Adam Ierymenko
|
e53f63ca87
|
Broke down and added an OR to the rules engine. It is now possible to have a series of MATCHes that are ORed.
|
2016-10-11 12:00:16 -07:00 |
|
Adam Ierymenko
|
45c4ccb153
|
Add a tags both equal match.
|
2016-10-05 16:38:42 -07:00 |
|
Adam Ierymenko
|
adeb7e7da0
|
Make capability flags match more user-friendly and appropriate since "match any flag" is generally what we want.
|
2016-10-05 12:54:46 -07:00 |
|
Adam Ierymenko
|
988049f39b
|
Add new rule to rules engine: random match.
|
2016-09-30 14:07:00 -07:00 |
|
Adam Ierymenko
|
f0794e09b7
|
Controller cleanup.
|
2016-09-30 13:04:26 -07:00 |
|
Adam Ierymenko
|
1eeebba2f7
|
Drop old /active path from network.
|
2016-09-29 17:59:27 -07:00 |
|
Adam Ierymenko
|
2fc3d12fb6
|
Minor tweaks to member code in controller, and fix Linux build.
|
2016-09-29 14:48:39 -07:00 |
|
Adam Ierymenko
|
7e4b6b594b
|
It now builds.
|
2016-09-26 17:05:39 -07:00 |
|
Adam Ierymenko
|
1f74dd4589
|
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
2016-09-23 16:08:38 -07:00 |
|
Adam Ierymenko
|
68e549233d
|
Revise bearer token code in controller, and add relay policy as a meta-data item presented to controller by nodes (to facilitate future meshiness).
|
2016-09-15 13:17:37 -07:00 |
|
Adam Ierymenko
|
ab9afbc749
|
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
2016-09-09 11:36:10 -07:00 |
|
Adam Ierymenko
|
0d4109a9f1
|
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
2016-09-09 08:43:58 -07:00 |
|
Adam Ierymenko
|
c9ee8612e4
|
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
2016-09-07 12:12:52 -07:00 |
|
Adam Ierymenko
|
74afef8eb1
|
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
2016-08-31 16:50:22 -07:00 |
|
Adam Ierymenko
|
54489a7f61
|
rename SAMENESS to DIFFERENCE which is less confusing
|
2016-08-31 14:14:58 -07:00 |
|
Adam Ierymenko
|
8e3004591b
|
Add overlooked MATCH_ICMP to rule set.
|
2016-08-31 14:01:15 -07:00 |
|
Adam Ierymenko
|
7a00036954
|
Tweak log length to fit JSON for members within two 4096-kb blocks.
|
2016-08-29 18:10:02 -07:00 |
|
Adam Ierymenko
|
914c42537c
|
Type fixes.
|
2016-08-29 17:48:36 -07:00 |
|
Adam Ierymenko
|
77c2bf3ad9
|
Kill dead field from network JSON.
|
2016-08-29 14:47:19 -07:00 |
|
Adam Ierymenko
|
297b1b4258
|
Another tiny API bug fix.
|
2016-08-26 14:16:55 -07:00 |
|
Adam Ierymenko
|
35ac995d05
|
Fix setting of v6AssignMode in controller.
|
2016-08-26 14:04:27 -07:00 |
|
Adam Ierymenko
|
ded5a53a6c
|
Documentation updates, add rules engine revision to network config request meta-data.
|
2016-08-26 10:38:43 -07:00 |
|
Adam Ierymenko
|
d637988ccf
|
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
2016-08-25 18:21:20 -07:00 |
|
Adam Ierymenko
|
858e8c5217
|
one more...
|
2016-08-25 16:28:54 -07:00 |
|
Adam Ierymenko
|
df1ce856c9
|
A little bit more controller code cleanup.
|
2016-08-25 16:25:28 -07:00 |
|
Adam Ierymenko
|
b5e0d014ab
|
Controller bug fixes
|
2016-08-25 16:08:40 -07:00 |
|
Adam Ierymenko
|
5eaf397a94
|
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
2016-08-25 13:31:23 -07:00 |
|
Adam Ierymenko
|
1814016eb7
|
Add daemon thread to controller and move network member cache refreshes there.
|
2016-08-25 11:26:45 -07:00 |
|
Adam Ierymenko
|
6ecb42b031
|
docs and null check in controller code
|
2016-08-25 10:46:03 -07:00 |
|
Adam Ierymenko
|
60bc291414
|
Add noAutoAssignIps for member of networks.
|
2016-08-24 17:05:43 -07:00 |
|
Adam Ierymenko
|
ccea3d04d6
|
Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.
|
2016-08-24 14:28:16 -07:00 |
|
Adam Ierymenko
|
8e3463d47a
|
Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.
|
2016-08-24 13:37:57 -07:00 |
|
Adam Ierymenko
|
8d594f8b53
|
cleanup
|
2016-08-23 16:05:10 -07:00 |
|
Adam Ierymenko
|
5f4df0c6a9
|
Controller cleanup and perf improvements.
|
2016-08-23 15:30:36 -07:00 |
|
Adam Ierymenko
|
32fa061700
|
Compute credential TTL et al.
