Commit Graph

192 Commits

Author SHA1 Message Date
Adam Ierymenko
2bf9145ae6 Outgoing side of packet counter for link quality reporting. Also some cleanup and a cluster mode build fix. 2017-03-01 10:22:57 -08:00
Adam Ierymenko
43182f8f57 Docs, code cleanup, and protect the extra new fields of HELLO with encryption as a precaution. 2017-02-05 16:19:03 -08:00
Adam Ierymenko
3587aa1ea7 Add and send certificates of representation to tell people what our valid upstreams are. These are not used yet but will be needed for future privacy modes, etc. Also some cleanup. 2017-02-04 13:17:00 -08:00
Adam Ierymenko
dcb1233b0d Slight refactor to RENEDEZVOUS sending code for federation. 2017-02-03 23:54:02 -08:00
Adam Ierymenko
60ff280dcb Another tweak to cluster I/O rules. 2017-02-01 13:52:53 -08:00
Adam Ierymenko
84732fcb12 Wire through external path lookup. Static paths should now work. 2016-11-22 14:23:13 -08:00
Adam Ierymenko
39333c9e8e Modify unite() to deal with a second layer of upstreams. 2016-11-17 16:59:04 -08:00
Adam Ierymenko
c61ca1dea2 Keep connections up for netconf stuff as well as frames. 2016-11-09 16:04:08 -08:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko
ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
c7a4da3dd3 Turns out we do not need to pass network to receive(). 2016-09-07 15:24:53 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00
Adam Ierymenko
b5c86b6ba4 Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. 2016-09-07 11:13:17 -07:00
Adam Ierymenko
f2d2df2b11 Cluster build fix. 2016-09-06 15:06:07 -07:00
Adam Ierymenko
8a2e8bd585 Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be. 2016-09-06 12:45:28 -07:00
Adam Ierymenko
d7f2287ce9 More tweaks to path behavior. 2016-09-05 15:47:22 -07:00
Adam Ierymenko
eebcf08084 Tweaks to new Path code for dual-stack operation, and other fixes. 2016-09-03 15:39:05 -07:00
Adam Ierymenko
4992ac2d9f Cluster sub-optimal is in fact necessary... 2016-09-02 14:20:55 -07:00
Adam Ierymenko
412979ba8f Attempt to reactivate dead paths. 2016-09-02 13:55:33 -07:00
Adam Ierymenko
4f8253dcdb Tweaks to path handling... 2016-09-02 13:33:56 -07:00
Adam Ierymenko
e8f6b4b5d3 Rest of big Path canonicalization refactor. 2016-09-02 11:51:33 -07:00
Adam Ierymenko
c476285bd6 Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established. 2016-08-24 16:16:39 -07:00
Adam Ierymenko
e1310a764a More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff). 2016-08-09 15:45:26 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
f057bb63cd More work on tags and capabilities. 2016-08-04 09:02:35 -07:00
Adam Ierymenko
7e6e56e2bc Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup. 2016-08-03 18:04:08 -07:00
Adam Ierymenko
2f18a92e20 Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route. 2016-04-19 12:09:35 -07:00
Adam Ierymenko
4c455876f9 Revise peer path weighting to always prioritize cluster-optimal paths. 2016-04-19 09:22:51 -07:00
Adam Ierymenko
0c951b6e56 More tweaks to new symmetric NAT buster, and stop using old iterative method since this supersedes it. 2016-02-10 18:41:39 -08:00
Adam Ierymenko
4e4fd51117 boring doc stuff 2016-01-12 14:04:55 -08:00
Adam Ierymenko
3883ac08c7 Docs and cleanup. 2016-01-12 13:17:30 -08:00
Adam Ierymenko
740eb6ebc4 Simplify Peer locking to eliminate deadlock with new path recursion check code (and also probably improve performance). 2016-01-12 12:12:25 -08:00
Adam Ierymenko
d8143a5e18 Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev) 2016-01-05 16:41:54 -08:00
Adam Ierymenko
436c1fac1d Selectively move over changes from "edge" to "dev" excluding netcon. 2015-12-21 16:15:39 -08:00
Adam Ierymenko
