Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
15402933bc
|
Add physical MTU recommendation hint to network config via API.
|
2016-09-14 16:55:25 -07:00 |
|
Adam Ierymenko
|
5b6d27e659
|
Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected.
|
2016-09-13 14:27:18 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
b5c86b6ba4
|
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
|
2016-09-07 11:13:17 -07:00 |
|
Adam Ierymenko
|
eebcf08084
|
Tweaks to new Path code for dual-stack operation, and other fixes.
|
2016-09-03 15:39:05 -07:00 |
|
Adam Ierymenko
|
8b6d23b9f6
|
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
|
2016-09-01 12:07:17 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
95ff057e04
|
Increase rule limits a little since chunking in netconf can accomodate this.
|
2016-08-24 17:16:26 -07:00 |
|
Adam Ierymenko
|
2cdda38dc4
|
It basically works... at least on current controllers.
|
2016-08-24 15:26:18 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
4d9b74b171
|
.
|
2016-08-04 15:27:20 -07:00 |
|
Adam Ierymenko
|
98152d974a
|
More cleanup and removal of DeferredPackets, will do the latter in a more elegant way.
|
2016-08-04 11:40:38 -07:00 |
|
Adam Ierymenko
|
7e6e56e2bc
|
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
|
2016-08-03 18:04:08 -07:00 |
|
Adam Ierymenko
|
67cb03742e
|
Add tag rules and split out rule serialize/deserialize so the code can be reused.
|
2016-08-03 14:12:38 -07:00 |
|
Adam Ierymenko
|
ecc1324bb0
|
Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places.
|
2016-08-02 13:36:17 -07:00 |
|
Adam Ierymenko
|
d3b0081447
|
Cleanup...
|
2016-07-28 12:09:58 -07:00 |
|
Adam Ierymenko
|
22e44c762b
|
More rules engine work: key/value pair matching for microsegmentation.
|
2016-07-28 10:58:10 -07:00 |
|
Adam Ierymenko
|
eaf6d6c938
|
Basic L2/L3 filter for rules engine (not integrated yet) and some cleanup.
|
2016-07-25 15:52:16 -07:00 |
|
Adam Ierymenko
|
9657675755
|
Plumbing through trusted path stuff to OneService.
|
2016-07-12 11:30:22 -07:00 |
|
Adam Ierymenko
|
765082fdb6
|
Trusted path support, and version bump to 1.1.9
|
2016-07-12 08:29:50 -07:00 |
|
Adam Ierymenko
|
330c80f3f5
|
Add rule type to match a COM field of the peer by ID and value because this will be powerful.
|
2016-06-21 08:09:20 -07:00 |
|
Adam Ierymenko
|
e09c1a1c11
|
Big refactor mostly builds. We now have a uniform backward compatible netconf.
|
2016-06-16 12:28:43 -07:00 |
|
Adam Ierymenko
|
4446dbde5e
|
Big refactor in service code to prep for plumbing through route management.
|
2016-06-14 10:09:26 -07:00 |
|
Adam Ierymenko
|
82635ce606
|
Add flags and metric to ZT-managed routes.
|
2016-06-09 09:43:09 -07:00 |
|
Adam Ierymenko
|
9161eebc68
|
Carry virtual network routes through to API.
|
2016-06-07 12:15:19 -07:00 |
|
Adam Ierymenko
|
37b89b3944
|
Add TCP relative sequence number criterion for documentation/posterity.
|
2016-05-09 17:00:17 -07:00 |
|
Adam Ierymenko
|
8b9519f0af
|
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
|
2016-05-06 16:13:11 -07:00 |
|
Adam Ierymenko
|
69d0562e2c
|
docs
|
2016-05-06 11:41:11 -07:00 |
|
Adam Ierymenko
|
7913fa7bbd
|
Dead code removal.
|
2016-05-06 11:13:34 -07:00 |
|
Adam Ierymenko
|
0f17077b3d
|
Merge gateways and routes in netconf since they are the same thing.
|
2016-05-06 10:57:53 -07:00 |
|
Adam Ierymenko
|
e5cc487b95
|
Beginning of security doc and kill some obsolete defines in main include file.
|
2016-04-28 14:58:16 +02:00 |
|
Adam Ierymenko
|
b9dba97fdb
|
Bunch more refactoring for an even more compact NetworkConfig representation, especially rules.
|
2016-04-26 17:11:25 -07:00 |
|
Adam Ierymenko
|
246f86dad3
|
Define an "anchor" as a statically defined device that serves as a network lookup point.
|
2016-04-26 07:56:41 -07:00 |
|
Adam Ierymenko
|
d736074301
|
Refactor rules table in-memory structure in new NetworkConfig to permit far more rules with better space efficiency.
|
2016-04-22 15:40:53 -07:00 |
|
Adam Ierymenko
|
af471af8ef
|
Shrink NetworkConfig slightly.
|
2016-04-12 13:32:41 -07:00 |
|
Adam Ierymenko
|
6f854c8391
|
NetworkConfig refactor part 1
|
2016-04-12 12:11:34 -07:00 |
|
Adam Ierymenko
|
92f24d1988
|
Make maximum size of a circuit test structure sane.
|
2016-02-22 15:54:18 -08:00 |
|
Grant Limberg
|
6dac0c8c4f
|
C doesn't support default arguments
|
2016-01-13 17:47:34 -08:00 |
|
Adam Ierymenko
|
4e4fd51117
|
boring doc stuff
|
2016-01-12 14:04:55 -08:00 |
|