Adam Ierymenko
e5f168f599
Add proof of work request for future DDOS mitigation use.
2015-10-07 13:35:46 -07:00
Adam Ierymenko
13f14c2f4c
Kill debug line.
2015-10-07 10:56:47 -07:00
Adam Ierymenko
ab0228f626
More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class.
2015-10-07 10:30:47 -07:00
Adam Ierymenko
1b2cac0cc5
Trim some cruft that is not used and probably never would be.
2015-10-07 09:38:33 -07:00
Adam Ierymenko
3593fb3462
Send initial CIRCUIT_TEST packet.
2015-10-06 15:16:41 -07:00
Adam Ierymenko
d3f29d09e8
Plumbing through circuit test stuff.
2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd
Handling of CIRCUIT_TEST, should be ready to test.
2015-10-06 11:47:16 -07:00
Adam Ierymenko
a3db7d0728
Refactor: move network COMs out of Network and into Peer in prep for tightening up multicast lookup and other things.
2015-10-01 11:11:52 -07:00
Adam Ierymenko
1a4f16e0ed
More work on circuit testing...
2015-09-30 13:59:05 -07:00
Adam Ierymenko
f69454ec98
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c
Plumb through localInterfaceId to track local interfaces corresponding with remote addresses.
2015-09-23 13:49:56 -07:00
Adam Ierymenko
0d386f1c31
Add a bit of useful testing instrumentation to SqliteNetworkController.
2015-09-08 11:35:55 -07:00
Adam Ierymenko
b31071463c
Try another NAT traversal improvement.
2015-07-28 11:28:47 -07:00
Adam Ierymenko
b3516c599b
Add a rate limiting circuit breaker to the network controller to prevent flooding attacks and race conditions.
2015-07-23 10:10:17 -07:00
Adam Ierymenko
3ba54c7e35
Eliminate some poorly thought out optimizations from the netconf/controller interaction,
...
and go ahead and bump version to 1.0.4.
For a while in 1.0.3 -dev I was trying to optimize out repeated network controller
requests by using a ratcheting mechanism. If the client received a network config
that was indeed different from the one it had, it would respond by instantlly
requesting it again.
Not sure what I was thinking. It's fundamentally unsafe to respond to a message
with another message of the same type -- it risks a race condition. In this case
that's exactly what could happen.
It just isn't worth the added complexity to avoid a tiny, tiny amount of network
overhead, so I've taken this whole path out.
A few extra bytes every two minutes isn't worth fretting about, but as I recall
the reason for this optimization was to save CPU on the controller. This can be
achieved by just caching responses in memory *there* and serving those same
responses back out if they haven't changed.
I think I developed that 'ratcheting' stuff before I went full time on this. It's
hard to develop stuff like this without hours of sustained focus.
2015-07-23 09:50:10 -07:00
Adam Ierymenko
0b354803f3
Clean up some YAGNI issues with implementation of GitHub issue #180 , and make best path choice aware of path rank.
2015-07-13 10:03:04 -07:00
Adam Ierymenko
0b9524f23d
Merge branch 'adamierymenko-dev' of http://git.int.zerotier.com/zerotier/zerotierone into adamierymenko-dev
2015-07-13 09:30:02 -07:00
Adam Ierymenko
4bf3bcbd55
Fixes to PUSH_DIRECT_PATHS.
2015-07-13 09:29:51 -07:00
Adam Ierymenko
3f0eca72f7
ZT_TRACE build fix.
2015-07-13 08:36:22 -07:00
Adam Ierymenko
412389ec75
Implement ERROR_UNWATNED_MULTICAST
2015-07-07 11:49:38 -07:00
Adam Ierymenko
778c7e6e70
More cleanup to direct path push, comment fixes, etc.
2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02
A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable.
2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
2015-07-07 08:14:41 -07:00
Adam Ierymenko
6da9d2d36f
Remove debug printf().
2015-07-06 17:23:22 -07:00
Adam Ierymenko
f881cdd767
Add new .h file to VS build, and Windows side of local interface address enumeration.
2015-07-06 17:22:37 -07:00
Adam Ierymenko
79e9a8bcc2
Almost everything for GitHub issue #180 except direct path map setup.
2015-07-06 15:28:48 -07:00
Adam Ierymenko
fad9dff2db
Almost all of GitHub issue #180
2015-07-06 15:05:04 -07:00
Adam Ierymenko
e5f7c55c54
Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch.
2015-07-06 12:34:35 -07:00
Adam Ierymenko
7bae95836c
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
2015-06-19 10:23:25 -07:00
Adam Ierymenko
87bb0086de
Almost certain fix for GitHub issue #184 on -dev
2015-06-17 12:46:12 -07:00
Kees Bos
a425bbc673
Renamed supernode to rootserver
2015-05-06 12:05:20 +02:00
Adam Ierymenko
5341e32729
Fix to GitHub issue #140 -- network preferred relays. Also go ahead and allow RENDEZVOUS from regular peers.
