Commit Graph

252 Commits

Author SHA1 Message Date
Adam Ierymenko
e53f63ca87 Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed. 2016-10-11 12:00:16 -07:00
Adam Ierymenko
45c4ccb153 Add a tags both equal match. 2016-10-05 16:38:42 -07:00
Adam Ierymenko
adeb7e7da0 Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want. 2016-10-05 12:54:46 -07:00
Adam Ierymenko
988049f39b Add new rule to rules engine: random match. 2016-09-30 14:07:00 -07:00
Adam Ierymenko
f0794e09b7 Controller cleanup. 2016-09-30 13:04:26 -07:00
Adam Ierymenko
1eeebba2f7 Drop old /active path from network. 2016-09-29 17:59:27 -07:00
Adam Ierymenko
2fc3d12fb6 Minor tweaks to member code in controller, and fix Linux build. 2016-09-29 14:48:39 -07:00
Adam Ierymenko
7e4b6b594b It now builds. 2016-09-26 17:05:39 -07:00
Adam Ierymenko
1f74dd4589 Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. 2016-09-23 16:08:38 -07:00
Adam Ierymenko
68e549233d Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness). 2016-09-15 13:17:37 -07:00
Adam Ierymenko
ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko
0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko
c9ee8612e4 Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer. 2016-09-07 12:12:52 -07:00
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61 rename SAMENESS to DIFFERENCE which is less confusing 2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b Add overlooked MATCH_ICMP to rule set. 2016-08-31 14:01:15 -07:00
Adam Ierymenko
7a00036954 Tweak log length to fit JSON for members within two 4096-kb blocks. 2016-08-29 18:10:02 -07:00
Adam Ierymenko
914c42537c Type fixes. 2016-08-29 17:48:36 -07:00
Adam Ierymenko
77c2bf3ad9 Kill dead field from network JSON. 2016-08-29 14:47:19 -07:00
Adam Ierymenko
297b1b4258 Another tiny API bug fix. 2016-08-26 14:16:55 -07:00
Adam Ierymenko
35ac995d05 Fix setting of v6AssignMode in controller. 2016-08-26 14:04:27 -07:00
Adam Ierymenko
ded5a53a6c Documentation updates, add rules engine revision to network config request meta-data. 2016-08-26 10:38:43 -07:00
Adam Ierymenko
d637988ccf Fix chicken or egg problem in tags, and better filter debug instrumentation. 2016-08-25 18:21:20 -07:00
Adam Ierymenko
858e8c5217 one more... 2016-08-25 16:28:54 -07:00
Adam Ierymenko
df1ce856c9 A little bit more controller code cleanup. 2016-08-25 16:25:28 -07:00
Adam Ierymenko
b5e0d014ab Controller bug fixes 2016-08-25 16:08:40 -07:00
Adam Ierymenko
5eaf397a94 Add a debug log feature in the filter, which only works if enabled in Network.cpp. 2016-08-25 13:31:23 -07:00
Adam Ierymenko
1814016eb7 Add daemon thread to controller and move network member cache refreshes there. 2016-08-25 11:26:45 -07:00
Adam Ierymenko
6ecb42b031 docs and null check in controller code 2016-08-25 10:46:03 -07:00
Adam Ierymenko
60bc291414 Add noAutoAssignIps for member of networks. 2016-08-24 17:05:43 -07:00
Adam Ierymenko
ccea3d04d6 Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller. 2016-08-24 14:28:16 -07:00
Adam Ierymenko
8e3463d47a Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency. 2016-08-24 13:37:57 -07:00
Adam Ierymenko
8d594f8b53 cleanup 2016-08-23 16:05:10 -07:00
Adam Ierymenko
5f4df0c6a9 Controller cleanup and perf improvements. 2016-08-23 15:30:36 -07:00