|
2016-08-23 13:02:59 -07:00 |
|
Adam Ierymenko
|
9a3c652a51
|
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
2016-08-22 18:06:46 -07:00 |
|
Adam Ierymenko
|
b0d888d235
|
Signing of Capability and Tag objects.
|
2016-08-22 14:25:59 -07:00 |
|
Adam Ierymenko
|
4dce71879f
|
.
|
2016-08-18 18:18:50 -07:00 |
|
Adam Ierymenko
|
212a5af9a5
|
Capabilities and tags in POST JSON.
|
2016-08-18 14:37:56 -07:00 |
|
Adam Ierymenko
|
1cadbfb4d1
|
Little fixes.
|
2016-08-18 13:47:02 -07:00 |
|
Adam Ierymenko
|
f119c4a456
|
Cache network members for performance, add network non-persisted fields.
|
2016-08-18 12:59:48 -07:00 |
|
Adam Ierymenko
|
faa9a06bf5
|
Controller fixes...
|
2016-08-17 17:37:37 -07:00 |
|
Adam Ierymenko
|
b7ebf6edbf
|
Cleanup and log how member was authorized.
|
2016-08-17 13:54:32 -07:00 |
|
Adam Ierymenko
|
b72847d504
|
Finally implement network join auth tokens, at least at the protocol level.
|
2016-08-17 13:41:45 -07:00 |
|
Adam Ierymenko
|
168b86fdcd
|
Controller docs and API fix.
|
2016-08-17 12:27:07 -07:00 |
|
Adam Ierymenko
|
a13f4d8353
|
We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.)
|
2016-08-17 10:42:32 -07:00 |
|
Adam Ierymenko
|
cc808cc2dd
|
Rules parsing stuff.
|
2016-08-17 10:25:25 -07:00 |
|
Adam Ierymenko
|
ce001198d8
|
.
|
2016-08-16 16:57:45 -07:00 |
|
Adam Ierymenko
|
c0639ccd37
|
Just about ready to test.
|
2016-08-16 16:46:08 -07:00 |
|
Adam Ierymenko
|
58701c1ca8
|
.
|
2016-08-16 14:08:08 -07:00 |
|
Adam Ierymenko
|
b08ca49580
|
More controller work -- it builds!
|
2016-08-16 14:05:17 -07:00 |
|
Adam Ierymenko
|
bd15262e54
|
Bunch of rule JSON stuff.
|
2016-08-15 18:49:50 -07:00 |
|
Adam Ierymenko
|
3cb2e1197f
|
.
|
2016-08-12 15:32:45 -07:00 |
|
Adam Ierymenko
|
c30f74987f
|
Starting refactor of controller...
|
2016-08-12 11:30:27 -07:00 |
|
Adam Ierymenko
|
22e44c762b
|
More rules engine work: key/value pair matching for microsegmentation.
|
2016-07-28 10:58:10 -07:00 |
|
Adam Ierymenko
|
0e2964261f
|
docs
|
2016-07-08 13:42:04 -07:00 |
|
Adam Ierymenko
|
ffe7d8d024
|
docs
|
2016-07-08 13:40:21 -07:00 |
|
Adam Ierymenko
|
c01ebbcbde
|
docs
|
2016-07-08 13:38:47 -07:00 |
|
Adam Ierymenko
|
a6e5914aa7
|
docs
|
2016-07-08 13:37:51 -07:00 |
|
Adam Ierymenko
|
6d8de214eb
|
Docs and controller API version
|
2016-07-08 13:10:02 -07:00 |
|
Adam Ierymenko
|
2d7c58540f
|
v6AssignMode bug fix
|
2016-07-07 17:05:12 -07:00 |
|
Adam Ierymenko
|
951038a304
|
Ignore /bits in IP assignments and just copy it from the corresponding LAN-local route. Having each managed IP assignment have its own bits field was just a source of user error and poor UX and was completely worthless.
|
2016-07-07 16:28:43 -07:00 |
|
Adam Ierymenko
|
b9329dc49a
|
Fix to IPv6 picking for small ranges.
|
2016-07-07 15:55:40 -07:00 |
|
Adam Ierymenko
|
6e08e1ae97
|
A few controller changes: (1) assign managed IPs that are assigned regardless of "assign mode" which now only controls auto-assignment or special addressing, (2) support proper issuing of managed IPv6 IPs, (3) support IPv6 auto-assign ranges
|
2016-07-07 15:42:10 -07:00 |
|
Adam Ierymenko
|
dd1d2b4d00
|
GitHub issue #343 -- fix authorizedMemberCount
|
2016-07-07 14:49:54 -07:00 |
|
Adam Ierymenko
|
030dfde38e
|
Unused printf removal while we are at it.
|
2016-06-29 18:14:49 -07:00 |
|
Adam Ierymenko
|
bb63646682
|
Fix broken SQL in controller.
|
2016-06-29 11:37:28 -07:00 |
|
Adam Ierymenko
|
d9eacd1616
|
Controller fixes...
