aee742e767
More toward GitHub issue #56
2014-04-10 16:30:15 -07:00
b5c3a92be2
Boring stuff: update dates in copyrights across all files.
2014-02-16 12:40:22 -08:00
8b65b3e6d7
Yank PROBE stuff since it's not used and was a premature addition to the protocol.
2014-01-28 10:41:43 -08:00
07f505971c
Windows build fixes.
2014-01-17 17:09:59 -08:00
10df5dcf70
Fix several things:
...
(1) The changes to path learning in the two previous releases were poorly thought out,
and this version should remedy that by introducing PROBE. This is basically a kind of
ECHO request and is used to authenticate endpoints that are not learned via a valid
request/response pair. Thus we will still passively learn endpoints, but securely.
(2) Turns out there was a security oversight in _doHELLO() that could have permitted...
well... I'm not sure it was exploitable to do anything particularly interesting since
a bad identity would be discarded anyway, but fix it just the same.
2013-12-31 11:03:45 -08:00
612c17240a
Dead code removal, fix for cleanup GitHub issue #28
2013-12-06 16:49:20 -08:00
f5d397e8c8
Pull in-band file transfer stuff. Toyed around with that idea, but it seems that updates for some platforms are big enough and there are enough reliability concerns that just using TCP/HTTP is safer and easier.
2013-12-04 10:45:15 -08:00
9fdec3acfc
More updater work... coming along.
2013-11-05 17:08:29 -05:00
6c63bfce69
File transfer work, add identities for validation of updates.
2013-11-04 17:31:00 -05:00
ae138566a9
Updater code, work in progress...
2013-11-01 12:38:38 -04:00
17778a36ba
Clean up secure random, add packet definitions for update distribution facility.
2013-10-27 07:26:50 -04:00
942cc0ca21
Certificate of membership works now... had to fix multicast propagation so COM is pushed with multicast, which makes tremendous sense in retrospect.
2013-10-25 14:51:55 -04:00
8c9b73f67b
Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.
2013-10-18 17:39:48 -04:00
ce14ba9004
Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones.
2013-10-17 06:41:52 -04:00
7e7e28f5f7
Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers.
2013-10-17 05:37:01 -04:00
46f868bd4f
Lots of cleanup, more work on certificates, some security fixes.
2013-10-16 17:47:26 -04:00
4d594b24bc
Automagically push netconf certs -- Network support.
2013-10-07 16:13:52 -04:00
dcbc9c8ddd
Rename error code for no membership certificate.
2013-10-07 15:21:40 -04:00
4267e7da93
Remove a whole bunch of now-unnecessary cruft from Topology and PacketDecoder.
2013-10-05 10:19:12 -04:00
4ecb9369b5
Fix for multicast propagation -- supernodes must always keep propagating. Also fix mac-tap build on new version of Xcode CL tools. Must use old llvm-g++ instead of clang for i686 -mkernel.
2013-09-30 11:05:35 -04:00
0dca9964bf
Whew, it builds!
2013-09-27 16:03:13 -04:00
4e010da54b
Work in progress...
2013-09-26 17:45:19 -04:00
24bad9f3d1
More work in progress in new multicast propagation...
2013-09-25 17:41:49 -04:00
f3128a18fe
Work in progress...
2013-09-25 10:55:27 -04:00
5557a8192d
Work in progress...
2013-09-24 17:35:05 -04:00
770fbaf4b2
New multicast algorithm work in progress...
2013-09-21 16:46:00 -04:00
64c9c2e06b
New packet formats for MULTICAST_FRAME, and MULTICAST_GOT. Not implemented yet in decoder, so wont compile. Work in progress.
2013-09-20 13:36:14 -04:00
4c06fcfc9d
More include formatting cleanup.
2013-09-17 15:53:59 -04:00
ceb024ab03
Integrating new crypto, work still in progress...
2013-09-16 13:02:10 -04:00
f6ad138561
Bit more of adding version to OK(HELLO)
2013-09-13 14:41:20 -04:00
d87a1d6b99
Add version info to OK(HELLO) so both sides know their version info.
2013-09-13 13:35:31 -04:00
d6414c9ff7
Windows compiles! (w/Visual Studio 2012) That's about all it does, but it's a start.
2013-08-12 21:25:36 -04:00
bf5c07f79a
Scratch that... more work wiring up netconf. Got to handle OK.
2013-08-03 12:53:46 -04:00
80d8b7d0ae
Netconf wired up, ready to test.
2013-08-02 17:17:34 -04:00
3daea24d50
Little bit of protocol changes before implementation of new verbs.
2013-07-31 09:27:55 -04:00
e4c5ad9f43
More work on network membership certs, and it builds now. Still in heavy development.
2013-07-29 17:11:00 -04:00
439e602d5a
Fix a bunch of errors due to minor method signature changes, still a work in progress.
2013-07-29 16:18:29 -04:00
a53cfc9096
Network membership certificate work in progress... does not build yet.
2013-07-29 13:56:20 -04:00
7a17f6ca80
Add skeleton of certificate-based private network authentication. Also remove some old code.
2013-07-27 16:20:08 -04:00
b0a83093ce
Back out of RPC... blech. Have a better idea.
2013-07-27 13:36:27 -04:00
af8fcac0fc
RPC infrastructure work in progress.
2013-07-25 15:19:35 -04:00
668c428051
Basic RPC stuff in Packet and PacketDecoder for RPC service support.
2013-07-23 22:46:04 -07:00
b8e9a79d00
docs
2013-07-20 18:24:56 -04:00
ffad0b2780
Factoring out packet decoder from Switch to put that object on a little bit of a diet. Work in progress, wont build yet.
2013-07-11 16:19:06 -04:00
bcd079b70e
Adding signatures to multicast frames, work in progress, does not build yet
2013-07-10 22:58:43 -04:00
9e28bbfbb2
Factored out multicast propagation algorithm from Switch and Topology, also cleaned up and clarified it a bit.
2013-07-10 17:24:27 -04:00
ef3e319c64
Several things:
...
(1) Probable fix for issue #7 and major cleanup of EthernetTap code with consolidation for all unix-like systems and specialization for different flavors only when needed.
(2) Refactor of Buffer<> to make its members private, and Packet to use Buffer's methods exclusively to access them. This improves clarity and means we're no longer lying about Buffer's role in the code's security posture.
(3) Add -fstack-protect to Makefile to bounds check stack variables.
2013-07-09 14:06:55 -04:00
cfef114c31
Possible fix for issue #4 - segfault in ___removeIp helper function in EthernetTap on OSX -- I think the problem may have been that I was using set::erase(key) while also using an iterator, so now it uses erase(iterator). See if it happens again, cause I could not duplicate the issue. Possible minor difference in STL version.
2013-07-06 13:34:35 -04:00
150850b800
New git repository for release - version 0.2.0 tagged
2013-07-04 16:56:19 -04:00
