-05 15:02:01 -07:00
Adam Ierymenko
4d9b74b171
.
2016-08-04 15:27:20 -07:00
Adam Ierymenko
37d139177d
Integrate Filter into OutboundMulticast properly.
2016-08-04 13:01:14 -07:00
Adam Ierymenko
8a7753cfe3
Filter cleanup, prep for filter integration in a few places.
2016-08-04 12:35:25 -07:00
Adam Ierymenko
331382cf2f
More cleanup and a tiny federation prep item.
2016-08-04 12:14:13 -07:00
Adam Ierymenko
98152d974a
More cleanup and removal of DeferredPackets, will do the latter in a more elegant way.
2016-08-04 11:40:38 -07:00
Adam Ierymenko
56febbf2ba
.
2016-08-04 10:39:28 -07:00
Adam Ierymenko
5cf410490e
.
2016-08-04 10:18:33 -07:00
Adam Ierymenko
404a0bbddd
...
2016-08-04 09:51:15 -07:00
Adam Ierymenko
f057bb63cd
More work on tags and capabilities.
2016-08-04 09:02:35 -07:00
Adam Ierymenko
7e6e56e2bc
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
2016-08-03 18:04:08 -07:00
Adam Ierymenko
67cb03742e
Add tag rules and split out rule serialize/deserialize so the code can be reused.
2016-08-03 14:12:38 -07:00
Adam Ierymenko
91940cbcf5
Kill network preferred relays -- this feature is gone (and was seldom used anyway) in favor of federation.
2016-08-02 14:40:26 -07:00
Adam Ierymenko
ecc1324bb0
Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places.
2016-08-02 13:36:17 -07:00
Adam Ierymenko
d3b0081447
Cleanup...
2016-07-28 12:09:58 -07:00
Adam Ierymenko
22e44c762b
More rules engine work: key/value pair matching for microsegmentation.
2016-07-28 10:58:10 -07:00
Adam Ierymenko
4929be08f7
Cleanup and stub out new object transfer messages.
2016-07-26 12:33:51 -07:00
Adam Ierymenko
088bbd1c08
Filter fixes.
2016-07-25 17:03:26 -07:00
Adam Ierymenko
7404eb46c4
Integration of Filter into inbound and outbound packet path.
2016-07-25 16:51:10 -07:00
Adam Ierymenko
eaf6d6c938
Basic L2/L3 filter for rules engine (not integrated yet) and some cleanup.
2016-07-25 15:52:16 -07:00
Adam Ierymenko
faf864b8a2
Merge branch 'master' into dev
2016-07-21 19:07:50 -07:00
Adam Ierymenko
f21af60a13
Init trusted path count to zero. Meh.
2016-07-21 19:06:18 -07:00
Adam Ierymenko
10564d8e14
Init trusted path count to zero. Meh.
2016-07-21 19:05:14 -07:00
Moritz Warning
b3073f44a2
move sourceAddress out of scope
...
sourceAddress is used in the catch block
2016-07-21 23:03:04 +02:00
Adam Ierymenko
6320879fe1
Fix for GitHub issue #358 and bump version to 1.1.13 (dev)
2016-07-18 10:56:33 -07:00
Adam Ierymenko
9785fde32a
Trusted paths work!
2016-07-12 11:40:45 -07:00
Adam Ierymenko
9657675755
Plumbing through trusted path stuff to OneService.
2016-07-12 11:30:22 -07:00
Adam Ierymenko
765082fdb6
Trusted path support, and version bump to 1.1.9
2016-07-12 08:29:50 -07:00
Adam Ierymenko
6d8de214eb
Docs and controller API version
2016-07-08 13:10:02 -07:00
Adam Ierymenko
901e2fd692
Fix silly one-liner bug... retag time.
2016-06-29 18:12:35 -07:00
Adam Ierymenko
19735e7050
Revert backgrounding of controller requests hack. Controller code is not really parallel anyway and we fixed the perf problem.
2016-06-29 11:43:22 -07:00
Adam Ierymenko
b4fcf2ee60
Fix a valgrind warning.
2016-06-29 11:11:16 -07:00
Adam Ierymenko
7b7ab823b0
Fix getPeer(self) bug if I am the controller.
2016-06-28 22:49:01 +00:00
Adam Ierymenko
45f315e603
Defer NETWORK_CONFIG_REQUEST packets and allow multithreaded processing.
2016-06-27 17:09:04 -07:00
Adam Ierymenko
ee649ae69a
Add 6plane assignment support to network controller, and cleanup.
2016-06-24 06:40:50 -07:00
Adam Ierymenko
20d155e630
.
2016-06-24 05:21:25 -07:00
Adam Ierymenko
be5996daca
Cleanup of 6plane stuff.
