Adam Ierymenko
|
32f5a0ab18
|
Add default tag values and default set capabilities for new members.
|
2017-02-21 13:27:20 -08:00 |
|
Adam Ierymenko
|
672f17c6e9
|
Add a mask and value range to the IP tos rule field. This allows TOS to be matched more usefully. This will break anyone using tos in the beta, but nobody seems to be and its pre-release so now is the time.
|
2017-02-07 09:33:39 -08:00 |
|
Adam Ierymenko
|
ac3e883c05
|
One more place to add "break".
|
2017-02-06 14:07:30 -08:00 |
|
Adam Ierymenko
|
31db768e4d
|
A bit of code cleanup.
|
2017-02-04 00:23:31 -08:00 |
|
Adam Ierymenko
|
fd460d93c4
|
docs
|
2017-01-19 10:53:44 -08:00 |
|
Adam Ierymenko
|
e9007b1f56
|
NodeJS migration script for old Sqlite controller.db to new controller data format.
|
2017-01-19 10:44:26 -08:00 |
|
Adam Ierymenko
|
d150f9b2bd
|
Windows update build in Advanced Installer, and warning removal.
|
2017-01-13 15:19:59 -08:00 |
|
Adam Ierymenko
|
a064e19b8a
|
Refactor some JSON stuff for performance, and fix a build error.
|
2017-01-10 13:51:10 -08:00 |
|
Adam Ierymenko
|
bf2b9e3692
|
Auto-authorize new members on public networks properly.
|
2016-12-22 18:52:34 -08:00 |
|
Adam Ierymenko
|
0d066e3b08
|
Fix JSON parse bug in REDIRECT target.
|
2016-12-22 18:26:43 -08:00 |
|
Adam Ierymenko
|
fe530548bb
|
Fix MATCH_RANDOM in controller.
|
2016-12-22 16:57:45 -08:00 |
|
Adam Ierymenko
|
a54c2b438c
|
Basic support for streaming of changes via stdout from controller.
|
2016-12-15 15:08:47 -08:00 |
|
Adam Ierymenko
|
ccdd4ffda7
|
Move split() to OSUtils since it is not used in core.
|
2016-11-18 15:49:28 -08:00 |
|
Adam Ierymenko
|
25f9c294dc
|
Small bug fix and warning removal.
|
2016-11-18 13:01:45 -08:00 |
|
Adam Ierymenko
|
07b2a3818c
|
Fix TTL scaling in cert.
|
2016-11-15 14:26:05 -08:00 |
|
Adam Ierymenko
|
15c6e2ec70
|
Fix member deauthorization time threshold bug.
|
2016-11-15 14:06:25 -08:00 |
|
Adam Ierymenko
|
e26bee45fb
|
Multithreading in network controller. Threads are only started if controller is used.
|
2016-11-10 13:57:01 -08:00 |
|
Adam Ierymenko
|
1b10d3413a
|
Use circuit breaker only for requests.
|
2016-11-10 13:08:43 -08:00 |
|
Adam Ierymenko
|
f0fcd222a1
|
Actually push updates when things change.
|
2016-11-10 12:54:43 -08:00 |
|
Adam Ierymenko
|
298e4a9f14
|
Also avoid sending tags and caps to old members since there is no point.
|
2016-11-10 12:33:09 -08:00 |
|
Adam Ierymenko
|
226123ca08
|
Refactor controller to permit sending of pushes as well as just replies to config requests.
|
2016-11-10 11:54:47 -08:00 |
|
Adam Ierymenko
|
5ebf5077f5
|
Log last meta-data in controller, and ease up just a bit on keepalives.
|
2016-11-09 17:11:10 -08:00 |
|
Adam Ierymenko
|
eea712a1ae
|
Field in wrong place fixed.
|
2016-11-09 13:26:14 -08:00 |
|
Adam Ierymenko
|
1ebfca666d
|
Memo-ize some computed stuff to control CPU utilization.
|
2016-11-09 12:34:20 -08:00 |
|
Adam Ierymenko
|
3d948a930e
|
Send a blanket rule to old versions. New versions will still bidirecitonally enforce on the inbound side.
|
2016-11-08 14:24:30 -08:00 |
|
Adam Ierymenko
|
4524899e4d
|
Update LM time on members on request.
|
2016-11-08 12:41:27 -08:00 |
|
Adam Ierymenko
|
360c84e035
|
Minor fixes.
|
2016-11-08 00:05:18 +00:00 |
|
Adam Ierymenko
|
4868d21526
|
Bug fixes in controller refactor.
|
2016-11-07 23:49:03 +00:00 |
|
Adam Ierymenko
|
5f63d5039b
|
Bug fixes, self test of JSONDB disabled by default.
|
2016-11-07 14:01:23 -08:00 |
|
Adam Ierymenko
|
a454a37a6e
|
Self test JSONDB.
