ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-19 13:07:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,454 Commits 15 Branches 105 Tags 179 MiB
af3ec000a0
Commit Graph

240 Commits

Author SHA1 Message Date
Adam Ierymenko
3587aa1ea7 Add and send certificates of representation to tell people what our valid upstreams are. These are not used yet but will be needed for future privacy modes, etc. Also some cleanup. 2017-02-04 13:17:00 -08:00
Adam Ierymenko
dcb1233b0d Slight refactor to RENEDEZVOUS sending code for federation. 2017-02-03 23:54:02 -08:00
Adam Ierymenko
9f7919f71f Add comments to join ("orbit") moons. 2017-01-27 15:27:26 -08:00
Adam Ierymenko
f102fd7f92 Extend in-band world updates to handle moons too. 2017-01-27 13:50:56 -08:00
Adam Ierymenko
64774d0d4f Replace piecemeal designation of upstreams with the concept of moons, which is simpler and easier to use and inherits all the cool live update stuff of worlds (now called planets) and global roots. 2017-01-27 13:27:52 -08:00
Adam Ierymenko
84732fcb12 Wire through external path lookup. Static paths should now work. 2016-11-22 14:23:13 -08:00
Adam Ierymenko
42ba70e79e Replace long callback arg list with struct, and implement path whitelisting, path blacklisting, and local.conf support for roles. 2016-11-22 10:54:58 -08:00
Adam Ierymenko
c61ca1dea2 Keep connections up for netconf stuff as well as frames. 2016-11-09 16:04:08 -08:00
Adam Ierymenko
9f550292fe Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. 2016-09-27 13:49:43 -07:00
Adam Ierymenko
d3524f3609 Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. 2016-09-20 21:21:34 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko
ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
c7a4da3dd3 Turns out we do not need to pass network to receive(). 2016-09-07 15:24:53 -07:00
Adam Ierymenko
1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko
a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00
Adam Ierymenko
ff9f8b1c2b Typo fix. 2016-09-07 11:15:36 -07:00
Adam Ierymenko
b5c86b6ba4 Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. 2016-09-07 11:13:17 -07:00
Adam Ierymenko
f2d2df2b11 Cluster build fix. 2016-09-06 15:06:07 -07:00
Adam Ierymenko
48a374c82c (1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection. 2016-09-06 14:05:58 -07:00
Adam Ierymenko
8a2e8bd585 Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be. 2016-09-06 12:45:28 -07:00
Adam Ierymenko
43780742b0 comments, docs 2016-09-06 11:10:04 -07:00
Adam Ierymenko
d7f2287ce9 More tweaks to path behavior. 2016-09-05 15:47:22 -07:00
Adam Ierymenko
eebcf08084 Tweaks to new Path code for dual-stack operation, and other fixes. 2016-09-03 15:39:05 -07:00
Adam Ierymenko
4992ac2d9f Cluster sub-optimal is in fact necessary... 2016-09-02 14:20:55 -07:00
Adam Ierymenko
4f8253dcdb Tweaks to path handling... 2016-09-02 13:33:56 -07:00
Adam Ierymenko
d1101441b3 Tweak some timings. 2016-09-02 11:54:59 -07:00
Adam Ierymenko
e8f6b4b5d3 Rest of big Path canonicalization refactor. 2016-09-02 11:51:33 -07:00
Adam Ierymenko
584228b2b5 Dead code removal, and get rid of reliable() because we will no longer make that distinction. 2016-08-24 17:56:35 -07:00
Adam Ierymenko
c476285bd6 Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established. 2016-08-24 16:16:39 -07:00
Adam Ierymenko
e1310a764a More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff). 2016-08-09 15:45:26 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
56febbf2ba . 2016-08-04 10:39:28 -07:00
Adam Ierymenko
2f18a92e20 Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route. 2016-04-19 12:09:35 -07:00
Adam Ierymenko
4c455876f9 Revise peer path weighting to always prioritize cluster-optimal paths. 2016-04-19 09:22:51 -07:00
Adam Ierymenko
cecfa99b7b (1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4) 2016-04-18 16:44:23 -07:00
Adam Ierymenko