2015-06-01 19:05:27 -07:00
Adam Ierymenko
d9006712f6
Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world.
2015-05-21 15:58:26 -07:00
Adam Ierymenko
b4b067bf12
So we need to keep track of external surface per reporter, since some NATs assign different external IPs for each external destination. Keeping just one known surface could create a race condition.
2015-05-04 18:34:30 -07:00
Adam Ierymenko
d3820049b8
Add reported external address to OK(HELLO) TRACE to verify SN behavior.
2015-04-30 18:25:31 -07:00
Adam Ierymenko
9eb7698f0e
Learn external IP addresses on OK(HELLO) too.
2015-04-30 16:40:04 -07:00
Adam Ierymenko
f5848972f9
Windows now builds and runs selftest correctly, and fixed a Windows (and possibly other platforms) issue in Phy<>.
2015-04-24 15:05:28 -07:00
Adam Ierymenko
417f56de2f
Add some TRACE instrumentation to external surface address awareness.
2015-04-17 12:19:01 -07:00
Adam Ierymenko
ea1859541c
More cleanup, and fix for the extremely unlikely case of identity collision.
2015-04-15 18:32:25 -07:00
Adam Ierymenko
6369c264e2
Rename netconf to controller and NetworkConfigMaster to NetworkController for consistency.
2015-04-15 15:12:09 -07:00
Adam Ierymenko
98bcc3d4b5
Disable a few noisy TRACEs, and limit how often we confirm new paths to avoid flooding.
2015-04-15 13:15:09 -07:00
Adam Ierymenko
068d311ecc
TRACE compile fixes, other fixes, and it basically works! It says HELLO.
2015-04-09 20:54:00 -07:00
Adam Ierymenko
4d5a6a25d3
Add events for packet decode errors, etc., and re-implement TRACE as an event.
2015-04-08 16:49:21 -07:00
Adam Ierymenko
52c3b7c34e
Implemented empirical determination of external addressing, paritioned per scope.
2015-04-07 11:56:10 -07:00
Adam Ierymenko
817824b88b
Some external surface awareness work, and IP scope classification.
2015-04-07 10:57:59 -07:00
Adam Ierymenko
a2821e9000
Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz.
2015-04-06 20:17:21 -07:00
Adam Ierymenko
f4fd2d4971
Bring IncomingPacket into line with new changes.
2015-04-06 14:50:53 -07:00
Adam Ierymenko
1f28ce3980
Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc.
2015-04-01 19:09:18 -07:00
Adam Ierymenko
b6fba5934a
RedisNetworkConfigMaster in its own folder. Also fix some hex/decimal Redis database confusion.
2015-02-24 14:17:57 -08:00
Adam Ierymenko
ff255a34de
Make NetworkConfigMaster a plugin to get Redis and other non-endpoint code out of node/
2015-02-24 12:28:58 -08:00
Adam Ierymenko
93012b0ee5
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
2015-02-17 13:11:34 -08:00
Adam Ierymenko
b1bf3f68c3
Drop support for legacy P5 multicast, as there are fewer than 1% of these remaining on the network.
2015-02-02 16:34:01 -08:00
Adam Ierymenko
0b84c10ccc
Add confirmation step to new netconf, with the caveat that it will be disabled for older netconf servers to avoid race. Also add some comments.
2015-01-09 16:35:20 -05:00
Adam Ierymenko
afea153a0b
Build fixes.
2015-01-08 18:17:02 -05:00
Adam Ierymenko
64ba596e0b
C++ network config master ready to test.
2015-01-08 14:27:55 -08:00
Adam Ierymenko
4e95384ad6
Cleanup, add tristate to config code in Network, and happy new year!
2015-01-05 17:47:59 -08:00
Adam Ierymenko
56cfe1d603
Strip out old Service code, add new service message type.
2015-01-05 11:47:22 -08:00
Adam Ierymenko
ff539c22f9
locallyValidate() is expensive -- stop doing it on every HELLO since in most cases we already know the identity and know it is valid
2014-12-16 09:29:40 -08:00
Adam Ierymenko
8c64046a53
docs
2014-11-26 14:59:43 -08:00
Adam Ierymenko
15d3e383e6
Add ZT_SUPPORT_LEGACY_MULTICAST ifdef to enable the legacy code to all be toggled.
2014-11-25 12:46:51 -08:00
Adam Ierymenko
7619b0ecbd
Send multicasts in random order.
...
