Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
a7d988745b
|
Use ECHO instead of HELLO where possible.
|
2016-09-07 12:01:03 -07:00 |
|
Adam Ierymenko
|
ff9f8b1c2b
|
Typo fix.
|
2016-09-07 11:15:36 -07:00 |
|
Adam Ierymenko
|
b5c86b6ba4
|
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
|
2016-09-07 11:13:17 -07:00 |
|
Adam Ierymenko
|
f2d2df2b11
|
Cluster build fix.
|
2016-09-06 15:06:07 -07:00 |
|
Adam Ierymenko
|
48a374c82c
|
(1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection.
|
2016-09-06 14:05:58 -07:00 |
|
Adam Ierymenko
|
8a2e8bd585
|
Rework how paths are set as remote cluster preferred. The code is now clearer and cluster preference indications are now very sticky as they should be.
|
2016-09-06 12:45:28 -07:00 |
|
Adam Ierymenko
|
43780742b0
|
comments, docs
|
2016-09-06 11:10:04 -07:00 |
|
Adam Ierymenko
|
d7f2287ce9
|
More tweaks to path behavior.
|
2016-09-05 15:47:22 -07:00 |
|
Adam Ierymenko
|
eebcf08084
|
Tweaks to new Path code for dual-stack operation, and other fixes.
|
2016-09-03 15:39:05 -07:00 |
|
Adam Ierymenko
|
01aa469591
|
Remove debug line.
|
2016-09-02 14:26:04 -07:00 |
|
Adam Ierymenko
|
4992ac2d9f
|
Cluster sub-optimal is in fact necessary...
|
2016-09-02 14:20:55 -07:00 |
|
Adam Ierymenko
|
412979ba8f
|
Attempt to reactivate dead paths.
|
2016-09-02 13:55:33 -07:00 |
|
Adam Ierymenko
|
4f8253dcdb
|
Tweaks to path handling...
|
2016-09-02 13:33:56 -07:00 |
|
Adam Ierymenko
|
4931e44998
|
Implement "weak pointer" behavior on Topology Path canonicalization hash table.
|
2016-09-02 12:34:02 -07:00 |
|
Adam Ierymenko
|
d1101441b3
|
Tweak some timings.
|
2016-09-02 11:54:59 -07:00 |
|
Adam Ierymenko
|
e8f6b4b5d3
|
Rest of big Path canonicalization refactor.
|
2016-09-02 11:51:33 -07:00 |
|
Adam Ierymenko
|
a3bdae9735
|
Work in progress: Path canonicalization refactor.
|
2016-09-01 15:43:07 -07:00 |
|
Adam Ierymenko
|
d5e6f59004
|
.
|
2016-09-01 13:45:32 -07:00 |
|
Adam Ierymenko
|
22271f2a49
|
Cleanup.
|
2016-09-01 13:36:41 -07:00 |
|
Adam Ierymenko
|
8b6d23b9f6
|
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
|
2016-09-01 12:07:17 -07:00 |
|
Adam Ierymenko
|
25056de5d3
|
Also need to send credentials when TEEing and REDIRECTing.
|
2016-08-31 17:56:59 -07:00 |
|
Adam Ierymenko
|
994b25af4e
|
Simplify some logic.
|
2016-08-31 17:45:55 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
2ff2a8fd9a
|
Cluster build fixes and warning elimination.
|
2016-08-31 09:38:21 -07:00 |
|
Adam Ierymenko
|
cb63babac4
|
Debug output fixes.
|
2016-08-29 16:38:10 -07:00 |
|
Adam Ierymenko
|
ac1c127b68
|
Debug output fixes.
|
2016-08-29 16:24:08 -07:00 |
|
Adam Ierymenko
|
cb82193333
|
Debug output fixes.
|
2016-08-29 16:19:26 -07:00 |
|
Adam Ierymenko
|
f0636ffd4a
|
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
|
2016-08-29 15:54:06 -07:00 |
|
Adam Ierymenko
|
51a420671f
|
Make rules engine debug a bit more verbose.
|
2016-08-29 15:17:34 -07:00 |
|
Adam Ierymenko
|
7223685b96
|
.
