Commit Graph

1988 Commits

Author SHA1 Message Date
Joseph Henry
9933d83cf8
Merge pull request #1564 from zerotier/dev-whoami
Proactively seek, and distribute external surface addresses

This patch introduces a new "self-awareness" behavior which proactively queries peers for external surface addresses and distributes them via PUSH_DIRECT_PATHS. This has the effect of making ZT more responsive to interface changes.

Current behavior:

Previously, this type of information was only mediated via RENDEZVOUS and was only triggered when the client detected that it no longer had a single alive path to a peer. While PUSH_DIRECT_PATHS would correctly (and often) send local addresses, this was not the case for external addresses collected from response HELLOs. This would lead to situations where only one physical address would be distributed to peers. Additionally, if a new physical interface were to be made available to the client, the client would correctly bind to it but never seek information about its external mapping from a peer, and thus the new physical interface would remain unavailable for other peers to learn about until all paths on the previous interface have expired which can take a couple of minutes. In traditional usage of ZT this is not usually a problem, but it becomes a problem in the following scenarios:

    Network interfaces go up and down while ZT is running (e.g. switching to LTE or WiFi from a wired connection)
    Network interfaces are added or removed in multipath setups

Proposed behavior:

I propose that normal full HELLOs are sent not only on the first interface in use, but all interfaces. This causes planets to respond with a HELLO containing the surface address for each interface. We then collect each address using SelfAwareness::whoami() and distribute them via the normal PUSH_DIRECT_PATHS mechanism.
2022-02-25 11:30:45 -08:00
Joseph Henry
1918c29fd7
Change ECHO divisor from 20 to 6 2022-02-25 11:29:07 -08:00
Joseph Henry
618202d426
Increase min failover to 500 ms and probe period to 1/3rd of failover 2022-02-25 10:52:39 -08:00
Joseph Henry
d1335dca11
Change ECHO rate-limit divsor from 16 to 20 2022-02-21 16:22:33 -08:00
Joseph Henry
5e13b42abc
Rate gate ECHO per Path instead of per Peer 2022-02-21 14:37:39 -08:00
Joseph Henry
96aa1c30a6
Proactively seek, enumerate, and distribute external surface addresses 2022-02-17 15:39:17 -08:00
Joseph Henry
1b0c183913
Force non-leaf peers into local active-backup bond when multipath is enabled 2022-02-17 15:16:33 -08:00
Joseph Henry
40269c2a97
Comment out debug traces 2022-02-16 20:39:18 -08:00
Adam Ierymenko
3c85a7f074
Rev roots. 2022-02-15 09:13:58 -05:00
Joseph Henry
f9c84c8c52
Remove stray debug trace 2022-02-08 15:32:25 -08:00
Grant Limberg
aa97aabb4e
for now, only enable sso on certain platforms
mac, windows, linux x86/x86_64/aarch64
2022-02-01 11:07:37 -08:00
Joseph Henry
4190318c85
Fix typo in constant name 2022-01-28 10:41:21 -08:00
Joseph Henry
2f554fd6f8
Merge pull request #1552 from Shawn8410/master
FIX: fix wrong flag usage of rateGateCredentialsReceived
2022-01-28 10:12:16 -08:00
Shawn
ae93cccde6 FIX: fix wrong flag usage of rateGateCredentialsReceived 2022-01-27 11:59:21 +08:00
Joseph Henry
46e955e3a1
Split bond logs into two categories to reduce logging size 2022-01-26 15:14:02 -08:00
