Adam Ierymenko
adeb7e7da0
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
2016-10-05 12:54:46 -07:00
Adam Ierymenko
988049f39b
Add new rule to rules engine: random match.
2016-09-30 14:07:00 -07:00
Adam Ierymenko
7e4b6b594b
It now builds.
2016-09-26 17:05:39 -07:00
Adam Ierymenko
eac3667ec1
Bunch more refactoring and work on revocations, etc.
2016-09-26 16:17:02 -07:00
Adam Ierymenko
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
Adam Ierymenko
15402933bc
Add physical MTU recommendation hint to network config via API.
2016-09-14 16:55:25 -07:00
Adam Ierymenko
5b6d27e659
Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected.
2016-09-13 14:27:18 -07:00
Adam Ierymenko
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
Adam Ierymenko
b5c86b6ba4
Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable.
2016-09-07 11:13:17 -07:00
Adam Ierymenko
eebcf08084
Tweaks to new Path code for dual-stack operation, and other fixes.
2016-09-03 15:39:05 -07:00
Adam Ierymenko
8b6d23b9f6
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
2016-09-01 12:07:17 -07:00
Adam Ierymenko
54489a7f61
rename SAMENESS to DIFFERENCE which is less confusing
2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b
Add overlooked MATCH_ICMP to rule set.
2016-08-31 14:01:15 -07:00
Adam Ierymenko
ded5a53a6c
Documentation updates, add rules engine revision to network config request meta-data.
2016-08-26 10:38:43 -07:00
Adam Ierymenko
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
2016-08-25 18:21:20 -07:00
Adam Ierymenko
5eaf397a94
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
2016-08-25 13:31:23 -07:00
Adam Ierymenko
95ff057e04
Increase rule limits a little since chunking in netconf can accomodate this.
2016-08-24 17:16:26 -07:00
Adam Ierymenko
2cdda38dc4
It basically works... at least on current controllers.
2016-08-24 15:26:18 -07:00
Adam Ierymenko
ccea3d04d6
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
2016-08-24 13:37:57 -07:00
Adam Ierymenko
e2f783ebbd
.
2016-08-05 15:02:01 -07:00
Adam Ierymenko
4d9b74b171
.
2016-08-04 15:27:20 -07:00
Adam Ierymenko
98152d974a
More cleanup and removal of DeferredPackets, will do the latter in a more elegant way.
2016-08-04 11:40:38 -07:00
Adam Ierymenko
7e6e56e2bc
Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup.
2016-08-03 18:04:08 -07:00
Adam Ierymenko
67cb03742e
Add tag rules and split out rule serialize/deserialize so the code can be reused.
2016-08-03 14:12:38 -07:00
Adam Ierymenko
ecc1324bb0
Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places.
2016-08-02 13:36:17 -07:00
Adam Ierymenko
d3b0081447
Cleanup...
2016-07-28 12:09:58 -07:00
Adam Ierymenko
22e44c762b
More rules engine work: key/value pair matching for microsegmentation.
2016-07-28 10:58:10 -07:00
Adam Ierymenko
eaf6d6c938
Basic L2/L3 filter for rules engine (not integrated yet) and some cleanup.
2016-07-25 15:52:16 -07:00
Adam Ierymenko
9657675755
Plumbing through trusted path stuff to OneService.
2016-07-12 11:30:22 -07:00
Adam Ierymenko
765082fdb6
Trusted path support, and version bump to 1.1.9
2016-07-12 08:29:50 -07:00
Adam Ierymenko
330c80f3f5
Add rule type to match a COM field of the peer by ID and value because this will be powerful.
2016-06-21 08:09:20 -07:00
Adam Ierymenko
e09c1a1c11
Big refactor mostly builds. We now have a uniform backward compatible netconf.
2016-06-16 12:28:43 -07:00
Adam Ierymenko
4446dbde5e
Big refactor in service code to prep for plumbing through route management.
2016-06-14 10:09:26 -07:00
Adam Ierymenko
82635ce606
Add flags and metric to ZT-managed routes.
2016-06-09 09:43:09 -07:00
Adam Ierymenko
9161eebc68
Carry virtual network routes through to API.
2016-06-07 12:15:19 -07:00
Adam Ierymenko
37b89b3944
Add TCP relative sequence number criterion for documentation/posterity.
2016-05-09 17:00:17 -07:00
Adam Ierymenko
8b9519f0af
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
2016-05-06 16:13:11 -07:00
Adam Ierymenko
69d0562e2c
docs
2016-05-06 11:41:11 -07:00
Adam Ierymenko
7913fa7bbd
Dead code removal.