|
2016-08-26 15:30:20 -07:00 |
|
Adam Ierymenko
|
e7dff1c785
|
Change logic a little for self-as-destination in TEE and REDIRECT.
|
2016-08-26 15:28:31 -07:00 |
|
Adam Ierymenko
|
a5383d83d8
|
Do not TEE or REDIRECT to self.
|
2016-08-26 15:25:00 -07:00 |
|
Adam Ierymenko
|
a3c7627acf
|
Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags.
|
2016-08-26 14:43:16 -07:00 |
|
Adam Ierymenko
|
6bd5aba4fa
|
fix frame size range bug
|
2016-08-26 13:26:26 -07:00 |
|
Adam Ierymenko
|
fb5217761b
|
Add missing names in filter debug code.
|
2016-08-26 13:20:55 -07:00 |
|
Adam Ierymenko
|
90f3e94565
|
Always output trace info when debugging rules.
|
2016-08-26 12:21:44 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
584228b2b5
|
Dead code removal, and get rid of reliable() because we will no longer make that distinction.
|
2016-08-24 17:56:35 -07:00 |
|
Adam Ierymenko
|
cd3683f2ba
|
Fix a missing receive().
|
2016-08-24 17:50:51 -07:00 |
|
Adam Ierymenko
|
347ebcd899
|
Set trust flag in network controllers if remote query is accepted to allow NATed network controllers to better traverse.
|
2016-08-24 17:48:13 -07:00 |
|
Adam Ierymenko
|
e52c2c41ec
|
Add a circuit breaker to prevent too many credentials from being stored per member.
|
2016-08-24 17:24:35 -07:00 |
|
Adam Ierymenko
|
c476285bd6
|
Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established.
|
2016-08-24 16:16:39 -07:00 |
|
Adam Ierymenko
|
63e8ad4cc3
|
TRACE stuff.
|
2016-08-24 15:45:37 -07:00 |
|
Adam Ierymenko
|
2cdda38dc4
|
It basically works... at least on current controllers.
|
2016-08-24 15:26:18 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
0ee4d3554a
|
Stub out USER_MESSAGE.
|
2016-08-23 14:38:20 -07:00 |
|
Adam Ierymenko
|
0a7a33ef8f
|
Instantaneous blacklisting and credential revocation.
|
2016-08-23 13:46:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
7036831203
|
Sign Dictionary in doNETWORK_CONFIG_REQUEST.
|
2016-08-23 11:57:56 -07:00 |
|
Adam Ierymenko
|
68b4ca9b31
|
Cleanup.
|
2016-08-23 11:52:10 -07:00 |
|
Adam Ierymenko
|
0dfc08b317
|
Tidy up a few minor protocol things, improve documentation in Packet.hpp.
|
2016-08-23 11:29:02 -07:00 |
|
Adam Ierymenko
|
77f7dcf40a
|
Obsolete "test network" removal.
|
2016-08-23 09:39:38 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
b08ca49580
|
More controller work -- it builds!
|
2016-08-16 14:05:17 -07:00 |
|
Adam Ierymenko
|
bd15262e54
|
Bunch of rule JSON stuff.
|
2016-08-15 18:49:50 -07:00 |
|
Adam Ierymenko
|
7d906df805
|
Better instrumentation for filter, and filter bug fixes.
|
2016-08-10 14:27:52 -07:00 |
|
Adam Ierymenko
|
d166b494ee
|
Rule parse fix.
|
2016-08-10 13:41:22 -07:00 |
|
Adam Ierymenko
|
81959f14af
|
Refactor and redesign symmetric NAT predictor. This is cleaner.
|
2016-08-10 10:28:54 -07:00 |
|
Adam Ierymenko
|
c9d7845fea
|
Minor bug fix and some instrumentation stuff for testing.
|
2016-08-09 17:00:01 -07:00 |
|
Adam Ierymenko
|
0b0cda2be4
|
ZT_TRACE fix.
|
2016-08-09 15:55:41 -07:00 |
|
Adam Ierymenko
|
e1310a764a
|
More cleanup and removal of cruft due to obsolete network-specific relays (will be replaced with federation stuff).
|
2016-08-09 15:45:26 -07:00 |
|
Adam Ierymenko
|
dbf3e6c3c9
|
Dead code removal.
