Adam Ierymenko
|
2bf9145ae6
|
Outgoing side of packet counter for link quality reporting. Also some cleanup and a cluster mode build fix.
|
2017-03-01 10:22:57 -08:00 |
|
Adam Ierymenko
|
43182f8f57
|
Docs, code cleanup, and protect the extra new fields of HELLO with encryption as a precaution.
|
2017-02-05 16:19:03 -08:00 |
|
Adam Ierymenko
|
3587aa1ea7
|
Add and send certificates of representation to tell people what our valid upstreams are. These are not used yet but will be needed for future privacy modes, etc. Also some cleanup.
|
2017-02-04 13:17:00 -08:00 |
|
Adam Ierymenko
|
dcb1233b0d
|
Slight refactor to RENEDEZVOUS sending code for federation.
|
2017-02-03 23:54:02 -08:00 |
|
Adam Ierymenko
|
60ff280dcb
|
Another tweak to cluster I/O rules.
|
2017-02-01 13:52:53 -08:00 |
|
Adam Ierymenko
|
84732fcb12
|
Wire through external path lookup. Static paths should now work.
|
2016-11-22 14:23:13 -08:00 |
|
Adam Ierymenko
|
39333c9e8e
|
Modify unite() to deal with a second layer of upstreams.
|
2016-11-17 16:59:04 -08:00 |
|
Adam Ierymenko
|
c61ca1dea2
|
Keep connections up for netconf stuff as well as frames.
|
2016-11-09 16:04:08 -08:00 |
|
Adam Ierymenko
|
9f550292fe
|
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
|
2016-09-27 13:49:43 -07:00 |
|
Adam Ierymenko
|
d3524f3609
|
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
2016-09-20 21:21:34 -07:00 |
|
Adam Ierymenko
|
5b6d27e659
|
Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected.
|
2016-09-13 14:27:18 -07:00 |
|
Adam Ierymenko
|
cba37c6107
|
Add a few more rate limit gates for anti-DOS hardening.
|
2016-09-13 10:13:23 -07:00 |
|
Adam Ierymenko
|
ea1da3321a
|
Rate gate requests for COM.
|
2016-09-12 15:19:21 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
c7a4da3dd3
|
Turns out we do not need to pass network to receive().
|
2016-09-07 15:24:53 -07:00 |
|
Adam Ierymenko
|
1908aa55f5
|
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
2016-09-07 15:15:52 -07:00 |
|
Adam Ierymenko
|
a7d988745b
|
Use ECHO instead of HELLO where possible.
|
2016-09-07 12:01:03 -07:00 |
|
Adam Ierymenko
|
b5c86b6ba4
|
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
|
2016-09-07 11:13:17 -07:00 |
|
Adam Ierymenko
|
f2d2df2b11
|
Cluster build fix.
|
2016-09-06 15:06:07 -07:00 |
|
Adam Ierymenko
|
8a2e8bd585
|
Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be.
|
2016-09-06 12:45:28 -07:00 |
|
Adam Ierymenko
|
d7f2287ce9
|
More tweaks to path behavior.
|
2016-09-05 15:47:22 -07:00 |
|
Adam Ierymenko
|
eebcf08084
|
Tweaks to new Path code for dual-stack operation, and other fixes.
|
2016-09-03 15:39:05 -07:00 |
|
Adam Ierymenko
|
4992ac2d9f
|
Cluster sub-optimal is in fact necessary...
|
2016-09-02 14:20:55 -07:00 |
|
Adam Ierymenko
|
412979ba8f
|
Attempt to reactivate dead paths.
|
2016-09-02 13:55:33 -07:00 |
|
Adam Ierymenko
|
4f8253dcdb
|
Tweaks to path handling...
|
2016-09-02 13:33:56 -07:00 |
|
Adam Ierymenko
|
e8f6b4b5d3
|
Rest of big Path canonicalization refactor.
|
2016-09-02 11:51:33 -07:00 |
|
Adam Ierymenko
|
c476285bd6
|
Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established.
|
2016-08-24 16:16:39 -07:00 |
|
Adam Ierymenko
|
e1310a764a
|
More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff).