Joseph Henry
2850f131e2
Fix code style 2022-01-25 18:03:36 -08:00
Grant Limberg
d719137565
temp workaround for oidc auth dropping issue
Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED.  This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
2022-01-20 09:44:56 -08:00
Grant Limberg
dceba1f2f1
Merge branch 'dev' into zeroidc 2022-01-05 08:35:15 -08:00
Grant Limberg
73878fbdc4
Merge pull request #1531 from StephenCWills/mingw32-disable-salsasse
Disable Salsa20 SSE on MinGW 32-bit compiler
2022-01-04 17:42:40 -08:00
staphen
87d17088cc
Disable Salsa20 SSE on MinGW 32-bit compiler 2022-01-04 20:39:08 -05:00
Grant Limberg
cc6c48fca8
Merge pull request #1525 from StephenCWills/lowercase-windows-headers
Use lowercase when including Windows headers
2022-01-04 17:11:51 -08:00
staphen
1c956494a4
Use lowercase when including Windows headers 2021-12-29 16:29:08 -05:00
Grant Limberg
eee31605b1
Merge branch 'dev' into zeroidc 2021-12-15 14:17:26 -08:00
Andrej Binder
aeec7dae36 Prevent arithmetic error on interface change. 2021-12-15 22:22:02 +01:00
Adam Ierymenko
fa58909d44
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-12-15 12:32:41 -05:00
Adam Ierymenko
06ed114fb6
Release notes and GitHub issue #1512 2021-12-15 12:32:28 -05:00
Joseph Henry
bdef9d3bd7
Fix situation where too many ECHOs are sent to multipath peer 2021-12-14 21:20:58 -08:00
Joseph Henry
b154b7296c
Improve multipath logging output 2021-12-14 21:13:19 -08:00
Joseph Henry
1c6fd4125d
Fix custom policy parsing bug mentioned in issue #1507 2021-12-14 11:49:43 -08:00
Joseph Henry
e9375b50b0
Prevent path-amnesia 2021-12-13 11:54:23 -08:00
Joseph Henry
1f43a736b2
Fix active-backup path selection bug 2021-12-09 13:43:52 -08:00
Joseph Henry
05a0a20197
Fix multipath flow reallocation. Prevent allocation to dead paths 2021-12-08 14:32:58 -08:00
Grant Limberg
48b39ab005
removing comments 2021-12-03 17:46:37 -08:00
Grant Limberg
1192b1b422
refresh token run loop
Need central-side work to complete
2021-12-03 15:44:04 -08:00
Grant Limberg
663a09b38d
oidc stuff coming across the wire properly and generating a working login URL 2021-12-01 13:01:32 -08:00
Grant Limberg
eaccce743f
moar plumbing progress 2021-12-01 12:07:05 -08:00
Grant Limberg
7cce23ae79
wip 2021-12-01 10:44:29 -08:00
Grant Limberg
9ef75c0e13
Merge branch 'dev' into zeroidc 2021-11-29 14:12:10 -08:00
Grant Limberg
91e9b736dd
make service objs dependent on zeroidc 2021-11-18 10:42:12 -08:00
Adam Ierymenko
1ef385b685
Spinlock removed, causes long standing issues on single core machines. 2021-11-12 16:44:54 -05:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
4d021e16a5
update field lengths 2021-11-08 09:30:13 -08:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Joseph Henry
cc6de583be
Prevent balance-xor from de-allocating from bad paths 2021-10-20 10:48:07 -07:00
Joseph Henry
9e8de2a702
Compilation fix 2021-10-01 11:19:04 -07:00
Joseph Henry
165757176a
Potential fix fro deadlock bug 2021-10-01 11:11:20 -07:00
Adam Ierymenko
9bc79f94df
Revert "Don't assume roots validated the identity, just in case they did not."
This reverts commit 39b97f9163.
2021-09-20 22:05:49 -04:00
Adam Ierymenko
a0239e17e9
Revert "Use a faster method of fingerprinting identities."
This reverts commit b72e5e8386.
