Adam Ierymenko
|
9f550292fe
|
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
|
2016-09-27 13:49:43 -07:00 |
|
Adam Ierymenko
|
5ba7ca91c0
|
TRACE build fix.
|
2016-09-27 12:44:44 -07:00 |
|
Adam Ierymenko
|
cc4bacc199
|
Cleanup, and implement compression disable flag for networks.
|
2016-09-27 12:22:25 -07:00 |
|
Adam Ierymenko
|
15c07c58b6
|
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
|
2016-09-27 11:33:48 -07:00 |
|
Adam Ierymenko
|
236fdb450c
|
cleanup attic
|
2016-09-27 07:02:16 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
46049a1ef6
|
Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev
|
2016-09-23 16:08:44 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Grant Limberg
|
40d3993ceb
|
java code still needed to reflect PEER_ROLE_RELAY rename to PEER_ROLE_UPSTREAM
|
2016-09-21 14:12:20 -07:00 |
|
Grant Limberg
|
0564bb3b35
|
added missing copyright/license info from ZT_jniutils
|
2016-09-21 14:09:46 -07:00 |
|
Adam Ierymenko
|
29711e123f
|
Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev
|
2016-09-20 21:21:43 -07:00 |
|
Adam Ierymenko
|
d3524f3609
|
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
2016-09-20 21:21:34 -07:00 |
|
Grant Limberg
|
d87f0293e3
|
Don't print a few error messages when they don't matter.
|
2016-09-19 13:40:53 -07:00 |
|
Grant Limberg
|
5fadd8bdd2
|
ZT_PEER_ROLE_RELAY -> ZT_PEER_ROLE_UPSTREAM in JNI glue
|
2016-09-19 12:54:19 -07:00 |
|
Grant Limberg
|
3366b53247
|
Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev
|
2016-09-18 18:10:03 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
24fce0be86
|
No, definitely have to back out GitHub issue #385 (non-bisected routes) since this breaks IPv6 on OSX and probably IPv4 too if you were to encounter a 6-only situation.
|
2016-09-14 22:23:56 -07:00 |
|
Adam Ierymenko
|
740b34124f
|
Naming...
|
2016-09-14 17:35:50 -07:00 |
|
Adam Ierymenko
|
15402933bc
|
Add physical MTU recommendation hint to network config via API.
|
2016-09-14 16:55:25 -07:00 |
|
Adam Ierymenko
|
8d0b2b781e
|
Route management bug fixes.
|
2016-09-13 16:25:48 -07:00 |
|
Adam Ierymenko
|
83abc00aae
|
docs
|
2016-09-13 14:58:59 -07:00 |
|
Adam Ierymenko
|
5b6d27e659
|
Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected.
|
2016-09-13 14:27:18 -07:00 |
|
Adam Ierymenko
|
ced8dfc639
|
Try a version of GitHub issue #385 (non-bifurcated default if not present) on Mac. This version adds the bifurcated routes always but also adds a device-specific non-bifurcated route. Will have to see if this still interferes with OSX route settings, since by definition device specific routes should not conflict with general routes.
|
2016-09-13 11:07:59 -07:00 |
|
Adam Ierymenko
|
8ef0e4bbaf
|
Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP.
|
2016-09-13 10:46:36 -07:00 |
|
Adam Ierymenko
|
0da9a9a3e0
|
Set trustEstablished in a few more places.
|
2016-09-13 10:33:03 -07:00 |
|
Adam Ierymenko
|
cba37c6107
|
Add a few more rate limit gates for anti-DOS hardening.
|
2016-09-13 10:13:23 -07:00 |
|
Adam Ierymenko
|
ea1da3321a
|
Rate gate requests for COM.
|
2016-09-12 15:19:21 -07:00 |
|
Adam Ierymenko
|
34b146f28b
|
Back out of GitHub issue #385 for now and maybe for this release. Would be nice but it is non-critical and rules are the priority. Current implementation bangs heads with OSX route assignment on WiFi join, etc.
|
2016-09-12 14:56:18 -07:00 |
|
Adam Ierymenko
|
fb46a546db
|
Just always do route bifurcation on Linux for now... basically the old behavior.
|
2016-09-09 12:53:44 -07:00 |
|
Adam Ierymenko
|
debc4c45ee
|
Set trust established flag in MULTICAST_GATHER.
|
2016-09-09 11:45:34 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
ef87069957
|
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
|
2016-09-09 09:32:00 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
16df2c3363
|
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
2016-09-08 19:48:05 -07:00 |
|
Grant Limberg
|
5ed5b22525
|
Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev
|
2016-09-08 17:45:46 -07:00 |
|
Grant Limberg
|
dccca7df1a
|
another couple of missing semicolons
|
2016-09-08 17:45:40 -07:00 |
|
Adam Ierymenko
|
1f6b13b7fd
|
Fix bug causing null addresses to get in memberships[] hash.
|
2016-09-08 16:09:56 -07:00 |
|
Adam Ierymenko
|
d23ade879b
|
Do not bifurcate if not replacing an existing route. (Still need to tie up Linux and Windows.)
|
2016-09-08 15:42:46 -07:00 |
|
Adam Ierymenko
|
8afdb0aa65
|
GitHub issue #346
|
2016-09-07 17:07:06 -07:00 |
|
Adam Ierymenko
|
daf8a66ced
|
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
2016-09-07 15:47:20 -07:00 |
|
Adam Ierymenko
|
20278bb9e4
|
Also send MULTICAST_LIKEs to controllers.
|
2016-09-07 15:34:34 -07:00 |
|
Adam Ierymenko
|
c7a4da3dd3
|
Turns out we do not need to pass network to receive().
|
2016-09-07 15:24:53 -07:00 |
|
Adam Ierymenko
|
1908aa55f5
|
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
2016-09-07 15:15:52 -07:00 |
|
Adam Ierymenko
|
1c08f5e857
|
Tweak some expire times.
|
2016-09-07 12:25:19 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
a7d988745b
|
Use ECHO instead of HELLO where possible.
|
2016-09-07 12:01:03 -07:00 |
|
Adam Ierymenko
|
a9f404aac3
|
Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev
|
2016-09-07 11:20:47 -07:00 |
|
Adam Ierymenko
|
ff9f8b1c2b
|
Typo fix.
|
2016-09-07 11:15:36 -07:00 |
|
Adam Ierymenko
|
b5c86b6ba4
|
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
|
2016-09-07 11:13:17 -07:00 |
|