|
2016-08-09 15:45:26 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
f057bb63cd
|
More work on tags and capabilities.
|
2016-08-04 09:02:35 -07:00 |
|
Adam Ierymenko
|
7e6e56e2bc
|
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
|
2016-08-03 18:04:08 -07:00 |
|
Adam Ierymenko
|
2f18a92e20
|
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
|
2016-04-19 12:09:35 -07:00 |
|
Adam Ierymenko
|
4c455876f9
|
Revise peer path weighting to always prioritize cluster-optimal paths.
|
2016-04-19 09:22:51 -07:00 |
|
Adam Ierymenko
|
0c951b6e56
|
More tweaks to new symmetric NAT buster, and stop using old iterative method since this supersedes it.
|
2016-02-10 18:41:39 -08:00 |
|
Adam Ierymenko
|
4e4fd51117
|
boring doc stuff
|
2016-01-12 14:04:55 -08:00 |
|
Adam Ierymenko
|
3883ac08c7
|
Docs and cleanup.
|
2016-01-12 13:17:30 -08:00 |
|
Adam Ierymenko
|
740eb6ebc4
|
Simplify Peer locking to eliminate deadlock with new path recursion check code (and also probably improve performance).
|
2016-01-12 12:12:25 -08:00 |
|
Adam Ierymenko
|
d8143a5e18
|
Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev)
|
2016-01-05 16:41:54 -08:00 |
|
Adam Ierymenko
|
436c1fac1d
|
Selectively move over changes from "edge" to "dev" excluding netcon.
|
2015-12-21 16:15:39 -08:00 |
|
Adam Ierymenko
|
ceaef19fb7
|
Fix for GitHub issue #260 -- fix for (non-exploitable) crash in network preferred relay code
|
2015-11-30 17:20:12 -08:00 |
|
Adam Ierymenko
|
2cc50bdb10
|
Try bringing back TTL escalation -- may help with Docker (IP-MASQ) type NAT
|
2015-11-09 15:44:13 -08:00 |
|
Adam Ierymenko
|
35c4e28f31
|
Mark geo-redirected paths as suboptimal and do not report that we have a peer if all we have is one of these. Also a few other small fixes.
|
2015-11-09 14:25:28 -08:00 |
|
Adam Ierymenko
|
5f39d5b7ea
|
Further pare down Cluster messaging and rename some stuff.
|
2015-11-06 14:37:17 -08:00 |
|
Adam Ierymenko
|
4e9d430476
|
Make root and relay selection somewhat more robust.
|
2015-11-02 16:03:28 -08:00 |
|
Adam Ierymenko
|
7fbe2f7adf
|
Tweak some more timings for better reliability.
|
2015-11-02 15:38:53 -08:00 |
|
Adam Ierymenko
|
883c84bdb9
|
Tweak some timings, and remove some dead code.
|
2015-10-29 09:39:36 -07:00 |
|
Adam Ierymenko
|
0fd15d9cf3
|
Fix inverted sense bug.
|
2015-10-28 10:38:37 -07:00 |
|
Adam Ierymenko
|
cdc99bfee1
|
Add a circuit breaker for VERB_PUSH_DIRECT_PATHS.
|
2015-10-27 18:18:26 -07:00 |
|
Adam Ierymenko
|
cc1b275ad9
|
Replicate peer endpoints and forget paths if we have them -- this allows two clusters to talk to each other, whereas forgetting all paths does not.
|
2015-10-27 16:47:13 -07:00 |
|
Adam Ierymenko
|
16bc3e0398
|
Factor out RemotePath subclass of Path -- no longer needed, just cruft.
|
2015-10-27 15:00:16 -07:00 |
|
Adam Ierymenko
|
a1a0ee4edb
|
Fix infinite loop in Cluster, clean up some stuff elsewhere, and back out rate limiting in PUSH_DIRECT_PATHS for now (but we will do something else to mitigate amplification attacks)
|
2015-10-27 12:01:00 -07:00 |
|
Adam Ierymenko
|
cc4d0199e7
|
Fix vProto init.