2021-09-20 22:05:39 -04:00
Adam Ierymenko
b72e5e8386
Use a faster method of fingerprinting identities. 2021-09-20 20:02:39 -04:00
Adam Ierymenko
3f49570f45
Remove ancient controller support. 2021-09-20 18:38:29 -04:00
Adam Ierymenko
7c3166e9be
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 18:26:49 -04:00
Adam Ierymenko
39b97f9163
Don't assume roots validated the identity, just in case they did not. 2021-09-20 16:15:59 -04:00
Joseph Henry
ff8044f0c0
Improve multipath startup time 2021-09-10 13:26:29 -07:00
Joseph Henry
e607348c7e
Fix bad index bug (during switching) in balance-rr 2021-09-07 21:41:54 -07:00
Joseph Henry
b6ed919fbc
Call recordOutgoingPacket regardless of policy to generate sufficient entropy for bond layer 2021-09-07 13:44:02 -07:00
Joseph Henry
109252be4e
Remove debug trace 2021-09-06 20:13:13 -07:00
Joseph Henry
a4b98518e3
Nominate newly-learned paths to bond 2021-09-06 15:29:03 -07:00
Joseph Henry
e1af003e4f
Consolidation of multipath logic. Better system separation 2021-09-01 21:37:49 -07:00
Joseph Henry
0ed9db05d2
Restore original ECHO rate limiting (changed for multipath) 2021-07-20 19:06:47 -07:00
Grant Limberg
8dd3639576
set ssoEnabled = true on network config if we get ERROR_NETWORK_AUTHENTICATION_REQUIRED 2021-06-05 14:00:03 -07:00
Grant Limberg
364ad87e2b
add ssoEnabled flag to network config 2021-06-05 13:44:45 -07:00
Adam Ierymenko
98722ed7ea
Increase URL buffer sizes 2021-06-04 18:52:10 -04:00
Adam Ierymenko
1dfe909bab
Increase authentication URL sizes. 2021-06-04 16:46:56 -04:00
Adam Ierymenko
810e2a761f
Fix authentication URL... 2021-05-25 14:49:06 -04:00
Adam Ierymenko
6ce71c1bc3
Fix reporting of status. 2021-05-25 14:45:49 -04:00
Adam Ierymenko
6b3a7ec827
Fix a few things... 2021-05-25 14:40:40 -04:00
Adam Ierymenko
8bb5bc736d
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-05-24 22:58:36 -04:00
Adam Ierymenko
b270d527f4
Basic plumbing for authentication requirement and piping through of URL information. 2021-05-24 22:58:17 -04:00
Joseph Henry
be7fca254f Merge branch 'master' of https://github.com/xumng123/ZeroTierOne into xumng123-master
Remove unnecessary include
2021-05-18 00:24:19 -07:00
Joseph Henry
24615ed24b
Fix erroneous cast of verb to double that causes invalid tracing output 2021-05-04 08:59:52 -07:00
Joseph Henry
13481cea18
Fix (some) compile-time warnings on Windows 2021-05-03 21:12:45 -07:00
Joseph Henry
7faaa55436 Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev-multipath 2021-05-03 19:41:41 -07:00
Joseph Henry
11ddbc6f30
Fix (some) compile-time warnings on Linux 2021-05-03 19:35:28 -07:00
Joseph Henry
29e5880d8b
Match formatting of Bond-related sources to ZeroTier standard (no functional changes) 2021-05-03 17:59:31 -07:00
Adam Ierymenko
df0007d532
Update hard-coded default planet to latest. 2021-04-14 12:25:35 -04:00
xumng123
537ce83498 yes 2021-04-13 16:12:11 +00:00
Joseph Henry
1732f7371c
Minor bonding CLI fix 2021-04-07 15:15:35 -07:00
Adam Ierymenko
147945d20f
Lets try always supplying the AES keys to Packet dearmor() and see if that prevents the coma problem. 2021-02-13 00:01:49 -05:00
Adam Ierymenko
ac808d51d6
Crash fix 2021-02-03 18:56:07 -05:00
Adam Ierymenko
378bc73bf8
Clean up some peer path learning logic, use a cheaper data structure. 2021-02-03 14:30:03 -05:00
Adam Ierymenko
697c8c9882
Delete old code. 2021-02-02 16:17:53 -05:00
Adam Ierymenko
72d48da210
Fix duplicate paths and reduce thrashing issues. 2021-02-02 16:11:13 -05:00
Adam Ierymenko
b2b3271a96
Possible fix for path issues in 1.6.2 2021-02-02 14:55:47 -05:00
Vincent Milum Jr
a624dfd776
Fixing regression in AES for ARM targets 2020-11-27 08:22:55 +00:00
Adam Ierymenko
9d66d876f4
Likely fix for some alignment issues on ARM. 2020-11-25 14:28:41 -05:00
Adam Ierymenko
bc4bd29488
Merge branch 'master' of github.com:zerotier/ZeroTierOne 2020-11-25 10:50:35 -05:00
Adam Ierymenko
d64c5a92c6
Merge pull request #1233 from dosuperuser/improvement/optimizations
Minor C++ optimizations
2020-11-24 19:24:36 -05:00
Grant Limberg
a1b72f0e1a
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2020-11-23 14:54:39 -08:00
Grant Limberg
de308f05e0
missing break in InetAddress::ipScope() 2020-11-23 14:54:13 -08:00
Joseph Henry
ecfac0601a Add new bond control commands to CLI 2020-11-23 09:59:28 -08:00
Joseph Henry
24339092f7 Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev 2020-11-17 14:05:33 -08:00
Adam Ierymenko
2fcc344299
Some buffer tuning. 2020-11-17 15:34:42 -05:00
Adam Ierymenko
dc806dd718
Try pipelining tap reads on Linux for a little more speed. 2020-11-16 18:56:00 -05:00
Adam Ierymenko
31d8758ad9
Apple "fat binaries" are back! 2020-11-16 16:30:15 -05:00
Joseph Henry
a690ffdb7c Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev 2020-11-15 19:00:02 -08:00
Adam Ierymenko
44af828aa4
Tweak multicast settings to prevent failures due to TX queue overflow. 2020-11-12 22:21:43 -05:00
Adam Ierymenko
26a0cbcd73
Revert "Push credentials in multicast."
