Adam Ierymenko
|
78d548458b
|
Capabilities basically work but need to refactor a bit for performance reasons.
|
2017-02-06 16:38:48 -08:00 |
|
Adam Ierymenko
|
9ddc2a4331
|
Add a break action to rules engine to make capabilities easier to use.
|
2017-02-06 14:00:49 -08:00 |
|
Adam Ierymenko
|
5dbebc513a
|
Minor send path refactor to make packet I/O work on clusters if they are members of networks. Also fix a crash if compiled in cluster mode but no cluster is enabled.
|
2017-02-01 12:00:25 -08:00 |
|
Adam Ierymenko
|
ed31cb76d6
|
Fix to cluster network configs.
|
2017-01-30 16:04:05 -08:00 |
|
Adam Ierymenko
|
0b3b994241
|
Relay policy can now be computed.
|
2017-01-27 14:05:09 -08:00 |
|
Adam Ierymenko
|
c8554504f3
|
.
|
2016-12-22 18:37:46 -08:00 |
|
Adam Ierymenko
|
6b12d86209
|
Add a workaround for an edge case in TEE/REDIRECT if we are the inbound destination and teeing is only being done on the outbound side.
|
2016-12-22 18:06:35 -08:00 |
|
Adam Ierymenko
|
fe530548bb
|
Fix MATCH_RANDOM in controller.
|
2016-12-22 16:57:45 -08:00 |
|
Adam Ierymenko
|
2eaff6d484
|
Fix to characteristcs in rules engine.
|
2016-12-22 16:36:38 -08:00 |
|
Adam Ierymenko
|
226123ca08
|
Refactor controller to permit sending of pushes as well as just replies to config requests.
|
2016-11-10 11:54:47 -08:00 |
|
Adam Ierymenko
|
27d997a2e5
|
.
|
2016-10-13 15:17:17 -07:00 |
|
Adam Ierymenko
|
6469aa9df9
|
typo
|
2016-10-13 14:28:39 -07:00 |
|
Adam Ierymenko
|
ce6b5bc6f5
|
.
|
2016-10-13 14:21:24 -07:00 |
|
Adam Ierymenko
|
4f3775bb86
|
Fix ICMP match.
|
2016-10-13 14:21:00 -07:00 |
|
Adam Ierymenko
|
8850a8610a
|
Fix filter trace.
|
2016-10-13 13:59:17 -07:00 |
|
Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
9eaa3756f8
|
Fix deadlock-causing regression in Network.
|
2016-09-30 12:22:54 -07:00 |
|
Adam Ierymenko
|
4fe9a4fe83
|
Fix memory leak.
|
2016-09-28 16:13:59 -07:00 |
|
Adam Ierymenko
|
9f550292fe
|
Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.
|
2016-09-27 13:49:43 -07:00 |
|
Adam Ierymenko
|
cc4bacc199
|
Cleanup, and implement compression disable flag for networks.
|
2016-09-27 12:22:25 -07:00 |
|
Adam Ierymenko
|
15c07c58b6
|
Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit).
|
2016-09-27 11:33:48 -07:00 |
|
Adam Ierymenko
|
eac3667ec1
|
Bunch more refactoring and work on revocations, etc.
|
2016-09-26 16:17:02 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
d3524f3609
|
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
2016-09-20 21:21:34 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
15402933bc
|
Add physical MTU recommendation hint to network config via API.
|
2016-09-14 16:55:25 -07:00 |
|
Adam Ierymenko
|
83abc00aae
|
docs
|
2016-09-13 14:58:59 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
ef87069957
|
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
|
2016-09-09 09:32:00 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
16df2c3363
|
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
2016-09-08 19:48:05 -07:00 |
|
Adam Ierymenko
|
1f6b13b7fd
|
Fix bug causing null addresses to get in memberships[] hash.