2016-05-06 11:13:34 -07:00
Adam Ierymenko
0f17077b3d
Merge gateways and routes in netconf since they are the same thing.
2016-05-06 10:57:53 -07:00
Adam Ierymenko
e5cc487b95
Beginning of security doc and kill some obsolete defines in main include file.
2016-04-28 14:58:16 +02:00
Adam Ierymenko
b9dba97fdb
Bunch more refactoring for an even more compact NetworkConfig representation, especially rules.
2016-04-26 17:11:25 -07:00
Adam Ierymenko
246f86dad3
Define an "anchor" as a statically defined device that serves as a network lookup point.
2016-04-26 07:56:41 -07:00
Adam Ierymenko
d736074301
Refactor rules table in-memory structure in new NetworkConfig to permit far more rules with better space efficiency.
2016-04-22 15:40:53 -07:00
Adam Ierymenko
af471af8ef
Shrink NetworkConfig slightly.
2016-04-12 13:32:41 -07:00
Adam Ierymenko
6f854c8391
NetworkConfig refactor part 1
2016-04-12 12:11:34 -07:00
Adam Ierymenko
92f24d1988
Make maximum size of a circuit test structure sane.
2016-02-22 15:54:18 -08:00
Grant Limberg
6dac0c8c4f
C doesn't support default arguments
2016-01-13 17:47:34 -08:00
Adam Ierymenko
4e4fd51117
boring doc stuff
2016-01-12 14:04:55 -08:00
Adam Ierymenko
d6f0f1a82a
Use network user ptr in lookup for Ethernet frame handling to eliminate map lookup.
2016-01-12 11:34:22 -08:00
Adam Ierymenko
83ef98a9dc
Add a network-associated user ptr in API.
2016-01-12 11:04:35 -08:00
Adam Ierymenko
b3e3d4cacc
Instead of using binary packet comparison, add a callback to the API to explicitly check whether paths should be used. Check in with this callback (if present) when learning new paths or sending initial packets.
2016-01-11 10:17:44 -08:00
Adam Ierymenko
ba2a89c760
docs
2016-01-11 09:13:41 -08:00
Adam Ierymenko
ab19e19f00
Fix a bug that we visually found in Windows code -- it was not advertising uPnP addresses?!?
2016-01-11 09:09:24 -08:00
Adam Ierymenko
2cc50bdb10
Try bringing back TTL escalation -- may help with Docker (IP-MASQ) type NAT
2015-11-09 15:44:13 -08:00
Adam Ierymenko
6bc8c9d8ef
Clustering cleanup, still a work in progress.
2015-11-06 16:12:41 -08:00
Adam Ierymenko
8ef4edebbf
Deferred decode for HELLO to prevent HELLOcalypse under high load of new peers.
2015-11-05 12:22:58 -08:00
Adam Ierymenko
a994573a43
Eliminate some more dead code. We may do path trust, but not like that.
2015-10-29 09:42:15 -07:00
Adam Ierymenko
16bc3e0398
Factor out RemotePath subclass of Path -- no longer needed, just cruft.
2015-10-27 15:00:16 -07:00
Adam Ierymenko
f692cec763
Change how cluster relays packets -- just PROXY_UNITE and then send packet via normal ZeroTier front plane -- more efficient and eliminates fragmentation issues.
2015-10-27 14:04:12 -07:00
Adam Ierymenko
cfe166ef35
Tweak some size limits.
2015-10-27 12:29:01 -07:00
Adam Ierymenko
debed1ac2d
Expose cluster status in /status JSON response.
2015-10-26 13:06:10 -07:00
Adam Ierymenko
5ff7733f84
More plumbing of cluster status.
2015-10-26 12:49:17 -07:00
Adam Ierymenko
865acfa40f
Cluster status plumbing.
2015-10-26 12:41:08 -07:00
Adam Ierymenko
7711eba297
More cluster wiring...
2015-10-22 16:02:01 -07:00
Adam Ierymenko
57e29857cf
Cluster work -- integrating with the rest of the code.
2015-10-20 15:27:53 -07:00
Adam Ierymenko
70d8e3ad94
Expose world ID and world timestamp in ZT_NodeStatus
2015-10-13 12:31:38 -07:00
Adam Ierymenko
5d2f523e81
World stuff...
2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1
More World stuff, and mkworld.