Adam Ierymenko
32fa061700 Compute credential TTL et al. 2016-08-23 13:02:59 -07:00
Adam Ierymenko
9a3c652a51 Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity. 2016-08-22 18:06:46 -07:00
Adam Ierymenko
b0d888d235 Signing of Capability and Tag objects. 2016-08-22 14:25:59 -07:00
Adam Ierymenko
4dce71879f . 2016-08-18 18:18:50 -07:00
Adam Ierymenko
212a5af9a5 Capabilities and tags in POST JSON. 2016-08-18 14:37:56 -07:00
Adam Ierymenko
1cadbfb4d1 Little fixes. 2016-08-18 13:47:02 -07:00
Adam Ierymenko
f119c4a456 Cache network members for performance, add network non-persisted fields. 2016-08-18 12:59:48 -07:00
Adam Ierymenko
faa9a06bf5 Controller fixes... 2016-08-17 17:37:37 -07:00
Adam Ierymenko
b7ebf6edbf Cleanup and log how member was authorized. 2016-08-17 13:54:32 -07:00
Adam Ierymenko
b72847d504 Finally implement network join auth tokens, at least at the protocol level. 2016-08-17 13:41:45 -07:00
Adam Ierymenko
168b86fdcd Controller docs and API fix. 2016-08-17 12:27:07 -07:00
Adam Ierymenko
a13f4d8353 We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.) 2016-08-17 10:42:32 -07:00
Adam Ierymenko
cc808cc2dd Rules parsing stuff. 2016-08-17 10:25:25 -07:00
Adam Ierymenko
ce001198d8 . 2016-08-16 16:57:45 -07:00
Adam Ierymenko
c0639ccd37 Just about ready to test. 2016-08-16 16:46:08 -07:00
Adam Ierymenko
58701c1ca8 . 2016-08-16 14:08:08 -07:00
Adam Ierymenko
b08ca49580 More controller work -- it builds! 2016-08-16 14:05:17 -07:00
Adam Ierymenko
bd15262e54 Bunch of rule JSON stuff. 2016-08-15 18:49:50 -07:00
Adam Ierymenko
3cb2e1197f . 2016-08-12 15:32:45 -07:00
Adam Ierymenko
c30f74987f Starting refactor of controller... 2016-08-12 11:30:27 -07:00
Adam Ierymenko
22e44c762b More rules engine work: key/value pair matching for microsegmentation. 2016-07-28 10:58:10 -07:00
Adam Ierymenko
0e2964261f docs 2016-07-08 13:42:04 -07:00
Adam Ierymenko
ffe7d8d024 docs 2016-07-08 13:40:21 -07:00
Adam Ierymenko
c01ebbcbde docs 2016-07-08 13:38:47 -07:00
Adam Ierymenko
a6e5914aa7 docs 2016-07-08 13:37:51 -07:00
Adam Ierymenko
6d8de214eb Docs and controller API version 2016-07-08 13:10:02 -07:00
Adam Ierymenko
2d7c58540f v6AssignMode bug fix 2016-07-07 17:05:12 -07:00
Adam Ierymenko
951038a304 Ignore /bits in IP assignments and just copy it from the corresponding LAN-local route. Having each managed IP assignment have its own bits field was just a source of user error and poor UX and was completely worthless. 2016-07-07 16:28:43 -07:00
Adam Ierymenko
b9329dc49a Fix to IPv6 picking for small ranges. 2016-07-07 15:55:40 -07:00
Adam Ierymenko
6e08e1ae97 A few controller changes: (1) assign managed IPs that are assigned regardless of "assign mode" which now only controls auto-assignment or special addressing, (2) support proper issuing of managed IPv6 IPs, (3) support IPv6 auto-assign ranges 2016-07-07 15:42:10 -07:00
Adam Ierymenko
dd1d2b4d00 GitHub issue #343 -- fix authorizedMemberCount 2016-07-07 14:49:54 -07:00
Adam Ierymenko
030dfde38e Unused printf removal while we are at it. 2016-06-29 18:14:49 -07:00
Adam Ierymenko
bb63646682 Fix broken SQL in controller. 2016-06-29 11:37:28 -07:00
Adam Ierymenko
d9eacd1616 Controller fixes... 2016-06-29 17:02:03 +00:00
Adam Ierymenko