2016-06-24 04:54:05 -07:00
Adam Ierymenko
38dfebad8c
IPv6 NDP emulation flag in NetworkConfig, and implement Docker-friendly
...
(and other host friendly) IPv6 /80 magic subnetting to allow massive
multicast-free NDP emulated IPv6 networks where each host can have a
/48 worth of IPv6 IPs for internal containers, VMs, etc.
Alan Kay, thou art avenged.
https://ivanovivan.wordpress.com/2010/09/13/alan-kay-quotes/
2016-06-23 22:41:14 -07:00
Adam Ierymenko
674b84d908
Plumbing for network setting control, and GitHub issue #330
2016-06-21 14:58:30 -07:00
Adam Ierymenko
330c80f3f5
Add rule type to match a COM field of the peer by ID and value because this will be powerful.
2016-06-21 08:09:20 -07:00
Adam Ierymenko
eee59ec9ce
Fix Buffer<> version of Dictionary.get().
2016-06-21 08:00:40 -07:00
Adam Ierymenko
0959d33ba0
Add a few technically unnecessary but feel-good paranoia bounds checks in Dictionary.get().
2016-06-21 07:59:42 -07:00
Adam Ierymenko
0c05b2cb50
Comment cleanup and fuzzing improvements.
2016-06-21 07:49:46 -07:00
Adam Ierymenko
b2d048aa0e
Make Dictionary templatable so it can be used where we want a higher capacity.
2016-06-21 07:32:58 -07:00
Adam Ierymenko
1bf1c38b30
Default route population works on Mac!
2016-06-16 18:23:33 -07:00
Adam Ierymenko
37afa876a7
Linux bug fixes, small controller fix.
2016-06-17 00:21:58 +00:00
Adam Ierymenko
601c51b351
Bug fix.
2016-06-16 23:18:20 +00:00
Adam Ierymenko
901b75e756
New format now integrated, and it works.
2016-06-16 15:48:58 -07:00
Adam Ierymenko
490d20e8fb
Self test for dictionary, and fixes.
2016-06-16 14:45:36 -07:00
Adam Ierymenko
2113c21fdc
devicemap now works again in OSXEthernetTap
2016-06-16 14:09:09 -07:00
Adam Ierymenko
e09c1a1c11
Big refactor mostly builds. We now have a uniform backward compatible netconf.
2016-06-16 12:28:43 -07:00
Adam Ierymenko
b104bb4762
New super-packed dictionary -- we are going back to a backward compatibile format with the old netconf but in an embedded-friendly way. This is simpler.
2016-06-15 18:47:35 -07:00
Adam Ierymenko
3c655a4b84
Default route ready to test on Mac.
2016-06-15 15:46:57 -07:00
Adam Ierymenko
b90e66f7c7
ManagedRoute, which applies C++ RAII to injected routes. Move RoutingTable to attic.
2016-06-15 15:02:40 -07:00
Adam Ierymenko
4446dbde5e
Big refactor in service code to prep for plumbing through route management.
2016-06-14 10:09:26 -07:00
Adam Ierymenko
82635ce606
Add flags and metric to ZT-managed routes.
2016-06-09 09:43:09 -07:00
Adam Ierymenko
6c6b18d003
Fix include for system lz4.
2016-06-08 12:50:56 -07:00
Adam Ierymenko
9161eebc68
Carry virtual network routes through to API.
2016-06-07 12:15:19 -07:00
Adam Ierymenko
523ea68ae2
Increment protocol version to indicate support for binary network config and config request meta-data.
2016-06-07 11:08:36 -07:00
Adam Ierymenko
ca88e1f1cf
fix size
2016-06-07 10:47:22 -07:00
Adam Ierymenko
be37d025b8
Make flags 64-bit in both network request and config.
2016-06-07 10:46:29 -07:00
Adam Ierymenko
2c995f1f91
IPv6 links are unfortunately not "reliable." Many IPv6 gateways, while not
...
implementing NAT, do implement stateful firewalling with absurdly short
timeouts (<60s). Keepalives are still required in IPv6.
Network engineers continue to mindlessly carry forward cruft and baggage
from IPv4 to IPv6.
2016-05-31 10:30:00 -07:00
Adam Ierymenko
0bcc7d46a3
Disable debug code.
2016-05-16 18:39:34 -07:00
Adam Ierymenko
93b673043c
Fix new binary meta-data deserialization and add some debug code (will disable later).
2016-05-16 18:37:37 -07:00
Grant Limberg
de1b745988
comment out a few TRACE messages that don't compile
2016-05-14 13:29:31 -07:00
Grant Limberg
efdbd6326f
compiling with C++11 requires a space between string literals
2016-05-14 13:25:40 -07:00
Adam Ierymenko
548730660b
Ready to test whole new netconf refactor.
2016-05-11 10:19:14 -07:00
Adam Ierymenko
7ee3743c3d
Refactor controller to send both old and new format netconf.