284e5d83b5 Fix some broken TRACEs and a tiny reorder in a few ifs. 2016-03-28 12:15:24 -07:00
Adam Ierymenko
0c951b6e56 More tweaks to new symmetric NAT buster, and stop using old iterative method since this supersedes it. 2016-02-10 18:41:39 -08:00
Adam Ierymenko
4769dacf61 Tweak needsOurMembershipCertificate timing to resolve a possible source of occasional dropped packets. 2016-02-09 16:54:47 -08:00
Adam Ierymenko
4e4fd51117 boring doc stuff 2016-01-12 14:04:55 -08:00
Adam Ierymenko
3883ac08c7 Docs and cleanup. 2016-01-12 13:17:30 -08:00
Adam Ierymenko
740eb6ebc4 Simplify Peer locking to eliminate deadlock with new path recursion check code (and also probably improve performance). 2016-01-12 12:12:25 -08:00
Adam Ierymenko
b3e3d4cacc Instead of using binary packet comparison, add a callback to the API to explicitly check whether paths should be used. Check in with this callback (if present) when learning new paths or sending initial packets. 2016-01-11 10:17:44 -08:00
Adam Ierymenko
1023ef23b7 Remove somewhat ugly and costly anti-recursion hack -- we will switch to more explicit methods. 2016-01-11 09:06:10 -08:00
Adam Ierymenko
a56fbc1929 Close another potential anti-recursion loophole. 2016-01-06 15:35:27 -08:00
Adam Ierymenko
47ce52228b Roots should probably not do this since it would likely be a waste of packets. 2016-01-06 12:54:51 -08:00
Adam Ierymenko
9aee72099e AntiRecursion cleanup and some other minor things. 2016-01-06 10:59:39 -08:00
Adam Ierymenko
05b2c0743f Tighten up dead path detection. Should now auto-detect dead paths in less than 10 seconds at a very small cost in ECHO requests (or HELLOs for older peers). GitHib issue #272 2016-01-06 10:00:03 -08:00
Adam Ierymenko
4d94ae77b4 simplify if 2016-01-05 16:48:35 -08:00
Adam Ierymenko
d8143a5e18 Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev) 2016-01-05 16:41:54 -08:00
Adam Ierymenko
436c1fac1d Selectively move over changes from "edge" to "dev" excluding netcon. 2015-12-21 16:15:39 -08:00
Adam Ierymenko
0940d673db Always advertise to the cluster when we have a peer even if we have also initiated handoff. This might be the cause of the warmup problem -- will test later. At the very least it should not hurt anything due to pick-latest logic and the fact that cluster members with only suboptimal paths do not respond to WANT_PEER. 2015-11-11 14:36:22 -08:00
Adam Ierymenko
32ec378e3b Announce that we have peers on the cluster when we first see them to improve startup times, and add a result crunching script to tests/http. 2015-11-09 18:01:23 -08:00
Adam Ierymenko
2cc50bdb10 Try bringing back TTL escalation -- may help with Docker (IP-MASQ) type NAT 2015-11-09 15:44:13 -08:00
Adam Ierymenko
35c4e28f31 Mark geo-redirected paths as suboptimal and do not report that we have a peer if all we have is one of these. Also a few other small fixes. 2015-11-09 14:25:28 -08:00
Adam Ierymenko
57b71bfff0 Cluster simplification and refactor work in progress... 2015-11-08 13:57:02 -08:00
Adam Ierymenko
6bc8c9d8ef Clustering cleanup, still a work in progress. 2015-11-06 16:12:41 -08:00
Adam Ierymenko
5f39d5b7ea Further pare down Cluster messaging and rename some stuff. 2015-11-06 14:37:17 -08:00
Adam Ierymenko
a42d714a87 . 2015-11-03 11:18:45 -08:00
Adam Ierymenko
a994573a43 Eliminate some more dead code. We may do path trust, but not like that. 2015-10-29 09:42:15 -07:00
Adam Ierymenko
cdc99bfee1 Add a circuit breaker for VERB_PUSH_DIRECT_PATHS. 2015-10-27 18:18:26 -07:00
Adam Ierymenko
cc1b275ad9 Replicate peer endpoints and forget paths if we have them -- this allows two clusters to talk to each other, whereas forgetting all paths does not. 2015-10-27 16:47:13 -07:00
Adam Ierymenko
cc6080fe38 (1) No need to confirm if we are a root (small optimization), (2) Refactor peer affinity tracking. 2015-10-27 15:57:26 -07:00
Adam Ierymenko