ceaef19fb7 Fix for GitHub issue #260 -- fix for (non-exploitable) crash in network preferred relay code 2015-11-30 17:20:12 -08:00
Adam Ierymenko
2cc50bdb10 Try bringing back TTL escalation -- may help with Docker (IP-MASQ) type NAT 2015-11-09 15:44:13 -08:00
Adam Ierymenko
35c4e28f31 Mark geo-redirected paths as suboptimal and do not report that we have a peer if all we have is one of these. Also a few other small fixes. 2015-11-09 14:25:28 -08:00
Adam Ierymenko
5f39d5b7ea Further pare down Cluster messaging and rename some stuff. 2015-11-06 14:37:17 -08:00
Adam Ierymenko
4e9d430476 Make root and relay selection somewhat more robust. 2015-11-02 16:03:28 -08:00
Adam Ierymenko
7fbe2f7adf Tweak some more timings for better reliability. 2015-11-02 15:38:53 -08:00
Adam Ierymenko
883c84bdb9 Tweak some timings, and remove some dead code. 2015-10-29 09:39:36 -07:00
Adam Ierymenko
0fd15d9cf3 Fix inverted sense bug. 2015-10-28 10:38:37 -07:00
Adam Ierymenko
cdc99bfee1 Add a circuit breaker for VERB_PUSH_DIRECT_PATHS. 2015-10-27 18:18:26 -07:00
Adam Ierymenko
cc1b275ad9 Replicate peer endpoints and forget paths if we have them -- this allows two clusters to talk to each other, whereas forgetting all paths does not. 2015-10-27 16:47:13 -07:00
Adam Ierymenko
16bc3e0398 Factor out RemotePath subclass of Path -- no longer needed, just cruft. 2015-10-27 15:00:16 -07:00
Adam Ierymenko
a1a0ee4edb Fix infinite loop in Cluster, clean up some stuff elsewhere, and back out rate limiting in PUSH_DIRECT_PATHS for now (but we will do something else to mitigate amplification attacks) 2015-10-27 12:01:00 -07:00
Adam Ierymenko
cc4d0199e7 Fix vProto init. 2015-10-16 10:58:59 -07:00
Adam Ierymenko
f9f60f89d9 Peer save/restore fix. 2015-10-16 10:45:58 -07:00
Adam Ierymenko
5ce3aac929 Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation. 2015-10-16 10:28:09 -07:00
Adam Ierymenko
2229e91b57 IPv6 support fixes. 2015-10-16 10:10:12 -07:00
Adam Ierymenko
619e113748 Work in progress on Cluster for new root infrastructure, multi-homing. 2015-10-14 14:12:12 -07:00
Adam Ierymenko
5d2f523e81 World stuff... 2015-10-13 12:10:44 -07:00
Adam Ierymenko
76a95dc58f The return of peer peristence. 2015-10-01 17:09:01 -07:00
Adam Ierymenko
5076c49210 Peer serialization and related changes. 2015-10-01 15:40:54 -07:00
Adam Ierymenko
64bf3ffe6c Mutex cleanup. 2015-10-01 11:44:09 -07:00
Adam Ierymenko
a3db7d0728 Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things. 2015-10-01 11:11:52 -07:00
Adam Ierymenko
f69454ec98 (1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses. 2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c Plumb through localInterfaceId to track local interfaces corresponding with remote addresses. 2015-09-23 13:49:56 -07:00
Adam Ierymenko
7b8ce16057 Another std::map<> dies. 2015-09-04 13:42:19 -07:00
Adam Ierymenko
0b354803f3 Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank. 2015-07-13 10:03:04 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
255320e2a6 pushDirectPaths() implementation 2015-07-06 14:39:28 -07:00
Adam Ierymenko
93bb934d4e Some cleanup, docs, and Path -> Path > RemotePath refactor. 2015-07-06 14:08:13 -07:00
Adam Ierymenko
d9006712f6 Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world. 2015-05-21 15:58:26 -07:00
Adam Ierymenko
1213073916 Apple auto-update stuff, now for Windows. 2015-05-20 19:38:49 -07:00
Adam Ierymenko
9279bac385 Fix deadlock in SelfAwareness by deferring reconnects. 2015-04-30 21:09:41 -07:00
Adam Ierymenko
54954f5b88 First pass of Windows cleanup and build fixes... 2015-04-24 13:35:17 -07:00
Adam Ierymenko
98bcc3d4b5 Disable a few noisy TRACEs, and limit how often we confirm new paths to avoid flooding. 2015-04-15 13:15:09 -07:00