2016-05-11 08:49:15 -07:00
Adam Ierymenko
8b9519f0af
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
2016-05-06 16:13:11 -07:00
Adam Ierymenko
529515d1d1
Changes to how new-style binary network configs are detected, and a new-style binary serialized meta-data representation.
2016-05-06 13:29:10 -07:00
Adam Ierymenko
7913fa7bbd
Dead code removal.
2016-05-06 11:13:34 -07:00
Adam Ierymenko
b543868351
Missing deserialize stuff.
2016-05-06 11:00:19 -07:00
Adam Ierymenko
0f17077b3d
Merge gateways and routes in netconf since they are the same thing.
2016-05-06 10:57:53 -07:00
Adam Ierymenko
9da8bf37d7
docs
2016-04-28 21:31:10 +02:00
Adam Ierymenko
726136beda
Ifdef fix.
2016-04-27 09:30:34 +02:00
Adam Ierymenko
59eb09d063
Deserialize new style netconf.
2016-04-26 17:20:31 -07:00
Adam Ierymenko
b9dba97fdb
Bunch more refactoring for an even more compact NetworkConfig representation, especially rules.
2016-04-26 17:11:25 -07:00
Adam Ierymenko
25a5275921
.
2016-04-26 08:53:49 -07:00
Adam Ierymenko
e731fc1a3a
Replace two bools in NetworkConfig with a flags field.
2016-04-26 08:40:26 -07:00
Adam Ierymenko
90e1262a8b
More refactoring to remove old Dictionary dependencies.
2016-04-26 08:20:03 -07:00
Adam Ierymenko
d736074301
Refactor rules table in-memory structure in new NetworkConfig to permit far more rules with better space efficiency.
2016-04-22 15:40:53 -07:00
Adam Ierymenko
368efaa2ba
Kill some old debug code.
2016-04-19 12:55:48 -07:00
Adam Ierymenko
2f18a92e20
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
2016-04-19 12:09:35 -07:00
Adam Ierymenko
4c455876f9
Revise peer path weighting to always prioritize cluster-optimal paths.
2016-04-19 09:22:51 -07:00
Adam Ierymenko
cecfa99b7b
(1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4)
2016-04-18 16:44:23 -07:00
Adam Ierymenko
e28838805f
Brace fix...
2016-04-12 13:17:16 -07:00
Adam Ierymenko
8a9762331f
Fix one more old NetworkConfig bit of code.
2016-04-12 12:54:14 -07:00
Adam Ierymenko
31db6f8f36
NetworkConfig refactor almost done.
2016-04-12 12:49:46 -07:00
Adam Ierymenko
ad1e83d8b9
Refactor IncomingPacket for new NetworkConfig
2016-04-12 12:32:33 -07:00
Adam Ierymenko
bbd9915056
Refactor Node for new NetworkConfig
2016-04-12 12:26:10 -07:00
Adam Ierymenko
51fecc0be9
Refactor Network for new NetworkConfig.
2016-04-12 12:16:29 -07:00
Adam Ierymenko
6f854c8391
NetworkConfig refactor part 1
2016-04-12 12:11:34 -07:00
Adam Ierymenko
56096be8b6
Tweak new RX queue algorithm to "expire" old entries to prevent always needing to traverse the whole queue array.
2016-04-06 16:28:40 -07:00
Adam Ierymenko
8ef78e7e7d
Preserve add local interface address add order and send in that order since this is a priority.
2016-04-06 11:50:00 -07:00
Adam Ierymenko
4a109658ab
More refactoring and prep for explicit interface bindings (for default route support).
2016-04-05 11:59:46 -07:00
Adam Ierymenko
52d9612301
Reduce symmetric prediction fuzz just a bit.
2016-04-05 10:49:14 -07:00
Adam Ierymenko
d8b89b0c86
Fix Cluster to send from a designated endpoint address instead of wildcard.
2016-04-05 10:47:13 -07:00
Adam Ierymenko
3df60995e1
nit pick... might this matter?
2016-03-30 16:49:21 -07:00
Adam Ierymenko
1a5e7cb0cb
More tweaks to OS determination stuff.
2016-03-28 12:26:49 -07:00
Adam Ierymenko
8035afae87
Try to define ZT_NO_TYPE_PUNNING on iOS in case it wasn't.
2016-03-28 12:22:05 -07:00
Adam Ierymenko
284e5d83b5
Fix some broken TRACEs and a tiny reorder in a few ifs.
2016-03-28 12:15:24 -07:00
Adam Ierymenko
76f9b4c582
A few other little formatting things.
2016-03-18 15:06:45 -07:00
Adam Ierymenko
c589bc4c57
Indentation
2016-03-18 14:32:48 -07:00
Adam Ierymenko
d6a1868d0a
Refactor incoming packet (rxQueue/fragmentQueue) to eliminate variable length queues and merge queues. This is both faster and saves memory.