|
2016-09-08 16:09:56 -07:00 |
|
Adam Ierymenko
|
daf8a66ced
|
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
2016-09-07 15:47:20 -07:00 |
|
Adam Ierymenko
|
20278bb9e4
|
Also send MULTICAST_LIKEs to controllers.
|
2016-09-07 15:34:34 -07:00 |
|
Adam Ierymenko
|
1908aa55f5
|
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
2016-09-07 15:15:52 -07:00 |
|
Adam Ierymenko
|
eebcf08084
|
Tweaks to new Path code for dual-stack operation, and other fixes.
|
2016-09-03 15:39:05 -07:00 |
|
Adam Ierymenko
|
22271f2a49
|
Cleanup.
|
2016-09-01 13:36:41 -07:00 |
|
Adam Ierymenko
|
8b6d23b9f6
|
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
|
2016-09-01 12:07:17 -07:00 |
|
Adam Ierymenko
|
25056de5d3
|
Also need to send credentials when TEEing and REDIRECTing.
|
2016-08-31 17:56:59 -07:00 |
|
Adam Ierymenko
|
994b25af4e
|
Simplify some logic.
|
2016-08-31 17:45:55 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
cb63babac4
|
Debug output fixes.
|
2016-08-29 16:38:10 -07:00 |
|
Adam Ierymenko
|
ac1c127b68
|
Debug output fixes.
|
2016-08-29 16:24:08 -07:00 |
|
Adam Ierymenko
|
cb82193333
|
Debug output fixes.
|
2016-08-29 16:19:26 -07:00 |
|
Adam Ierymenko
|
f0636ffd4a
|
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
|
2016-08-29 15:54:06 -07:00 |
|
Adam Ierymenko
|
51a420671f
|
Make rules engine debug a bit more verbose.
|
2016-08-29 15:17:34 -07:00 |
|
Adam Ierymenko
|
7223685b96
|
.
|
2016-08-26 15:30:20 -07:00 |
|
Adam Ierymenko
|
e7dff1c785
|
Change logic a little for self-as-destination in TEE and REDIRECT.
|
2016-08-26 15:28:31 -07:00 |
|
Adam Ierymenko
|
a5383d83d8
|
Do not TEE or REDIRECT to self.
|
2016-08-26 15:25:00 -07:00 |
|
Adam Ierymenko
|
fb5217761b
|
Add missing names in filter debug code.
|
2016-08-26 13:20:55 -07:00 |
|
Adam Ierymenko
|
90f3e94565
|
Always output trace info when debugging rules.
|
2016-08-26 12:21:44 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
2cdda38dc4
|
It basically works... at least on current controllers.
|
2016-08-24 15:26:18 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
0a7a33ef8f
|
Instantaneous blacklisting and credential revocation.
|
2016-08-23 13:46:36 -07:00 |
|
Adam Ierymenko
|
68b4ca9b31
|
Cleanup.
|
2016-08-23 11:52:10 -07:00 |
|
Adam Ierymenko
|
77f7dcf40a
|
Obsolete "test network" removal.
|
2016-08-23 09:39:38 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
7d906df805
|
Better instrumentation for filter, and filter bug fixes.
|
2016-08-10 14:27:52 -07:00 |
|
Adam Ierymenko
|
d166b494ee
|
Rule parse fix.
|
2016-08-10 13:41:22 -07:00 |
|
Adam Ierymenko
|
c9d7845fea
|
Minor bug fix and some instrumentation stuff for testing.
|
2016-08-09 17:00:01 -07:00 |
|
Adam Ierymenko
|
e1310a764a
|
More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff).
|
2016-08-09 15:45:26 -07:00 |
|
Adam Ierymenko
|
4d498b3765
|
Handling of multi-part chunked network configs on the inbound side.
|
2016-08-09 13:14:38 -07:00 |
|
Adam Ierymenko
|
2ba9343607
|
Encode and decode of tags and capabilities in NetworkConfig.
|
2016-08-09 08:32:42 -07:00 |
|
Adam Ierymenko
|
00fd9c3a15
|
It builds... almost ready to test some rules engine stuff.