218ef07d8e Build fix in TRACE mode. 2015-10-27 15:01:11 -07:00
Adam Ierymenko
16bc3e0398 Factor out RemotePath subclass of Path -- no longer needed, just cruft. 2015-10-27 15:00:16 -07:00
Adam Ierymenko
40976c02a4 Forget paths to peers if we are handing them off. 2015-10-27 14:37:38 -07:00
Adam Ierymenko
a1a0ee4edb Fix infinite loop in Cluster, clean up some stuff elsewhere, and back out rate limiting in PUSH_DIRECT_PATHS for now (but we will do something else to mitigate amplification attacks) 2015-10-27 12:01:00 -07:00
Adam Ierymenko
9617208e40 Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers. 2015-10-27 09:53:43 -07:00
Adam Ierymenko
69857b4ba8 Refactor cluster redirects to move code to push peers out of the actual Cluster function that checks for redirect, and clean up Peer::received() to be a bit more logical. 2015-10-27 09:36:48 -07:00
Adam Ierymenko
e713f7a54c Can redirect in response to a few more verbs, just not these. 2015-10-26 18:20:40 -07:00
Adam Ierymenko
98d856daa2 Only send redirects to the sending InetAddress and only in response to a set of certain frame types to avoid potential race conditions. 2015-10-26 17:58:51 -07:00
Adam Ierymenko
8bfb02ba3c Only send redirects for the same address class, and elminiate some TRACE noise. 2015-10-26 16:55:55 -07:00
Adam Ierymenko
978b056a01 Wire in redirectPeer(), now about ready to test clustering! 2015-10-20 17:36:10 -07:00
Adam Ierymenko
2258e36a59 Move replication of COMs to avoid race condition. 2015-10-20 16:34:21 -07:00
Adam Ierymenko
59e1444b27 Finish wiring up Cluster, fix some issues with other recent changes. 2015-10-20 16:31:41 -07:00
Adam Ierymenko
eb79d4a2f3 Wire up peer announcement in cluster. 2015-10-20 16:24:21 -07:00
Adam Ierymenko
57e29857cf Cluster work -- integrating with the rest of the code. 2015-10-20 15:27:53 -07:00
Adam Ierymenko
cfdcce6d12 Fix very obscure IP scope classification logic bug. 2015-10-19 15:19:04 -07:00
Adam Ierymenko
9150778757 . 2015-10-19 15:04:26 -07:00
Adam Ierymenko
50f3ccd3c9 . 2015-10-19 15:03:58 -07:00
Adam Ierymenko
584072fa6a Fix for V4/V6 stable addressing. 2015-10-19 14:04:36 -07:00
Adam Ierymenko
cc4d0199e7 Fix vProto init. 2015-10-16 10:58:59 -07:00
Adam Ierymenko
781f06ef82 Accept OK for confirm of HELLO or ECHO. 2015-10-16 10:48:38 -07:00
Adam Ierymenko
5ce3aac929 Add rate limit on receive of DIRECT_PATH_PUSH to prevent DOS exploitation. 2015-10-16 10:28:09 -07:00
Adam Ierymenko
2229e91b57 IPv6 support fixes. 2015-10-16 10:10:12 -07:00
Adam Ierymenko
5d2f523e81 World stuff... 2015-10-13 12:10:44 -07:00
Adam Ierymenko
7d62dbe9f7 Tune NAT-t keepalives so that timing is better obeyed, clean up a build warning, and fix a potential source of network recursion (though harmless). 2015-10-07 11:57:59 -07:00
Adam Ierymenko
ab0228f626 More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class. 2015-10-07 10:30:47 -07:00
Grant Limberg
6080a45c9c change cert to com. no variable named cert. 2015-10-02 19:39:13 -07:00
Adam Ierymenko
2c196307ee --bugs; 2015-10-01 13:01:18 -07:00
Adam Ierymenko
53e5f94b99 . 2015-10-01 12:25:43 -07:00
Adam Ierymenko
9405150b11 Restore group announcement on Peer::receive() but centralize packet composition in one place. 2015-10-01 11:37:02 -07:00
Adam Ierymenko
a3db7d0728 Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things. 2015-10-01 11:11:52 -07:00
Adam Ierymenko
f69454ec98 (1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses. 2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c Plumb through localInterfaceId to track local interfaces corresponding with remote addresses. 2015-09-23 13:49:56 -07:00
Adam Ierymenko
86996d4315 Eliminate compiler warning. 2015-09-23 10:27:53 -07:00
Adam Ierymenko
d656e87395 Send a random small payload for NAT keepalives, since zero byte packets seem to fail to keep associations alive behind some NATs. 2015-09-22 15:58:00 -07:00