|
2016-11-07 13:27:17 -08:00 |
|
Adam Ierymenko
|
a78d7311a6
|
Fix network list API call.
|
2016-11-04 16:23:41 -07:00 |
|
Adam Ierymenko
|
08ff666e99
|
.
|
2016-11-04 16:14:58 -07:00 |
|
Adam Ierymenko
|
0d108d37f6
|
.
|
2016-11-04 16:12:44 -07:00 |
|
Adam Ierymenko
|
cae9041c2a
|
.
|
2016-11-04 15:52:01 -07:00 |
|
Adam Ierymenko
|
330a07a554
|
cleanup
|
2016-11-04 15:48:23 -07:00 |
|
Adam Ierymenko
|
7729cbe313
|
Fix ambiguous error on some compilers.
|
2016-11-04 15:34:49 -07:00 |
|
Adam Ierymenko
|
b03c7b2f30
|
Refactor controller to use split-out DB for better performance and less ugly.
|
2016-11-04 15:18:31 -07:00 |
|
Adam Ierymenko
|
3c00cd0f88
|
Separate out JSON store from controller code.
|
2016-11-03 14:17:46 -07:00 |
|
Grant Limberg
|
8ffae313fd
|
add new files & remove old ones from VS project. Now builds & runs on Windows again
|
2016-11-03 12:10:50 -07:00 |
|
Adam Ierymenko
|
2cb760e0ac
|
Fix ICMP json.
|
2016-10-13 14:14:46 -07:00 |
|
Adam Ierymenko
|
2d6a4e5974
|
cleanup
|
2016-10-13 13:52:45 -07:00 |
|
Adam Ierymenko
|
e2509af163
|
Fix bug in default rules init in new networks.
|
2016-10-12 12:30:32 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
f0794e09b7
|
Controller cleanup.
|
2016-09-30 13:04:26 -07:00 |
|
Adam Ierymenko
|
1eeebba2f7
|
Drop old /active path from network.
|
2016-09-29 17:59:27 -07:00 |
|
Adam Ierymenko
|
2fc3d12fb6
|
Minor tweaks to member code in controller, and fix Linux build.
|
2016-09-29 14:48:39 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
7a00036954
|
Tweak log length to fit JSON for members within two 4096-kb blocks.
|
2016-08-29 18:10:02 -07:00 |
|
Adam Ierymenko
|
914c42537c
|
Type fixes.
|
2016-08-29 17:48:36 -07:00 |
|
Adam Ierymenko
|
77c2bf3ad9
|
Kill dead field from network JSON.
|
2016-08-29 14:47:19 -07:00 |
|
Adam Ierymenko
|
297b1b4258
|
Another tiny API bug fix.
|
2016-08-26 14:16:55 -07:00 |
|
Adam Ierymenko
|
35ac995d05
|
Fix setting of v6AssignMode in controller.
|
2016-08-26 14:04:27 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
858e8c5217
|
one more...
|
2016-08-25 16:28:54 -07:00 |
|
Adam Ierymenko
|
df1ce856c9
|
A little bit more controller code cleanup.
|
2016-08-25 16:25:28 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
1814016eb7
|
Add daemon thread to controller and move network member cache refreshes there.
|
2016-08-25 11:26:45 -07:00 |
|
Adam Ierymenko
|
6ecb42b031
|
docs and null check in controller code
|
2016-08-25 10:46:03 -07:00 |
|
Adam Ierymenko
|
60bc291414
|
Add noAutoAssignIps for member of networks.
|
2016-08-24 17:05:43 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
8d594f8b53
|
cleanup
|
2016-08-23 16:05:10 -07:00 |
|
Adam Ierymenko
|
5f4df0c6a9
|
Controller cleanup and perf improvements.
|
2016-08-23 15:30:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
4dce71879f
|
.
|
2016-08-18 18:18:50 -07:00 |
|
Adam Ierymenko
|
212a5af9a5
|
Capabilities and tags in POST JSON.
|
2016-08-18 14:37:56 -07:00 |
|
Adam Ierymenko
|
1cadbfb4d1
|
Little fixes.
|
2016-08-18 13:47:02 -07:00 |
|
Adam Ierymenko
|
f119c4a456
|
Cache network members for performance, add network non-persisted fields.
|
2016-08-18 12:59:48 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b7ebf6edbf
|
Cleanup and log how member was authorized.
|
2016-08-17 13:54:32 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
168b86fdcd
|
Controller docs and API fix.
|
2016-08-17 12:27:07 -07:00 |
|
Adam Ierymenko
|
a13f4d8353
|
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
|
2016-08-17 10:42:32 -07:00 |
|
Adam Ierymenko
|
cc808cc2dd
|
Rules parsing stuff.