This reverts commit 1316ee3127.
2020-11-12 20:53:23 -05:00
Adam Ierymenko
1a106bca3b
Revert "Build fix, and move multicast pushCredentialsIfNeeded."
This reverts commit cc42d6f4e0.
2020-11-12 20:53:14 -05:00
Adam Ierymenko
cc42d6f4e0
Build fix, and move multicast pushCredentialsIfNeeded. 2020-11-12 20:40:10 -05:00
Adam Ierymenko
1316ee3127
Push credentials in multicast. 2020-11-12 20:33:31 -05:00
Adam Ierymenko
9480ff1f37
Fix some timestamp signedness mismatches. 2020-11-11 11:46:09 -05:00
Adam Ierymenko
e9e20fdad8
Increase multicast announce frequency a little. 2020-11-10 16:16:52 -05:00
Adam Ierymenko
53ba413d32
Dont use AES in HELLO. 2020-11-09 20:52:49 -05:00
Adam Ierymenko
7280fcdec2
Only define FreeBSD hwcaps stuff if ARM crypto is enabled for compiled. 2020-11-09 19:54:32 -05:00
Vince
83a2dcb65a FreeBSD ARMv6, ARMv7, and Aarch64 support 2020-11-07 14:16:03 -08:00
Adam Ierymenko
dd65680150 Windows build fixes, version bump in AIP. 2020-11-06 11:18:41 -08:00
Adam Ierymenko
90f18f7ee7
Fix for ZTO-33 (Jira), only assign routes if there is a viable source IP. 2020-11-06 11:01:45 -05:00
Adam Ierymenko
f2c490345c
Remove unnecessary includes that can cause compile problems. 2020-10-30 16:14:59 -04:00
Joseph Henry
927bc2e33d Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev 2020-10-22 14:04:41 -07:00
Joseph Henry
1331739ee4 Remove (some) debug tracing in Bond which may cause a segfault 2020-10-21 18:40:55 -07:00
Adam Ierymenko
ed9b09e980
Missing flag. 2020-10-20 18:52:36 -04:00
Adam Ierymenko
70f37962cf
Backport AES fixes for compiler, arch, and splitting into separate files. 2020-10-20 18:50:28 -04:00
Joseph Henry
fd7f61bab7 Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev 2020-10-14 18:40:38 -07:00
Joseph Henry
5f8714a0cd Remove minor non-functional flow hashing stubs 2020-10-14 18:40:20 -07:00
Adam Ierymenko
8d83b9b7c5
Revert change to path quality to fix IPv6 issue in beta. We will rework this in 2.x. 2020-10-14 20:41:58 -04:00
Adam Ierymenko
2c75be0d64
Do not always enable SSE4 on X64 due to old Atom chips. Enable instead only for AES-NI code which is only run if AES-NI is present, which it is not on these old chips. 2020-10-13 16:08:30 -04:00
Adam Ierymenko
255dee7a5e MacOS build fixes. 2020-09-25 14:32:53 -04:00
Grant Limberg
7d8cfb1fee
more magic incantations to make crypto extensions work on Android/ARM64 2020-09-22 10:28:31 -07:00
Grant Limberg
9e6dba9066
Enable AES-NI on Android X86-64
Need to find the magic incantation to enable it on ARM64 still
2020-09-21 18:05:25 -07:00
Grant Limberg
0f2887265c
AES-NI/NEON detection for iOS
Requires 64-bit CPU
2020-09-21 13:18:05 -07:00
Adam Ierymenko
1ff45020e2 Prefer IPv6 if all else is equal. 2020-09-18 16:27:41 -04:00
Adam Ierymenko
04f6140da6 AES builds and works now on ARM64. 2020-09-16 22:47:13 +00:00
Grant Limberg
221e4ecb12