|
2015-10-16 10:58:59 -07:00 |
|
Adam Ierymenko
|
f9f60f89d9
|
Peer save/restore fix.
|
2015-10-16 10:45:58 -07:00 |
|
Adam Ierymenko
|
5ce3aac929
|
Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation.
|
2015-10-16 10:28:09 -07:00 |
|
Adam Ierymenko
|
2229e91b57
|
IPv6 support fixes.
|
2015-10-16 10:10:12 -07:00 |
|
Adam Ierymenko
|
619e113748
|
Work in progress on Cluster for new root infrastructure, multi-homing.
|
2015-10-14 14:12:12 -07:00 |
|
Adam Ierymenko
|
5d2f523e81
|
World stuff...
|
2015-10-13 12:10:44 -07:00 |
|
Adam Ierymenko
|
76a95dc58f
|
The return of peer peristence.
|
2015-10-01 17:09:01 -07:00 |
|
Adam Ierymenko
|
5076c49210
|
Peer serialization and related changes.
|
2015-10-01 15:40:54 -07:00 |
|
Adam Ierymenko
|
64bf3ffe6c
|
Mutex cleanup.
|
2015-10-01 11:44:09 -07:00 |
|
Adam Ierymenko
|
a3db7d0728
|
Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things.
|
2015-10-01 11:11:52 -07:00 |
|
Adam Ierymenko
|
f69454ec98
|
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
|
2015-09-24 16:21:36 -07:00 |
|
Adam Ierymenko
|
367ffde00c
|
Plumb through localInterfaceId to track local interfaces corresponding with remote addresses.
|
2015-09-23 13:49:56 -07:00 |
|
Adam Ierymenko
|
7b8ce16057
|
Another std::map<> dies.
|
2015-09-04 13:42:19 -07:00 |
|
Adam Ierymenko
|
0b354803f3
|
Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank.
|
2015-07-13 10:03:04 -07:00 |
|
Adam Ierymenko
|
778c7e6e70
|
More cleanup to direct path push, comment fixes, etc.
|
2015-07-07 10:00:34 -07:00 |
|
Adam Ierymenko
|
255320e2a6
|
pushDirectPaths() implementation
|
2015-07-06 14:39:28 -07:00 |
|
Adam Ierymenko
|
93bb934d4e
|
Some cleanup, docs, and Path -> Path > RemotePath refactor.
|
2015-07-06 14:08:13 -07:00 |
|
Adam Ierymenko
|
d9006712f6
|
Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world.
|
2015-05-21 15:58:26 -07:00 |
|
Adam Ierymenko
|
1213073916
|
Apple auto-update stuff, now for Windows.
|
2015-05-20 19:38:49 -07:00 |
|
Adam Ierymenko
|
9279bac385
|
Fix deadlock in SelfAwareness by deferring reconnects.
|
2015-04-30 21:09:41 -07:00 |
|
Adam Ierymenko
|
54954f5b88
|
First pass of Windows cleanup and build fixes...
|
2015-04-24 13:35:17 -07:00 |
|
Adam Ierymenko
|
98bcc3d4b5
|
Disable a few noisy TRACEs, and limit how often we confirm new paths to avoid flooding.
|
2015-04-15 13:15:09 -07:00 |
|
Adam Ierymenko
|
5e331d6733
|
Restrict unite() to desperation==0 since NAT-t only works right now with direct links.
|
2015-04-10 10:13:50 -07:00 |
|
Adam Ierymenko
|
ccc73b920e
|
Node peer list function for CAPI, and some Peer cleanup.
|
2015-04-08 18:45:21 -07:00 |
|
Adam Ierymenko
|
c894710ac1
|
Remove Logger.hpp references.
|
2015-04-08 16:00:48 -07:00 |
|
Adam Ierymenko
|
49f031ccb4
|
Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc.
|
2015-04-07 19:31:11 -07:00 |
|
Adam Ierymenko
|
0a90681849
|
Add ping(), and a logic fix in SelfAwareness.