|
2016-08-17 10:25:25 -07:00 |
|
Adam Ierymenko
|
ce001198d8
|
.
|
2016-08-16 16:57:45 -07:00 |
|
Adam Ierymenko
|
c0639ccd37
|
Just about ready to test.
|
2016-08-16 16:46:08 -07:00 |
|
Adam Ierymenko
|
58701c1ca8
|
.
|
2016-08-16 14:08:08 -07:00 |
|
Adam Ierymenko
|
b08ca49580
|
More controller work -- it builds!
|
2016-08-16 14:05:17 -07:00 |
|
Adam Ierymenko
|
bd15262e54
|
Bunch of rule JSON stuff.
|
2016-08-15 18:49:50 -07:00 |
|
Adam Ierymenko
|
3cb2e1197f
|
.
|
2016-08-12 15:32:45 -07:00 |
|
Adam Ierymenko
|
c30f74987f
|
Starting refactor of controller...
|
2016-08-12 11:30:27 -07:00 |
|
Adam Ierymenko
|
22e44c762b
|
More rules engine work: key/value pair matching for microsegmentation.
|
2016-07-28 10:58:10 -07:00 |
|
Adam Ierymenko
|
0e2964261f
|
docs
|
2016-07-08 13:42:04 -07:00 |
|
Adam Ierymenko
|
ffe7d8d024
|
docs
|
2016-07-08 13:40:21 -07:00 |
|
Adam Ierymenko
|
c01ebbcbde
|
docs
|
2016-07-08 13:38:47 -07:00 |
|
Adam Ierymenko
|
a6e5914aa7
|
docs
|
2016-07-08 13:37:51 -07:00 |
|
Adam Ierymenko
|
6d8de214eb
|
Docs and controller API version
|
2016-07-08 13:10:02 -07:00 |
|
Adam Ierymenko
|
2d7c58540f
|
v6AssignMode bug fix
|
2016-07-07 17:05:12 -07:00 |
|
Adam Ierymenko
|
951038a304
|
Ignore /bits in IP assignments and just copy it from the corresponding LAN-local route. Having each managed IP assignment have its own bits field was just a source of user error and poor UX and was completely worthless.
|
2016-07-07 16:28:43 -07:00 |
|
Adam Ierymenko
|
b9329dc49a
|
Fix to IPv6 picking for small ranges.
|
2016-07-07 15:55:40 -07:00 |
|
Adam Ierymenko
|
6e08e1ae97
|
A few controller changes: (1) assign managed IPs that are assigned regardless of "assign mode" which now only controls auto-assignment or special addressing, (2) support proper issuing of managed IPv6 IPs, (3) support IPv6 auto-assign ranges
|
2016-07-07 15:42:10 -07:00 |
|
Adam Ierymenko
|
dd1d2b4d00
|
GitHub issue #343 -- fix authorizedMemberCount
|
2016-07-07 14:49:54 -07:00 |
|
Adam Ierymenko
|
030dfde38e
|
Unused printf removal while we are at it.
|
2016-06-29 18:14:49 -07:00 |
|
Adam Ierymenko
|
bb63646682
|
Fix broken SQL in controller.
|
2016-06-29 11:37:28 -07:00 |
|
Adam Ierymenko
|
d9eacd1616
|
Controller fixes...
|
2016-06-29 17:02:03 +00:00 |
|
Adam Ierymenko
|
0410fd4824
|
Refactor recent member request history to fix performance problem in controller.
|
2016-06-28 12:44:47 -07:00 |
|
Adam Ierymenko
|
12037961ff
|
small perf improvement in sqlite db.
|
2016-06-27 18:48:02 -07:00 |
|
Adam Ierymenko
|
8c572dead1
|
Query optimization.
|
2016-06-27 18:28:18 -07:00 |
|
Adam Ierymenko
|
3ddfebe742
|
dead code removal
|
2016-06-27 17:15:39 -07:00 |
|
Adam Ierymenko
|
972bbb7e06
|
Allow further concurrency on network controller.
|
2016-06-27 17:14:47 -07:00 |
|
Adam Ierymenko
|
3740b83f63
|
Don't back up sqlite db if it hasn't changed to prevent constant thrashing on inactive controllers.
|
2016-06-24 06:53:23 -07:00 |
|
Adam Ierymenko
|
90cdef8400
|
Forgot NDP emulation flag.
|
2016-06-24 06:43:23 -07:00 |
|
Adam Ierymenko
|
ee649ae69a
|
Add 6plane assignment support to network controller, and cleanup.
|
2016-06-24 06:40:50 -07:00 |
|
Adam Ierymenko
|
20d155e630
|
.
|
2016-06-24 05:21:25 -07:00 |
|
Adam Ierymenko
|
b2d048aa0e
|
Make Dictionary templatable so it can be used where we want a higher capacity.