2015-10-13 08:49:36 -07:00
Adam Ierymenko
aec13b50fd
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
2015-10-09 15:05:26 -07:00
Grant Limberg
9347d6c866
Make it so ZeroTierOne.h can be used with a C compiler again.
2015-10-07 18:04:40 -07:00
Adam Ierymenko
6c7ce79c89
Be consistent in how enums are defined in the main .h file.
2015-10-07 09:51:35 -07:00
Adam Ierymenko
1b2cac0cc5
Trim some cruft that is not used and probably never would be.
2015-10-07 09:38:33 -07:00
Adam Ierymenko
477feee8a3
Some work on CIRCUIT_TEST, and a significant speedup to Poly1305.
2015-10-06 17:55:57 -07:00
Adam Ierymenko
d3f29d09e8
Plumbing through circuit test stuff.
2015-10-06 14:42:51 -07:00
Adam Ierymenko
5076c49210
Peer serialization and related changes.
2015-10-01 15:40:54 -07:00
Adam Ierymenko
f69454ec98
(1) Make ZT_ naming convention consistent (get rid of ZT1_), (2) Make local interface a full sockaddr_storage instead of an int identifier, which turns out to be better for multi-homing and other uses.
2015-09-24 16:21:36 -07:00
Adam Ierymenko
367ffde00c
Plumb through localInterfaceId to track local interfaces corresponding with remote addresses.
2015-09-23 13:49:56 -07:00
Grant Limberg
f7d3e262a9
ifdef default assignments
2015-09-11 17:16:38 -07:00
Adam Ierymenko
7578b56298
docs
2015-07-28 17:22:59 -07:00
Adam Ierymenko
d647a587a1
(1) Fix updating of network revision counter on member change.
...
(2) Go back to timestamp as certificate revision number. This is simpler
and more robust than using the network revision number for this and
forcing network revision fast-forward, which could cause some peers
to fall off the horizon when you don't want them to.
2015-07-23 17:18:20 -07:00
Adam Ierymenko
0b354803f3
Clean up some YAGNI issues with implementation of GitHub issue #180 , and make best path choice aware of path rank.
2015-07-13 10:03:04 -07:00
Adam Ierymenko
c863ff3f02
A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable.
2015-07-07 08:54:48 -07:00
Adam Ierymenko
235f4762b7
Plumbing for local interface addresses -- GitHub issue #180
2015-07-06 15:51:04 -07:00
Adam Ierymenko
7bae95836c
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673
Renamed supernode to rootserver
2015-05-06 12:05:20 +02:00
Adam Ierymenko
d9006712f6
Completely factor out "desperation" from the core. I thought of a significantly simpler way to move all of this logic entirely into the containing service, liberating the core from any concern over the nature of its pipe to the outside world.
2015-05-21 15:58:26 -07:00
Adam Ierymenko
d0e0f5dd12
Basic OpenBSD compile fixes -- still need to update BSDEthernetTap, will do that later. Should be able to re-use FreeBSD port for OpenBSD, but we will see.
2015-05-15 08:48:53 -07:00
Adam Ierymenko
625ddf41a7
docs
2015-05-04 17:41:48 -07:00
Adam Ierymenko
740121504f
Add a timestamp to netconf cache, fix some SQL queries in NC.
2015-04-17 15:21:53 -07:00
Adam Ierymenko
d2503172d8
Add some additional detail to the peer record in CAPI and JSON control plane.
2015-04-15 19:00:26 -07:00
Adam Ierymenko
1c9ca73065
Fix some deadlock issues, move awareness of broadcast subscription into core, other bug fixes.
2015-04-15 13:09:20 -07:00
Adam Ierymenko
aeb4b42ab3
Make tap itself handle remembering sticky device to nwid mappings.
2015-04-14 18:13:46 -07:00
Adam Ierymenko
67f1f1892f
Bunch of tap stuff, IP address assignment hookups, etc.
2015-04-14 17:57:51 -07:00
Adam Ierymenko
1cfa67bbdd
Bunch more control plane work, and shelve old UI -- React FTW.
2015-04-14 13:56:28 -07:00
Adam Ierymenko
b888e033c0
JSON control plane, almost done...
2015-04-13 18:12:45 -07:00
Adam Ierymenko
068d311ecc
TRACE compile fixes, other fixes, and it basically works! It says HELLO.
2015-04-09 20:54:00 -07:00
Adam Ierymenko
38200cc6a5
Add data store functions to service/One, and shelve old main.cpp since it will get rebuilt.
2015-04-09 19:58:04 -07:00
Adam Ierymenko
46ecad451c
Starting on new service/ code to encapsulate node/ with osdep/ stuff, and add a user pointer to the CAPI.