|
2016-06-29 17:02:03 +00:00 |
|
Adam Ierymenko
|
0410fd4824
|
Refactor recent member request history to fix performance problem in controller.
|
2016-06-28 12:44:47 -07:00 |
|
Adam Ierymenko
|
12037961ff
|
small perf improvement in sqlite db.
|
2016-06-27 18:48:02 -07:00 |
|
Adam Ierymenko
|
8c572dead1
|
Query optimization.
|
2016-06-27 18:28:18 -07:00 |
|
Adam Ierymenko
|
3ddfebe742
|
dead code removal
|
2016-06-27 17:15:39 -07:00 |
|
Adam Ierymenko
|
972bbb7e06
|
Allow further concurrency on network controller.
|
2016-06-27 17:14:47 -07:00 |
|
Adam Ierymenko
|
3740b83f63
|
Don't back up sqlite db if it hasn't changed to prevent constant thrashing on inactive controllers.
|
2016-06-24 06:53:23 -07:00 |
|
Adam Ierymenko
|
90cdef8400
|
Forgot NDP emulation flag.
|
2016-06-24 06:43:23 -07:00 |
|
Adam Ierymenko
|
ee649ae69a
|
Add 6plane assignment support to network controller, and cleanup.
|
2016-06-24 06:40:50 -07:00 |
|
Adam Ierymenko
|
20d155e630
|
.
|
2016-06-24 05:21:25 -07:00 |
|
Adam Ierymenko
|
b2d048aa0e
|
Make Dictionary templatable so it can be used where we want a higher capacity.
|
2016-06-21 07:32:58 -07:00 |
|
Adam Ierymenko
|
37afa876a7
|
Linux bug fixes, small controller fix.
|
2016-06-17 00:21:58 +00:00 |
|
Adam Ierymenko
|
20d4dada40
|
Refactor controller for new merged format.
|
2016-06-16 16:05:57 -07:00 |
|
Adam Ierymenko
|
769351b30f
|
Fix to routes config in controller API.
|
2016-06-13 15:58:00 -07:00 |
|
Adam Ierymenko
|
734cbb2f1e
|
Controller modifications for default route are ready to test. Will require slight changes in ZeroTier Central when it goes live.
|
2016-06-10 15:58:35 -07:00 |
|
Adam Ierymenko
|
acbe8ad398
|
More controller work, and some RedHat fixes.
|
2016-06-10 08:26:27 -07:00 |
|
Adam Ierymenko
|
9898066b47
|
Remove some deprecated stuff in controller -- not done yet.
|
2016-06-09 11:02:42 -07:00 |
|
Adam Ierymenko
|
7e68791bee
|
Fix include for system json-parser.
|
2016-06-08 12:57:22 -07:00 |
|
Adam Ierymenko
|
683254a0db
|
Don't bother signing if we are not using the legacy netconf.
|
2016-06-07 11:17:38 -07:00 |
|
Adam Ierymenko
|
2885aea65c
|
Only send new format netconf for PV>=6
|
2016-06-07 11:13:18 -07:00 |
|
Adam Ierymenko
|
7ee3743c3d
|
Refactor controller to send both old and new format netconf.
|
2016-05-11 08:49:15 -07:00 |
|
Adam Ierymenko
|
8b9519f0af
|
Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes network controller easier to refactor.
|
2016-05-06 16:13:11 -07:00 |
|
Adam Ierymenko
|
2b3e1d5c10
|
Ignore IP assignment pool ranges that begin with 0.0.0.0 or that contain no IPs.
|
2016-03-24 13:34:01 -07:00 |
|
Adam Ierymenko
|
2c328d61ad
|
Do not auto-assign IP addresses on bridges. IPs can still be assigned manually.
|
2016-03-24 13:32:01 -07:00 |
|
Adam Ierymenko
|
9f31cbd8b8
|
Make /network/???/active return more info.
|
2016-03-17 13:05:51 -07:00 |
|
Adam Ierymenko
|
9b59bcd995
|
Clean controller circuit test memory.
|
2016-02-22 15:48:27 -08:00 |
|
Adam Ierymenko
|
69a438d64d
|
Small tweak to active threshold.
|
2016-02-19 09:10:31 -08:00 |
|
Adam Ierymenko
|
10bb9919f1
|
Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.
|
2016-02-10 09:32:42 -08:00 |
|
Adam Ierymenko
|
69b1da2e1d
|
return 200 instead of 404 when test is fetched
|
2016-02-04 16:27:25 -08:00 |
|
Adam Ierymenko
|
dc3d899e70
|
Return test ID when we post a test.
|
2016-02-04 16:09:26 -08:00 |
|
Adam Ierymenko
|
78c1d9006a
|
flood protection fix
|
2016-02-04 14:39:43 -08:00 |
|
Adam Ierymenko
|
5dad73647d
|
Lengthen backup period again
|
2016-02-04 14:22:54 -08:00 |
|
Adam Ierymenko
|
13b39a0c3e
|
SQLite perf tuning
|
2016-02-04 14:03:37 -08:00 |
|