Commit Graph

1344 Commits

Author SHA1 Message Date
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00
Adam Ierymenko
ff9f8b1c2b Typo fix. 2016-09-07 11:15:36 -07:00
Adam Ierymenko
b5c86b6ba4 Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. 2016-09-07 11:13:17 -07:00
Adam Ierymenko
f2d2df2b11 Cluster build fix. 2016-09-06 15:06:07 -07:00
Adam Ierymenko
48a374c82c (1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection. 2016-09-06 14:05:58 -07:00
Adam Ierymenko
8a2e8bd585 Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be. 2016-09-06 12:45:28 -07:00
Adam Ierymenko
43780742b0 comments, docs 2016-09-06 11:10:04 -07:00
Adam Ierymenko
d7f2287ce9 More tweaks to path behavior. 2016-09-05 15:47:22 -07:00
Adam Ierymenko
eebcf08084 Tweaks to new Path code for dual-stack operation, and other fixes. 2016-09-03 15:39:05 -07:00
Adam Ierymenko
01aa469591 Remove debug line. 2016-09-02 14:26:04 -07:00
Adam Ierymenko
4992ac2d9f Cluster sub-optimal is in fact necessary... 2016-09-02 14:20:55 -07:00
Adam Ierymenko
412979ba8f Attempt to reactivate dead paths. 2016-09-02 13:55:33 -07:00
Adam Ierymenko
4f8253dcdb Tweaks to path handling... 2016-09-02 13:33:56 -07:00
Adam Ierymenko
4931e44998 Implement "weak pointer" behavior on Topology Path canonicalization hash table. 2016-09-02 12:34:02 -07:00
Adam Ierymenko
d1101441b3 Tweak some timings. 2016-09-02 11:54:59 -07:00
Adam Ierymenko
e8f6b4b5d3 Rest of big Path canonicalization refactor. 2016-09-02 11:51:33 -07:00
Adam Ierymenko
a3bdae9735 Work in progress: Path canonicalization refactor. 2016-09-01 15:43:07 -07:00
Adam Ierymenko
d5e6f59004 . 2016-09-01 13:45:32 -07:00
Adam Ierymenko
22271f2a49 Cleanup. 2016-09-01 13:36:41 -07:00
Adam Ierymenko
8b6d23b9f6 Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table. 2016-09-01 12:07:17 -07:00
Adam Ierymenko
25056de5d3 Also need to send credentials when TEEing and REDIRECTing. 2016-08-31 17:56:59 -07:00
Adam Ierymenko
994b25af4e Simplify some logic. 2016-08-31 17:45:55 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61 rename SAMENESS to DIFFERENCE which is less confusing 2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b Add overlooked MATCH_ICMP to rule set. 2016-08-31 14:01:15 -07:00
Adam Ierymenko
2ff2a8fd9a Cluster build fixes and warning elimination. 2016-08-31 09:38:21 -07:00
Adam Ierymenko
cb63babac4 Debug output fixes. 2016-08-29 16:38:10 -07:00
Adam Ierymenko
ac1c127b68 Debug output fixes. 2016-08-29 16:24:08 -07:00
Adam Ierymenko
cb82193333 Debug output fixes. 2016-08-29 16:19:26 -07:00
Adam Ierymenko
f0636ffd4a EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule. 2016-08-29 15:54:06 -07:00
Adam Ierymenko
51a420671f Make rules engine debug a bit more verbose. 2016-08-29 15:17:34 -07:00
Adam Ierymenko
7223685b96 . 2016-08-26 15:30:20 -07:00
Adam Ierymenko
e7dff1c785 Change logic a little for self-as-destination in TEE and REDIRECT. 2016-08-26 15:28:31 -07:00
Adam Ierymenko
a5383d83d8 Do not TEE or REDIRECT to self. 2016-08-26 15:25:00 -07:00
Adam Ierymenko
a3c7627acf Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags. 2016-08-26 14:43:16 -07:00
Adam Ierymenko
6bd5aba4fa fix frame size range bug 2016-08-26 13:26:26 -07:00
Adam Ierymenko
fb5217761b Add missing names in filter debug code. 2016-08-26 13:20:55 -07:00
Adam Ierymenko
90f3e94565 Always output trace info when debugging rules. 2016-08-26 12:21:44 -07:00
Adam Ierymenko
ded5a53a6c Documentation updates, add rules engine revision to network config request meta-data. 2016-08-26 10:38:43 -07:00
Adam Ierymenko
d637988ccf Fix chicken or egg problem in tags, and better filter debug instrumentation. 2016-08-25 18:21:20 -07:00
Adam Ierymenko
b5e0d014ab Controller bug fixes 2016-08-25 16:08:40 -07:00
Adam Ierymenko
5eaf397a94 Add a debug log feature in the filter, which only works if enabled in Network.cpp. 2016-08-25 13:31:23 -07:00
Adam Ierymenko
584228b2b5 Dead code removal, and get rid of reliable() because we will no longer make that distinction. 2016-08-24 17:56:35 -07:00
Adam Ierymenko
cd3683f2ba Fix a missing receive(). 2016-08-24 17:50:51 -07:00
Adam Ierymenko
347ebcd899 Set trust flag in network controllers if remote query is accepted to allow NATed network controllers to better traverse. 2016-08-24 17:48:13 -07:00
Adam Ierymenko
e52c2c41ec Add a circuit breaker to prevent too many credentials from being stored per member. 2016-08-24 17:24:35 -07:00
Adam Ierymenko
c476285bd6 Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established. 2016-08-24 16:16:39 -07:00
Adam Ierymenko
63e8ad4cc3 TRACE stuff. 2016-08-24 15:45:37 -07:00
Adam Ierymenko