|
2015-04-07 12:32:05 -07:00 |
|
Adam Ierymenko
|
24608d5ca3
|
Always use HELLO to contact, and we now confirm newly learned paths via a two-way handshake to prevent half-connects.
|
2015-04-07 12:22:33 -07:00 |
|
Adam Ierymenko
|
52c3b7c34e
|
Implemented empirical determination of external addressing, paritioned per scope.
|
2015-04-07 11:56:10 -07:00 |
|
Adam Ierymenko
|
f4fd2d4971
|
Bring IncomingPacket into line with new changes.
|
2015-04-06 14:50:53 -07:00 |
|
Adam Ierymenko
|
6eb9289367
|
Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch.
|
2015-04-03 16:52:53 -07:00 |
|
Adam Ierymenko
|
ee0f56355b
|
Send path simplification.
|
2015-04-03 13:14:37 -07:00 |
|
Adam Ierymenko
|
a69e1876f1
|
The concept of link desperation (escalating to less desirable transports) simplifies a ton of stuff. Loads of spaghetti logic can die since we no longer have to make these decisions down in the core.
|
2015-04-02 17:54:56 -07:00 |
|
Adam Ierymenko
|
7ff0cab1b7
|
docs
|
2015-03-31 18:33:39 -07:00 |
|
Adam Ierymenko
|
93012b0ee5
|
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
|
2015-02-17 13:11:34 -08:00 |
|
Adam Ierymenko
|
0b84c10ccc
|
Add confirmation step to new netconf, with the caveat that it will be disabled for older netconf servers to avoid race. Also add some comments.
|
2015-01-09 16:35:20 -05:00 |
|
Adam Ierymenko
|
4e95384ad6
|
Cleanup, add tristate to config code in Network, and happy new year!
|
2015-01-05 17:47:59 -08:00 |
|
Adam Ierymenko
|
0e47f13f14
|
Simplify locking semantics some more to address a deadlock.
|
2014-10-21 10:42:04 -07:00 |
|
Adam Ierymenko
|
2416491cbc
|
Permanently retire peers.persist, but make iddb.d always enabled instead since identities are what we really want to cache.
|
2014-10-13 14:12:51 -07:00 |
|
Adam Ierymenko
|
6316011024
|
Make crypto and compression build optimized in debug, and also try disabling peers.persist -- might ship this way as it seems more trouble than its worth.
|
2014-10-12 11:42:49 -07:00 |
|
Adam Ierymenko
|
0d017c043f
|
Stop persisting last announcement time since Multicaster is volatile. Also some more legacy multicast fixes.
|
2014-10-11 16:26:02 -07:00 |
|
Adam Ierymenko
|
496109fdcc
|
Announce multicast group changes on network rescanMulticastGroups()
|
2014-10-03 18:27:42 -07:00 |
|
Adam Ierymenko
|
2659427864
|
Multicaster needs to be global, not per-network, and a bunch of other stuff.
|
2014-09-30 16:28:25 -07:00 |
|
Adam Ierymenko
|
050a0ce85d
|
.
|
2014-09-25 15:08:29 -07:00 |
|
Adam Ierymenko
|
81b12b6826
|
Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables.
|
2014-09-24 13:53:03 -07:00 |
|
Adam Ierymenko
|
1d37204a37
|
Refactoring in progress... pardon our dust...
|
2014-09-12 16:57:37 -07:00 |
|
Adam Ierymenko
|
4e9280fc7a
|
Rip out dead "firewall opener" code, replace in pipeline with anti-symmetric-NAT tactics.
|
2014-09-05 16:23:24 -07:00 |
|
Adam Ierymenko
|
c2187c8759
|
(1) distribute default root-topology in new dictionary format, (2) bump peer serialization version to force obsolescence of old supernodes, (3) stop outputting a log message every time we poll for software updates
|
2014-08-14 19:52:22 -04:00 |
|
Adam Ierymenko
|
8a804b5257
|
(1) Disable firewall openers (its easy to re-enable), (2) Do some prep work for making supernode topology hot-updatable.
|
2014-08-05 14:05:50 -07:00 |
|