Commit Graph

218 Commits

Author SHA1 Message Date
Adam Ierymenko
10185e92fa Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6. 2017-02-23 11:47:36 -08:00
Adam Ierymenko
803f74634a Tweak how we do crypto of the masked portions of HELLO just to be more "boring" in the DJB sense. 2017-02-06 07:39:38 -08:00
Adam Ierymenko
f85a630a64 Docs and a small build fix in debug mode. 2017-02-06 07:17:45 -08:00
Adam Ierymenko
43182f8f57 Docs, code cleanup, and protect the extra new fields of HELLO with encryption as a precaution. 2017-02-05 16:19:03 -08:00
Adam Ierymenko
3587aa1ea7 Add and send certificates of representation to tell people what our valid upstreams are. These are not used yet but will be needed for future privacy modes, etc. Also some cleanup. 2017-02-04 13:17:00 -08:00
Adam Ierymenko
beb642faa5 Stub out CAN_REACH. 2017-02-04 10:21:31 -08:00
Adam Ierymenko
f102fd7f92 Extend in-band world updates to handle moons too. 2017-01-27 13:50:56 -08:00
Adam Ierymenko
0995c1dcaa Encapsulate LZ4 in Packet.cpp to eliminate dependency. 2017-01-19 15:16:04 -08:00
Adam Ierymenko
7612bf3302 Fix LZ4 warning. 2017-01-19 14:54:39 -08:00
Adam Ierymenko
d5528e4e9a Wire up VERB_USER_MESSAGE in core. 2017-01-09 15:55:07 -08:00
Adam Ierymenko
1615ef1114 Rename getBestRoot() etc. 2016-11-17 16:31:58 -08:00
Adam Ierymenko
bf8d71e82c Add notion of upstream that is separate from root in Topology, etc. 2016-11-17 16:20:41 -08:00
Adam Ierymenko
93b4ac5cb2 Remove unused POW code, will revisit later. 2016-10-13 13:17:30 -07:00
Adam Ierymenko
cc4bacc199 Cleanup, and implement compression disable flag for networks. 2016-09-27 12:22:25 -07:00
Adam Ierymenko
15c07c58b6 Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). 2016-09-27 11:33:48 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1 Bunch more refactoring and work on revocations, etc. 2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
8e3463d47a Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency. 2016-08-24 13:37:57 -07:00
Adam Ierymenko
0ee4d3554a Stub out USER_MESSAGE. 2016-08-23 14:38:20 -07:00
Adam Ierymenko
0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00
Adam Ierymenko
0dfc08b317 Tidy up a few minor protocol things, improve documentation in Packet.hpp. 2016-08-23 11:29:02 -07:00
Adam Ierymenko
c9d7845fea Minor bug fix and some instrumentation stuff for testing. 2016-08-09 17:00:01 -07:00
Adam Ierymenko
bcd05fbdfa Chunking of network config replies. 2016-08-09 09:34:13 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
404a0bbddd ... 2016-08-04 09:51:15 -07:00
Adam Ierymenko
7e6e56e2bc Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup. 2016-08-03 18:04:08 -07:00
Adam Ierymenko
ecc1324bb0 Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places. 2016-08-02 13:36:17 -07:00
Adam Ierymenko
4929be08f7 Cleanup and stub out new object transfer messages. 2016-07-26 12:33:51 -07:00
Adam Ierymenko
765082fdb6 Trusted path support, and version bump to 1.1.9 2016-07-12 08:29:50 -07:00
Adam Ierymenko
6c6b18d003 Fix include for system lz4. 2016-06-08 12:50:56 -07:00
Adam Ierymenko
523ea68ae2 Increment protocol version to indicate support for binary network config and config request meta-data. 2016-06-07 11:08:36 -07:00
Adam Ierymenko
9da8bf37d7 docs 2016-04-28 21:31:10 +02:00
Adam Ierymenko
4c455876f9 Revise peer path weighting to always prioritize cluster-optimal paths. 2016-04-19 09:22:51 -07:00
Adam Ierymenko
cecfa99b7b (1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4) 2016-04-18 16:44:23 -07:00
Adam Ierymenko
43fff1a87e Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this. 2016-02-22 12:59:26 -08:00
Adam Ierymenko
4e4fd51117 boring doc stuff 2016-01-12 14:04:55 -08:00
Adam Ierymenko
d8143a5e18 Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev) 2016-01-05 16:41:54 -08:00
Adam Ierymenko
cba739fd6b more dead code 2016-01-05 14:46:26 -08:00
Adam Ierymenko
fb5237d5b6 Outline dead path detection mechanism. 2016-01-05 14:42:56 -08:00
Adam Ierymenko
258f95b2cd dead code removal 2016-01-05 14:19:16 -08:00
Adam Ierymenko
436c1fac1d Selectively move over changes from "edge" to "dev" excluding netcon. 2015-12-21 16:15:39 -08:00
Adam Ierymenko
57b71bfff0 Cluster simplification and refactor work in progress... 2015-11-08 13:57:02 -08:00
Adam Ierymenko
f1b6427e63 Decided to make this 1.1.0 (semantic versioning increment is warranted), and add a legacy hack for older clients working with clusters. 2015-11-02 09:32:56 -08:00
Adam Ierymenko
9617208e40 Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers. 2015-10-27 09:53:43 -07:00
Adam Ierymenko
619e113748 Work in progress on Cluster for new root infrastructure, multi-homing. 2015-10-14 14:12:12 -07:00
Adam Ierymenko
824ed99160 . 2015-10-13 12:42:54 -07:00
Adam Ierymenko
5d2f523e81 World stuff... 2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1 More World stuff, and mkworld. 2015-10-13 08:49:36 -07:00
Adam Ierymenko