|
2016-06-21 07:32:58 -07:00 |
|
Adam Ierymenko
|
37afa876a7
|
Linux bug fixes, small controller fix.
|
2016-06-17 00:21:58 +00:00 |
|
Adam Ierymenko
|
20d4dada40
|
Refactor controller for new merged format.
|
2016-06-16 16:05:57 -07:00 |
|
Adam Ierymenko
|
769351b30f
|
Fix to routes config in controller API.
|
2016-06-13 15:58:00 -07:00 |
|
Adam Ierymenko
|
734cbb2f1e
|
Controller modifications for default route are ready to test. Will require slight changes in ZeroTier Central when it goes live.
|
2016-06-10 15:58:35 -07:00 |
|
Adam Ierymenko
|
acbe8ad398
|
More controller work, and some RedHat fixes.
|
2016-06-10 08:26:27 -07:00 |
|
Adam Ierymenko
|
9898066b47
|
Remove some deprecated stuff in controller -- not done yet.
|
2016-06-09 11:02:42 -07:00 |
|
Adam Ierymenko
|
7e68791bee
|
Fix include for system json-parser.
|
2016-06-08 12:57:22 -07:00 |
|
Adam Ierymenko
|
683254a0db
|
Don't bother signing if we are not using the legacy netconf.
|
2016-06-07 11:17:38 -07:00 |
|
Adam Ierymenko
|
2885aea65c
|
Only send new format netconf for PV>=6
|
2016-06-07 11:13:18 -07:00 |
|
Adam Ierymenko
|
7ee3743c3d
|
Refactor controller to send both old and new format netconf.
|
2016-05-11 08:49:15 -07:00 |
|
Adam Ierymenko
|
8b9519f0af
|
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
|
2016-05-06 16:13:11 -07:00 |
|
Adam Ierymenko
|
2b3e1d5c10
|
Ignore IP assignment pool ranges that begin with 0.0.0.0 or that contain no IPs.
|
2016-03-24 13:34:01 -07:00 |
|
Adam Ierymenko
|
2c328d61ad
|
Do not auto-assign IP addresses on bridges. IPs can still be assigned manually.
|
2016-03-24 13:32:01 -07:00 |
|
Adam Ierymenko
|
9f31cbd8b8
|
Make /network/???/active return more info.
|
2016-03-17 13:05:51 -07:00 |
|
Adam Ierymenko
|
9b59bcd995
|
Clean controller circuit test memory.
|
2016-02-22 15:48:27 -08:00 |
|
Adam Ierymenko
|
69a438d64d
|
Small tweak to active threshold.
|
2016-02-19 09:10:31 -08:00 |
|
Adam Ierymenko
|
10bb9919f1
|
Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.
|
2016-02-10 09:32:42 -08:00 |
|
Adam Ierymenko
|
69b1da2e1d
|
return 200 instead of 404 when test is fetched
|
2016-02-04 16:27:25 -08:00 |
|
Adam Ierymenko
|
dc3d899e70
|
Return test ID when we post a test.
|
2016-02-04 16:09:26 -08:00 |
|
Adam Ierymenko
|
78c1d9006a
|
flood protection fix
|
2016-02-04 14:39:43 -08:00 |
|
Adam Ierymenko
|
5dad73647d
|
Lengthen backup period again
|
2016-02-04 14:22:54 -08:00 |
|
Adam Ierymenko
|
13b39a0c3e
|
SQLite perf tuning
|
2016-02-04 14:03:37 -08:00 |
|
Adam Ierymenko
|
90801a94d3
|
Track client version and tell whether active nodes support circuit test.
|
2016-02-04 13:38:42 -08:00 |
|
Adam Ierymenko
|
fab6f4450d
|
/active subpath off networks
|
2016-02-04 12:17:55 -08:00 |
|
Adam Ierymenko
|
2e04dc03f2
|
Logging to NodeHistory, SQL queries.
|
2016-02-03 18:10:56 -08:00 |
|
Adam Ierymenko
|
f8eb6b0067
|
Add NodeHistory table on sqlite controller.
|
2016-02-03 13:56:35 -08:00 |
|
Adam Ierymenko
|
9cb4bbe2b8
|
Save test results for circuit tests in memory and then cancel the test and send the results when the test is queried later. This way you can POST a test and then come GET the result at the appointed time.
|
2016-01-26 12:42:44 -08:00 |
|
Ren Jie
|
21656ba015
|
Update controller README.md
Sync make parameter with code.
|
2016-01-12 22:51:08 +08:00 |
|
Adam Ierymenko
|
436c1fac1d
|
Selectively move over changes from "edge" to "dev" excluding netcon.
|
2015-12-21 16:15:39 -08:00 |
|
Adam Ierymenko
|
523412edfb
|
Abort backup in progress if thread is told to shut down.
|
2015-11-03 16:03:00 -08:00 |
|