Add "documentation" networks as IP_SCOPE_PRIVATE
https://en.wikipedia.org/wiki/Reserved_IP_addresses
2020-09-16 10:24:36 -07:00
Grant Limberg
1883a8c9ee
Set 198.18.0.0/15 to IP_SCOPE_PRIVATE 2020-09-16 10:15:42 -07:00
Adam Ierymenko
9adf656db5 Merge branch 'dev' of http://git.int.zerotier.com/zerotier/ZeroTierOne into dev 2020-09-14 20:44:46 -04:00
Adam Ierymenko
7219ca0c0f AES works! Only with this or newer nodes. Uses salsa with older ones as usual. 2020-09-14 20:44:21 -04:00
Grant Limberg
df640dc39b
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2020-09-14 12:45:11 -07:00
Grant Limberg
d980bba49f fix windows compilation 2020-09-14 12:42:51 -07:00
Joseph Henry
cf47618ffb Change ZT_MULTIPATH_FLOW_EXPIRATION_INTERVAL from 30 seconds to 5 minutes 2020-09-11 16:09:46 -07:00
Joseph Henry
0e8b54f7a1 Add minor trace output formatting changes. Change ZT_MULTIPATH_BOND_STATUS_INTERVAL from 30000 to 60000 2020-09-11 14:47:18 -07:00
Adam Ierymenko
cb8d773634 Disable unicast compression as it almost never helps and usually just wastes CPU. 2020-09-11 13:36:21 -04:00
Adam Ierymenko
e6b5f8aabd AES work... but disabled in this commit. 2020-09-10 15:43:40 -04:00
Adam Ierymenko
1ad555a071 More selective push of AES modifications and refactoring stuff. 2020-09-10 14:48:48 -04:00
Adam Ierymenko
b7b01da742 Wire up dearmor() path. 2020-08-25 14:13:20 -07:00
Adam Ierymenko
93d6b41898 Disable AES in commit so as not to break other builds. 2020-08-25 08:08:54 -07:00
Adam Ierymenko
47e9fb3ddb Merge branch 'dev' of http://git.int.zerotier.com/zerotier/ZeroTierOne into dev 2020-08-25 08:07:23 -07:00
Joseph Henry
b1ddba0438 Remove a few old comments 2020-08-24 18:56:49 -07:00
Adam Ierymenko
2ac49d99dd AES integrated on send side. 2020-08-21 14:23:31 -07:00
Adam Ierymenko
3fd8efe642 AES builds now 2020-08-21 09:56:53 -07:00
Adam Ierymenko
06730c7d1d BSL date bump 2020-08-20 12:51:39 -07:00
Grant Limberg
8d0a3563e4
Merge branch 'dns' into dev 2020-08-12 13:56:21 -07:00
Grant Limberg
c0c215c83c
single dns config per network 2020-08-12 13:08:47 -07:00
Joseph Henry
edd960566a Improve bond tracing, fix bond initialization bugs, remove vestigial debug code 2020-08-06 18:10:40 -07:00
Grant Limberg
88a3c685fb
latest 2020-08-04 13:52:57 -07:00
Grant Limberg
d098a99d09
fix memory init issue
and another place where dns data needs to be copied
2020-07-31 11:42:03 -07:00
Grant Limberg
6b197e067a
Merge branch 'dev' into dns 2020-07-30 13:15:43 -07:00
Joseph Henry
9f4985b11a Add basic bond health status reporting (listbonds) 2020-07-27 23:01:12 -07:00
Joseph Henry
29ebda62ef Remove (some) debug functions and traces 2020-07-23 00:32:39 -07:00
Joseph Henry
a1b2ff772a Add new replacement condition in peer path redundancy logic to fix duplicate paths 2020-07-23 00:15:38 -07:00
Joseph Henry
dc784f6213 Comment out Bond and BondController debug traces 2020-07-21 10:22:10 -07:00