1b1945c63e Work in progress on refactoring root-topology into World and adding in-band updates. 2015-10-12 18:25:29 -07:00
Adam Ierymenko
aec13b50fd Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history. 2015-10-09 15:05:26 -07:00
Adam Ierymenko
3fa6dd377f docs 2015-10-09 08:51:57 -07:00
Adam Ierymenko
273f0d18b0 docs 2015-10-08 09:05:25 -07:00
Adam Ierymenko
fea1b6b2c3 docs 2015-10-07 16:25:08 -07:00
Adam Ierymenko
0ce0bc00d2 Make sure received() gets called for some new messages, and docs. 2015-10-07 16:20:54 -07:00
Adam Ierymenko
69b44bf9a5 Finally add an ECHO. 2015-10-07 16:11:50 -07:00
Adam Ierymenko
e5f168f599 Add proof of work request for future DDOS mitigation use. 2015-10-07 13:35:46 -07:00
Adam Ierymenko
ab0228f626 More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class. 2015-10-07 10:30:47 -07:00
Adam Ierymenko
d3f29d09e8 Plumbing through circuit test stuff. 2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd Handling of CIRCUIT_TEST, should be ready to test. 2015-10-06 11:47:16 -07:00
Adam Ierymenko
0d0039674f Add new verb names, and fix some Mac compiler flags. 2015-09-30 14:48:07 -07:00
Adam Ierymenko
1a4f16e0ed More work on circuit testing... 2015-09-30 13:59:05 -07:00
Adam Ierymenko
2d0adb562d Specify circuit test messages. 2015-09-27 11:37:39 -07:00
Adam Ierymenko
0b354803f3 Clean up some YAGNI issues with implementation of GitHub issue #180, and make best path choice aware of path rank. 2015-07-13 10:03:04 -07:00
Adam Ierymenko
778c7e6e70 More cleanup to direct path push, comment fixes, etc. 2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02 A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable. 2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter. 2015-07-07 08:14:41 -07:00
Adam Ierymenko
79e9a8bcc2 Almost everything for GitHub issue #180 except direct path map setup. 2015-07-06 15:28:48 -07:00
Adam Ierymenko
255320e2a6 pushDirectPaths() implementation 2015-07-06 14:39:28 -07:00
Adam Ierymenko
93bb934d4e Some cleanup, docs, and Path -> Path > RemotePath refactor. 2015-07-06 14:08:13 -07:00
Adam Ierymenko
9743db3538 docs 2015-07-06 12:37:37 -07:00
Adam Ierymenko
e5f7c55c54 Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch. 2015-07-06 12:34:35 -07:00
Adam Ierymenko
0cbbcf2884 Rename VERB_CMA to the more descriptive VERB_PHYSICAL_ADDRESS_PUSH 2015-06-29 16:01:01 -07:00
Adam Ierymenko
7bae95836c Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address. 2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673 Renamed supernode to rootserver 2015-05-06 12:05:20 +02:00
Adam Ierymenko
845955dea5 Add definition for VERB_CMA -- GitHub issue #180 2015-06-13 18:08:00 +02:00
Adam Ierymenko
0bdd56ebd6 A few revisions to PFS design. 2015-05-15 09:04:39 -07:00
Adam Ierymenko
e94518590d First stab of PFS design work with PKC security -- may not implement in 1.0.3 but stubbing out. 2015-05-14 17:41:05 -07:00
Adam Ierymenko
a8835cd8b3 Some prep work to make room for perfect forward security (PFS). Will not affect existing clients. 2015-05-13 18:53:37 -07:00
Adam Ierymenko
e922324bc6 Stop inlining all the Packet armor/dearmor stuff to reduce binary bloat. This stuff is called all over the place. 2015-05-04 18:39:53 -07:00
Adam Ierymenko
49f031ccb4 Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc. 2015-04-07 19:31:11 -07:00
Adam Ierymenko
a2821e9000 Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz. 2015-04-06 20:17:21 -07:00
Adam Ierymenko
6eb9289367 Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch. 2015-04-03 16:52:53 -07:00
Adam Ierymenko
1f28ce3980 Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc. 2015-04-01 19:09:18 -07:00
Adam Ierymenko
93012b0ee5 Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware] 2015-02-17 13:11:34 -08:00
Adam Ierymenko
89f0c948f8 Physical address change message verb. 2015-02-04 11:59:02 -08:00
Adam Ierymenko
64ba596e0b C++ network config master ready to test. 2015-01-08 14:27:55 -08:00
Adam Ierymenko
4e95384ad6 Cleanup, add tristate to config code in Network, and happy new year! 2015-01-05 17:47:59 -08:00
Adam Ierymenko
96e9a90e8e docs 2015-01-05 16:19:56 -08:00
Adam Ierymenko
87c599df5c Back out service message type -- YAGNI violation. 2015-01-05 15:52:02 -08:00
Adam Ierymenko
56cfe1d603 Strip out old Service code, add new service message type. 2015-01-05 11:47:22 -08:00
Adam Ierymenko
5484cf4309 More cleanup, and fix a bug in Multicaster::gather() 2014-10-29 16:24:19 -07:00
Adam Ierymenko
5bb854e504 Fix a nasty bug introduced in packet fragmentation a while back during refactoring, and a few other things related to multicast. 2014-10-28 17:25:34 -07:00
Adam Ierymenko
4941c8a1f3 New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes. 2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4 Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership. 2014-10-09 12:42:25 -07:00
Adam Ierymenko
87f1b1b1e3 Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way. 2014-10-06 13:16:16 -07:00