2016-03-18 14:16:07 -07:00
Adam Ierymenko
fe3a84a422
Fix problems with previous commit.
2016-03-03 14:15:09 -08:00
Adam Ierymenko
7b5c1696eb
Fix a CIRCUIT_TEST bug in forwarding of tests along hop paths on private networks. Unfortunately this means full circuit testing for private nets will need an upgrade. :(
2016-02-23 14:56:51 -08:00
Adam Ierymenko
c7c61b4ac0
Fix checking of path address validity.
2016-02-22 16:01:35 -08:00
Adam Ierymenko
43fff1a87e
Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this.
2016-02-22 12:59:26 -08:00
Adam Ierymenko
2aa7138373
Reduce direct ping delay back to 1m and make SelfAwareness aware of local received-on address to eliminate false symmetric classification.
2016-02-22 09:47:50 -08:00
Adam Ierymenko
772551c45d
Try +1 and +2 existing surfaces for symmetric NATs.
2016-02-11 10:39:39 -08:00
Adam Ierymenko
0c951b6e56
More tweaks to new symmetric NAT buster, and stop using old iterative method since this supersedes it.
2016-02-10 18:41:39 -08:00
Adam Ierymenko
eadafd8de7
Little fix to NAT-t alg
2016-02-10 17:51:42 -08:00
Adam Ierymenko
f9230eb970
Widen max delta for TS/revision just a bit more for now.
2016-02-10 16:18:45 -08:00
Adam Ierymenko
82348e1537
Temporarily blacklist he.net IPv6 tunnel addresses for paths: these usually have a very low MTU which causes packet loss and other issues.
2016-02-10 11:06:26 -08:00
Adam Ierymenko
10bb9919f1
Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.
2016-02-10 09:32:42 -08:00
Adam Ierymenko
4769dacf61
Tweak needsOurMembershipCertificate timing to resolve a possible source of occasional dropped packets.
2016-02-09 16:54:47 -08:00
Adam Ierymenko
63ec7e58d4
Make activity no longer a function of ping frequency, since this causes compatibility bugs when the latter was modified due to timer interactions with other versions.
2016-02-08 10:03:01 -08:00
Adam Ierymenko
a963810e02
Tweak a few cluster params for higher perf / lower initial setup latency.
2016-02-08 09:57:46 -08:00
Adam Ierymenko
7a63fdc447
Fix for GitHub issue #298 and hopefully #297
2016-02-01 14:41:54 -08:00
Adam Ierymenko
2e5caa335a
Old SF root is dead. Now we are just on Alice and Bob. (world update for 1.1.4)
2016-01-13 10:18:41 -08:00
Adam Ierymenko
4e4fd51117
boring doc stuff
2016-01-12 14:04:55 -08:00
Adam Ierymenko
3883ac08c7
Docs and cleanup.
2016-01-12 13:17:30 -08:00
Adam Ierymenko
740eb6ebc4
Simplify Peer locking to eliminate deadlock with new path recursion check code (and also probably improve performance).
2016-01-12 12:12:25 -08:00
Adam Ierymenko
d6f0f1a82a
Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup.
2016-01-12 11:34:22 -08:00
Adam Ierymenko
83ef98a9dc
Add a network-associated user ptr in API.
2016-01-12 11:04:35 -08:00
Adam Ierymenko
704205c5f7
Dead code removal.
2016-01-12 09:33:14 -08:00
Adam Ierymenko
bbcc3304a0
Check shouldUsePathForZeroTierTraffic in legacy beacon responder.
2016-01-11 15:57:58 -08:00
Adam Ierymenko
b3e3d4cacc
Instead of using binary packet comparison, add a callback to the API to explicitly check whether paths should be used. Check in with this callback (if present) when learning new paths or sending initial packets.
2016-01-11 10:17:44 -08:00
Adam Ierymenko
1023ef23b7
Remove somewhat ugly and costly anti-recursion hack -- we will switch to more explicit methods.
2016-01-11 09:06:10 -08:00
Adam Ierymenko
a56fbc1929
Close another potential anti-recursion loophole.
2016-01-06 15:35:27 -08:00
Adam Ierymenko
47ce52228b
Roots should probably not do this since it would likely be a waste of packets.
2016-01-06 12:54:51 -08:00
Adam Ierymenko
9aee72099e
AntiRecursion cleanup and some other minor things.
2016-01-06 10:59:39 -08:00
Adam Ierymenko
05b2c0743f
Tighten up dead path detection. Should now auto-detect dead paths in less than 10 seconds at a very small cost in ECHO requests (or HELLOs for older peers). GitHib issue #272
2016-01-06 10:00:03 -08:00