2015-04-09 18:14:27 -07:00
Adam Ierymenko
ccc73b920e
Node peer list function for CAPI, and some Peer cleanup.
2015-04-08 18:45:21 -07:00
Adam Ierymenko
d9e9b60a98
Node status and network list.
2015-04-08 18:25:40 -07:00
Adam Ierymenko
4d5a6a25d3
Add events for packet decode errors, etc., and re-implement TRACE as an event.
2015-04-08 16:49:21 -07:00
Adam Ierymenko
9d9d0ef12c
Rename StatusCallback to more descriptive EventCallback.
2015-04-08 16:07:47 -07:00
Adam Ierymenko
49f031ccb4
Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc.
2015-04-07 19:31:11 -07:00
Adam Ierymenko
9e55f882d3
Starting to port from old Node() -- identity generation.
2015-04-07 16:41:56 -07:00
Adam Ierymenko
51f46a009a
Multicast group join/leave and group membership announcement.
2015-04-06 18:27:24 -07:00
Adam Ierymenko
8001b2c0cb
Network now calls port config function as per new API.
2015-04-06 16:52:52 -07:00
Adam Ierymenko
a86300c58f
Network build fixes and cleanup of remaining internal references to _tap
2015-04-06 15:47:57 -07:00
Adam Ierymenko
f4fd2d4971
Bring IncomingPacket into line with new changes.
2015-04-06 14:50:53 -07:00
Adam Ierymenko
6eb9289367
Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch.
2015-04-03 16:52:53 -07:00
Adam Ierymenko
ee0f56355b
Send path simplification.
2015-04-03 13:14:37 -07:00
Adam Ierymenko
a69e1876f1
The concept of link desperation (escalating to less desirable transports) simplifies a ton of stuff. Loads of spaghetti logic can die since we no longer have to make these decisions down in the core.
2015-04-02 17:54:56 -07:00
Adam Ierymenko
1f28ce3980
Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc.
2015-04-01 19:09:18 -07:00
Adam Ierymenko
49349470a0
...
2015-04-01 16:27:14 -07:00
Adam Ierymenko
8130848020
More refactoring... and update the API a bit... turns out my strategy for reducing indirect function calls also increased memcpy()s which are more expensive. This is simpler and faster.
2015-04-01 14:59:44 -07:00
Adam Ierymenko
7ff0cab1b7
docs
2015-03-31 18:33:39 -07:00
Adam Ierymenko
b723855751
Refactoring... lalalala...
2015-03-31 18:17:11 -07:00
Adam Ierymenko
36eab4f1a9
Whole heap more cleanup and refactoring...
2015-03-31 17:53:34 -07:00
Adam Ierymenko
647ce82b86
Move more stuff into osdep/ -- node/ will not use threads directly.
2015-03-31 15:23:14 -07:00
Adam Ierymenko
2c5dbecb3c
More CAPI work, and move old control/ and old node/Node to attic.
2015-03-31 13:54:50 -07:00
Adam Ierymenko
fe94c9460b
Phy is a better name than Wire, and other cleanup.
2015-03-31 11:52:10 -07:00
Adam Ierymenko
fe87c1db67
Work on new simplified C API -- required for embedded, language bindings, mobile (language bindings again), etc.
2015-03-30 19:46:07 -07:00
Adam Ierymenko
60158aa5dd
Turns out that node/ likely has no business with or need for the system IP routing table. So shelve that code for now.
2015-03-30 17:48:48 -07:00
Adam Ierymenko
93012b0ee5
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
2015-02-17 13:11:34 -08:00
Adam Ierymenko
4e95384ad6
Cleanup, add tristate to config code in Network, and happy new year!
2015-01-05 17:47:59 -08:00
Adam Ierymenko
16461eca1f
docs
2014-10-30 12:47:26 -07:00
Adam Ierymenko
9a5f6f020f
docs
2014-10-28 15:53:11 -07:00
Adam Ierymenko
3d85a615fb
NULL dereference on still-initializing node bug fix in status query commands, and doc updates.
2014-10-28 14:17:39 -07:00
Adam Ierymenko
74f36f5dc0
Windows build fixes.
2014-10-19 12:56:39 -07:00
Adam Ierymenko
52314dcdf6
GitHub issue #111
2014-10-13 11:47:14 -07:00
Adam Ierymenko
1d37204a37
Refactoring in progress... pardon our dust...
2014-09-12 16:57:37 -07:00