2cdda38dc4 It basically works... at least on current controllers. 2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6 Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller. 2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency. 2016-08-24 13:37:57 -07:00
Adam Ierymenko
0ee4d3554a Stub out USER_MESSAGE. 2016-08-23 14:38:20 -07:00
Adam Ierymenko
0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00
Adam Ierymenko
32fa061700 Compute credential TTL et al. 2016-08-23 13:02:59 -07:00
Adam Ierymenko
7036831203 Sign Dictionary in doNETWORK_CONFIG_REQUEST. 2016-08-23 11:57:56 -07:00
Adam Ierymenko
68b4ca9b31 Cleanup. 2016-08-23 11:52:10 -07:00
Adam Ierymenko
0dfc08b317 Tidy up a few minor protocol things, improve documentation in Packet.hpp. 2016-08-23 11:29:02 -07:00
Adam Ierymenko
77f7dcf40a Obsolete "test network" removal. 2016-08-23 09:39:38 -07:00
Adam Ierymenko
9a3c652a51 Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity. 2016-08-22 18:06:46 -07:00
Adam Ierymenko
b0d888d235 Signing of Capability and Tag objects. 2016-08-22 14:25:59 -07:00
Adam Ierymenko
faa9a06bf5 Controller fixes... 2016-08-17 17:37:37 -07:00
Adam Ierymenko
b72847d504 Finally implement network join auth tokens, at least at the protocol level. 2016-08-17 13:41:45 -07:00
Adam Ierymenko
b08ca49580 More controller work -- it builds! 2016-08-16 14:05:17 -07:00
Adam Ierymenko
bd15262e54 Bunch of rule JSON stuff. 2016-08-15 18:49:50 -07:00
Adam Ierymenko
7d906df805 Better instrumentation for filter, and filter bug fixes. 2016-08-10 14:27:52 -07:00
Adam Ierymenko
d166b494ee Rule parse fix. 2016-08-10 13:41:22 -07:00
Adam Ierymenko
81959f14af Refactor and redesign symmetric NAT predictor. This is cleaner. 2016-08-10 10:28:54 -07:00
Adam Ierymenko
c9d7845fea Minor bug fix and some instrumentation stuff for testing. 2016-08-09 17:00:01 -07:00
Adam Ierymenko
0b0cda2be4 ZT_TRACE fix. 2016-08-09 15:55:41 -07:00
Adam Ierymenko
e1310a764a More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff). 2016-08-09 15:45:26 -07:00
Adam Ierymenko
dbf3e6c3c9 Dead code removal. 2016-08-09 15:01:46 -07:00
Adam Ierymenko
dee7f75f7e Minor cleanup. 2016-08-09 14:46:11 -07:00
Adam Ierymenko
774c7e0ea5 Put CONFIG_REFRESH back. 2016-08-09 13:52:08 -07:00
Adam Ierymenko
4d498b3765 Handling of multi-part chunked network configs on the inbound side. 2016-08-09 13:14:38 -07:00
Adam Ierymenko
bcd05fbdfa Chunking of network config replies. 2016-08-09 09:34:13 -07:00
Adam Ierymenko
2ba9343607 Encode and decode of tags and capabilities in NetworkConfig. 2016-08-09 08:32:42 -07:00
Adam Ierymenko
51cf49a24f cleanup 2016-08-08 17:40:22 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
8007ca56aa Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first. 2016-08-08 16:50:00 -07:00
Adam Ierymenko
4d7f625aa1 . 2016-08-05 15:55:38 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
4d9b74b171 . 2016-08-04 15:27:20 -07:00
Adam Ierymenko
37d139177d Integrate Filter into OutboundMulticast properly. 2016-08-04 13:01:14 -07:00
Adam Ierymenko
8a7753cfe3 Filter cleanup, prep for filter integration in a few places. 2016-08-04 12:35:25 -07:00
Adam Ierymenko
331382cf2f More cleanup and a tiny federation prep item. 2016-08-04 12:14:13 -07:00
Adam Ierymenko
98152d974a More cleanup and removal of DeferredPackets, will do the latter in a more elegant way. 2016-08-04 11:40:38 -07:00
Adam Ierymenko
56febbf2ba . 2016-08-04 10:39:28 -07:00
Adam Ierymenko
5cf410490e . 2016-08-04 10:18:33 -07:00
Adam Ierymenko
404a0bbddd ... 2016-08-04 09:51:15 -07:00
Adam Ierymenko
f057bb63cd More work on tags and capabilities. 2016-08-04 09:02:35 -07:00
Adam Ierymenko
7e6e56e2bc Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup. 2016-08-03 18:04:08 -07:00
Adam Ierymenko
67cb03742e Add tag rules and split out rule serialize/deserialize so the code can be reused. 2016-08-03 14:12:38 -07:00
Adam Ierymenko
91940cbcf5 Kill network preferred relays -- this feature is gone (and was seldom used anyway) in favor of federation. 2016-08-02 14:40:26 -07:00
Adam Ierymenko
ecc1324bb0 Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places. 2016-08-02 13:36:17 -07:00
Adam Ierymenko
d3b0081447 Cleanup... 2016-07-28 12:09:58 -07:00
Adam Ierymenko
22e44c762b More rules engine work: key/value pair matching for microsegmentation. 2016-07-28 10:58:10 -07:00
Adam Ierymenko
4929be08f7 Cleanup and stub out new object transfer messages. 2016-07-26 12:33:51 -07:00
Adam Ierymenko
088bbd1c08 Filter fixes. 2016-07-25 17:03:26 -07:00
Adam Ierymenko
7404eb46c4 Integration of Filter into inbound and outbound packet path. 2016-07-25 16:51:10 -07:00