|
2016-08-09 15:01:46 -07:00 |
|
Adam Ierymenko
|
dee7f75f7e
|
Minor cleanup.
|
2016-08-09 14:46:11 -07:00 |
|
Adam Ierymenko
|
774c7e0ea5
|
Put CONFIG_REFRESH back.
|
2016-08-09 13:52:08 -07:00 |
|
Adam Ierymenko
|
4d498b3765
|
Handling of multi-part chunked network configs on the inbound side.
|
2016-08-09 13:14:38 -07:00 |
|
Adam Ierymenko
|
bcd05fbdfa
|
Chunking of network config replies.
|
2016-08-09 09:34:13 -07:00 |
|
Adam Ierymenko
|
2ba9343607
|
Encode and decode of tags and capabilities in NetworkConfig.
|
2016-08-09 08:32:42 -07:00 |
|
Adam Ierymenko
|
51cf49a24f
|
cleanup
|
2016-08-08 17:40:22 -07:00 |
|
Adam Ierymenko
|
00fd9c3a15
|
It builds... almost ready to test some rules engine stuff.
|
2016-08-08 17:33:26 -07:00 |
|
Adam Ierymenko
|
8007ca56aa
|
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
|
2016-08-08 16:50:00 -07:00 |
|
Adam Ierymenko
|
4d7f625aa1
|
.
|
2016-08-05 15:55:38 -07:00 |
|
Adam Ierymenko
|
e2f783ebbd
|
.
|
2016-08-05 15:02:01 -07:00 |
|
Adam Ierymenko
|
4d9b74b171
|
.
|
2016-08-04 15:27:20 -07:00 |
|
Adam Ierymenko
|
37d139177d
|
Integrate Filter into OutboundMulticast properly.
|
2016-08-04 13:01:14 -07:00 |
|
Adam Ierymenko
|
8a7753cfe3
|
Filter cleanup, prep for filter integration in a few places.
|
2016-08-04 12:35:25 -07:00 |
|
Adam Ierymenko
|
331382cf2f
|
More cleanup and a tiny federation prep item.
|
2016-08-04 12:14:13 -07:00 |
|
Adam Ierymenko
|
98152d974a
|
More cleanup and removal of DeferredPackets, will do the latter in a more elegant way.
|
2016-08-04 11:40:38 -07:00 |
|
Adam Ierymenko
|
56febbf2ba
|
.
|
2016-08-04 10:39:28 -07:00 |
|
Adam Ierymenko
|
5cf410490e
|
.
|
2016-08-04 10:18:33 -07:00 |
|
Adam Ierymenko
|
404a0bbddd
|
...
|
2016-08-04 09:51:15 -07:00 |
|
Adam Ierymenko
|
f057bb63cd
|
More work on tags and capabilities.
|
2016-08-04 09:02:35 -07:00 |
|
Adam Ierymenko
|
7e6e56e2bc
|
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
|
2016-08-03 18:04:08 -07:00 |
|
Adam Ierymenko
|
67cb03742e
|
Add tag rules and split out rule serialize/deserialize so the code can be reused.
|
2016-08-03 14:12:38 -07:00 |
|
Adam Ierymenko
|
91940cbcf5
|
Kill network preferred relays -- this feature is gone (and was seldom used anyway) in favor of federation.
|
2016-08-02 14:40:26 -07:00 |
|
Adam Ierymenko
|
ecc1324bb0
|
Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places.
|
2016-08-02 13:36:17 -07:00 |
|
Adam Ierymenko
|
d3b0081447
|
Cleanup...
|
2016-07-28 12:09:58 -07:00 |
|
Adam Ierymenko
|
22e44c762b
|
More rules engine work: key/value pair matching for microsegmentation.
|
2016-07-28 10:58:10 -07:00 |
|
Adam Ierymenko
|
4929be08f7
|
Cleanup and stub out new object transfer messages.
|
2016-07-26 12:33:51 -07:00 |
|
Adam Ierymenko
|
088bbd1c08
|
Filter fixes.
|
2016-07-25 17:03:26 -07:00 |
|
Adam Ierymenko
|
7404eb46c4
|
Integration of Filter into inbound and outbound packet path.
|
2016-07-25 16:51:10 -07:00 |
|