0410fd4824 Refactor recent member request history to fix performance problem in controller. 2016-06-28 12:44:47 -07:00
Adam Ierymenko
12037961ff small perf improvement in sqlite db. 2016-06-27 18:48:02 -07:00
Adam Ierymenko
8c572dead1 Query optimization. 2016-06-27 18:28:18 -07:00
Adam Ierymenko
3ddfebe742 dead code removal 2016-06-27 17:15:39 -07:00
Adam Ierymenko
972bbb7e06 Allow further concurrency on network controller. 2016-06-27 17:14:47 -07:00
Adam Ierymenko
3740b83f63 Don't back up sqlite db if it hasn't changed to prevent constant thrashing on inactive controllers. 2016-06-24 06:53:23 -07:00
Adam Ierymenko
90cdef8400 Forgot NDP emulation flag. 2016-06-24 06:43:23 -07:00
Adam Ierymenko
ee649ae69a Add 6plane assignment support to network controller, and cleanup. 2016-06-24 06:40:50 -07:00
Adam Ierymenko
20d155e630 . 2016-06-24 05:21:25 -07:00
Adam Ierymenko
b2d048aa0e Make Dictionary templatable so it can be used where we want a higher capacity. 2016-06-21 07:32:58 -07:00
Adam Ierymenko
37afa876a7 Linux bug fixes, small controller fix. 2016-06-17 00:21:58 +00:00
Adam Ierymenko
20d4dada40 Refactor controller for new merged format. 2016-06-16 16:05:57 -07:00
Adam Ierymenko
769351b30f Fix to routes config in controller API. 2016-06-13 15:58:00 -07:00
Adam Ierymenko
734cbb2f1e Controller modifications for default route are ready to test. Will require slight changes in ZeroTier Central when it goes live. 2016-06-10 15:58:35 -07:00
Adam Ierymenko
acbe8ad398 More controller work, and some RedHat fixes. 2016-06-10 08:26:27 -07:00
Adam Ierymenko
9898066b47 Remove some deprecated stuff in controller -- not done yet. 2016-06-09 11:02:42 -07:00
Adam Ierymenko
7e68791bee Fix include for system json-parser. 2016-06-08 12:57:22 -07:00
Adam Ierymenko
683254a0db Don't bother signing if we are not using the legacy netconf. 2016-06-07 11:17:38 -07:00
Adam Ierymenko
2885aea65c Only send new format netconf for PV>=6 2016-06-07 11:13:18 -07:00
Adam Ierymenko
7ee3743c3d Refactor controller to send both old and new format netconf. 2016-05-11 08:49:15 -07:00
Adam Ierymenko
8b9519f0af Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor. 2016-05-06 16:13:11 -07:00
Adam Ierymenko
2b3e1d5c10 Ignore IP assignment pool ranges that begin with 0.0.0.0 or that contain no IPs. 2016-03-24 13:34:01 -07:00
Adam Ierymenko
2c328d61ad Do not auto-assign IP addresses on bridges. IPs can still be assigned manually. 2016-03-24 13:32:01 -07:00
Adam Ierymenko
9f31cbd8b8 Make /network/???/active return more info. 2016-03-17 13:05:51 -07:00
Adam Ierymenko
9b59bcd995 Clean controller circuit test memory. 2016-02-22 15:48:27 -08:00
Adam Ierymenko
69a438d64d Small tweak to active threshold. 2016-02-19 09:10:31 -08:00
Adam Ierymenko
10bb9919f1 Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild. 2016-02-10 09:32:42 -08:00
Adam Ierymenko
69b1da2e1d return 200 instead of 404 when test is fetched 2016-02-04 16:27:25 -08:00
Adam Ierymenko
dc3d899e70 Return test ID when we post a test. 2016-02-04 16:09:26 -08:00
Adam Ierymenko
78c1d9006a flood protection fix 2016-02-04 14:39:43 -08:00
Adam Ierymenko
5dad73647d Lengthen backup period again 2016-02-04 14:22:54 -08:00
Adam Ierymenko
13b39a0c3e SQLite perf tuning 2016-02-04 14:03:37 -08:00