|
2016-08-08 17:33:26 -07:00 |
|
Adam Ierymenko
|
8007ca56aa
|
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
|
2016-08-08 16:50:00 -07:00 |
|
Adam Ierymenko
|
4d7f625aa1
|
.
|
2016-08-05 15:55:38 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
331382cf2f
|
More cleanup and a tiny federation prep item.
|
2016-08-04 12:14:13 -07:00 |
|
Adam Ierymenko
|
5cf410490e
|
.
|
2016-08-04 10:18:33 -07:00 |
|
Adam Ierymenko
|
7e6e56e2bc
|
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
|
2016-08-03 18:04:08 -07:00 |
|
Adam Ierymenko
|
b2d048aa0e
|
Make Dictionary templatable so it can be used where we want a higher capacity.
|
2016-06-21 07:32:58 -07:00 |
|
Adam Ierymenko
|
e09c1a1c11
|
Big refactor mostly builds. We now have a uniform backward compatible netconf.
|
2016-06-16 12:28:43 -07:00 |
|
Adam Ierymenko
|
4446dbde5e
|
Big refactor in service code to prep for plumbing through route management.
|
2016-06-14 10:09:26 -07:00 |
|
Adam Ierymenko
|
9161eebc68
|
Carry virtual network routes through to API.
|
2016-06-07 12:15:19 -07:00 |
|
Adam Ierymenko
|
93b673043c
|
Fix new binary meta-data deserialization and add some debug code (will disable later).
|
2016-05-16 18:37:37 -07:00 |
|
Adam Ierymenko
|
548730660b
|
Ready to test whole new netconf refactor.
|
2016-05-11 10:19:14 -07:00 |
|
Adam Ierymenko
|
8b9519f0af
|
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
|
2016-05-06 16:13:11 -07:00 |
|
Adam Ierymenko
|
529515d1d1
|
Changes to how new-style binary network configs are detected, and a new-style binary serialized meta-data representation.
|
2016-05-06 13:29:10 -07:00 |
|
Adam Ierymenko
|
59eb09d063
|
Deserialize new style netconf.
|
2016-04-26 17:20:31 -07:00 |
|
Adam Ierymenko
|
90e1262a8b
|
More refactoring to remove old Dictionary dependencies.
|
2016-04-26 08:20:03 -07:00 |
|
Adam Ierymenko
|
2f18a92e20
|
Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route.
|
2016-04-19 12:09:35 -07:00 |
|
Adam Ierymenko
|
51fecc0be9
|
Refactor Network for new NetworkConfig.
|
2016-04-12 12:16:29 -07:00 |
|
Adam Ierymenko
|
6f854c8391
|
NetworkConfig refactor part 1
|
2016-04-12 12:11:34 -07:00 |
|
Adam Ierymenko
|
4e4fd51117
|
boring doc stuff
|
2016-01-12 14:04:55 -08:00 |
|
Adam Ierymenko
|
3883ac08c7
|
Docs and cleanup.
|
2016-01-12 13:17:30 -08:00 |
|
Adam Ierymenko
|
d6f0f1a82a
|
Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup.
|
2016-01-12 11:34:22 -08:00 |
|
Adam Ierymenko
|
83ef98a9dc
|
Add a network-associated user ptr in API.
|
2016-01-12 11:04:35 -08:00 |
|
Adam Ierymenko
|
16bc3e0398
|
Factor out RemotePath subclass of Path -- no longer needed, just cruft.
|
2015-10-27 15:00:16 -07:00 |
|
Adam Ierymenko
|
35676217e8
|
Refactor multicast group announcement to work directly or indirectly.
|
2015-10-23 14:50:07 -07:00 |
|
Adam Ierymenko
|
7d62dbe9f7
|
Tune NAT-t keepalives so that timing is better obeyed, clean up a build warning, and fix a potential source of network recursion (though harmless).
|
2015-10-07 11:57:59 -07:00 |
|