This should not affect most users, but on large networks it should cause service
announcements to work a lot better. This is the result of a prolonged discussion
with a user about the visibility of game servers on a large network. The old
multicast algorithm was de-facto randomized due to its distributed nature, while
the new algorithm is more deterministic. This will restore some randomization
beyond limit-overflow conditions.
It won't affect small networks at all.
2014-11-21 10:50:27 -08:00
Adam Ierymenko
c61e9c0ef9
Prevent "software laser" in legacy multicast support. Already hotpatched in supernodes.
2014-11-13 14:21:06 -05:00
Adam Ierymenko
5484cf4309
More cleanup, and fix a bug in Multicaster::gather()
2014-10-29 16:24:19 -07:00
Adam Ierymenko
22d8aa4dc9
Moderate efficiency improvement on multicast gather result parsing, and go ahead and keep track of total known peers.
2014-10-29 15:26:32 -07:00
Adam Ierymenko
0e47f13f14
Simplify locking semantics some more to address a deadlock.
2014-10-21 10:42:04 -07:00
Adam Ierymenko
42d644a57e
More fixes to legacy support, and to a potential issue on quit.
2014-10-14 12:37:35 -07:00
Adam Ierymenko
2416491cbc
Permanently retire peers.persist, but make iddb.d always enabled instead since identities are what we really want to cache.
2014-10-13 14:12:51 -07:00
Adam Ierymenko
8b0846d077
Delete bunch of commented out code.
2014-10-11 16:53:21 -07:00
Adam Ierymenko
0d017c043f
Stop persisting last announcement time since Multicaster is volatile. Also some more legacy multicast fixes.
2014-10-11 16:26:02 -07:00
Adam Ierymenko
c2aac69a9f
Fixes to legacy peer support.
2014-10-11 15:49:31 -07:00
Adam Ierymenko
e071c05f1b
Add a sanity limit to legacy multicast repeater function in supernode-mode nodes, and change netconf-master to issue multicast limit (ml) instead of old p5 stuff.
2014-10-10 14:59:07 -07:00
Adam Ierymenko
1774e615a1
<= MTU
2014-10-10 09:09:56 -07:00
Adam Ierymenko
56f8f8aa24
Return self in GATHER requests if self is a member of multicast group, and reinstate legacy support.
2014-10-09 18:32:05 -07:00
Adam Ierymenko
4941c8a1f3
New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes.
2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4
Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership.
2014-10-09 12:42:25 -07:00
Adam Ierymenko
620e64c58f
Supernode propagation of legacy multicast frames was brokezored.
2014-10-09 09:03:12 -07:00
Adam Ierymenko
87f1b1b1e3
Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way.
2014-10-06 13:16:16 -07:00
Adam Ierymenko
ab22feba9a
Bump version to 1.0.0, add legacy support code to Multicaster to not send new frame to known-to-be-old peers.
2014-10-05 10:34:25 -07:00
Adam Ierymenko
3f7e7e8a88
Do not multicast to self.
2014-10-03 18:42:41 -07:00
Adam Ierymenko
1109046782
Last steps before test: parse OK(MULTICAST_GATHER) and OK(MULTICAST_FRAME)
2014-10-02 13:50:37 -07:00
Adam Ierymenko
49dc47ff38
Make multicast gathering a bit smarter.
2014-10-02 11:35:37 -07:00
Adam Ierymenko
23836d4c11
Change "encrypted" flag to full cipher suite selector. Go ahead and reserve AES256-GCM which might be added in the future.
2014-10-02 10:54:34 -07:00
Adam Ierymenko
e53d208ea4
Improve security posture by eliminating non-const data() accessor from Buffer.
2014-10-02 10:06:29 -07:00
Adam Ierymenko
28646eee0a
A bit more IncomingPacket cleanup... almost ready to test, just need OK() handling.
2014-10-01 16:29:52 -07:00
Adam Ierymenko
ea6124dd2f
IncomingPacket builds!
2014-09-30 17:33:20 -07:00
Adam Ierymenko
b41437780b
Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket...
2014-09-30 17:26:34 -07:00
Adam Ierymenko
2659427864
Multicaster needs to be global, not per-network, and a bunch of other stuff.
2014-09-30 16:28:25 -07:00
Adam Ierymenko
ed0ba49502
A few more revisions to new multicast verbs.
2014-09-26 14:18:25 -07:00
Adam Ierymenko
81b12b6826
Rename the ubiquitous _r pointer to RuntimeEnvironment to RR just to be a little more consistent about using _ to denote private member variables.
2014-09-24 13:53:03 -07:00
Adam Ierymenko
557801a09e
Rename PacketDecoder to much more descriptive IncomingPacket
2014-09-24 09:04:09 -07:00
Adam Ierymenko
9180a30986
.
2014-09-24 09:01:58 -07:00