Adam Ierymenko
5e331d6733 Restrict unite() to desperation==0 since NAT-t only works right now with direct links. 2015-04-10 10:13:50 -07:00
Adam Ierymenko
ccc73b920e Node peer list function for CAPI, and some Peer cleanup. 2015-04-08 18:45:21 -07:00
Adam Ierymenko
c894710ac1 Remove Logger.hpp references. 2015-04-08 16:00:48 -07:00
Adam Ierymenko
49f031ccb4 Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc. 2015-04-07 19:31:11 -07:00
Adam Ierymenko
0a90681849 Add ping(), and a logic fix in SelfAwareness. 2015-04-07 12:32:05 -07:00
Adam Ierymenko
24608d5ca3 Always use HELLO to contact, and we now confirm newly learned paths via a two-way handshake to prevent half-connects. 2015-04-07 12:22:33 -07:00
Adam Ierymenko
52c3b7c34e Implemented empirical determination of external addressing, paritioned per scope. 2015-04-07 11:56:10 -07:00
Adam Ierymenko
f4fd2d4971 Bring IncomingPacket into line with new changes. 2015-04-06 14:50:53 -07:00
Adam Ierymenko
6eb9289367 Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch. 2015-04-03 16:52:53 -07:00
Adam Ierymenko
ee0f56355b Send path simplification. 2015-04-03 13:14:37 -07:00
Adam Ierymenko
a69e1876f1 The concept of link desperation (escalating to less desirable transports) simplifies a ton of stuff. Loads of spaghetti logic can die since we no longer have to make these decisions down in the core. 2015-04-02 17:54:56 -07:00
Adam Ierymenko
7ff0cab1b7 docs 2015-03-31 18:33:39 -07:00
Adam Ierymenko
93012b0ee5 Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware] 2015-02-17 13:11:34 -08:00
Adam Ierymenko
0b84c10ccc Add confirmation step to new netconf, with the caveat that it will be disabled for older netconf servers to avoid race. Also add some comments. 2015-01-09 16:35:20 -05:00
Adam Ierymenko
4e95384ad6 Cleanup, add tristate to config code in Network, and happy new year! 2015-01-05 17:47:59 -08:00
Adam Ierymenko
0e47f13f14 Simplify locking semantics some more to address a deadlock. 2014-10-21 10:42:04 -07:00
Adam Ierymenko
2416491cbc Permanently retire peers.persist, but make iddb.d always enabled instead since identities are what we really want to cache. 2014-10-13 14:12:51 -07:00
Adam Ierymenko
6316011024 Make crypto and compression build optimized in debug, and also try disabling peers.persist -- might ship this way as it seems more trouble than its worth. 2014-10-12 11:42:49 -07:00
Adam Ierymenko
0d017c043f Stop persisting last announcement time since Multicaster is volatile. Also some more legacy multicast fixes. 2014-10-11 16:26:02 -07:00
Adam Ierymenko
496109fdcc Announce multicast group changes on network rescanMulticastGroups() 2014-10-03 18:27:42 -07:00
Adam Ierymenko
2659427864 Multicaster needs to be global, not per-network, and a bunch of other stuff. 2014-09-30 16:28:25 -07:00
Adam Ierymenko
050a0ce85d . 2014-09-25 15:08:29 -07:00
Adam Ierymenko
81b12b6826 Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables. 2014-09-24 13:53:03 -07:00
Adam Ierymenko
1d37204a37 Refactoring in progress... pardon our dust... 2014-09-12 16:57:37 -07:00
Adam Ierymenko
4e9280fc7a Rip out dead "firewall opener" code, replace in pipeline with anti-symmetric-NAT tactics. 2014-09-05 16:23:24 -07:00
Adam Ierymenko
c2187c8759 (1) distribute default root-topology in new dictionary format, (2) bump peer serialization version to force obsolescence of old supernodes, (3) stop outputting a log message every time we poll for software updates 2014-08-14 19:52:22 -04:00
Adam Ierymenko
8a804b5257 (1) Disable firewall openers (its easy to re-enable), (2) Do some prep work for making supernode topology hot-updatable. 2014-08-05 14:05:50 -07:00