Adam Ierymenko
9da8bf37d7
docs
2016-04-28 21:31:10 +02:00
Adam Ierymenko
4c455876f9
Revise peer path weighting to always prioritize cluster-optimal paths.
2016-04-19 09:22:51 -07:00
Adam Ierymenko
cecfa99b7b
(1) cluster members send a flag indicating that a PUSH_DIRECT_PATHS is a cluster redirect, (2) 1.1.5 uses this to avoid a bug (this bug does not exist in 1.1.4)
2016-04-18 16:44:23 -07:00
Adam Ierymenko
43fff1a87e
Deprecate reporting of local clock in circuit tests since a small number of users might have security problems with this.
2016-02-22 12:59:26 -08:00
Adam Ierymenko
4e4fd51117
boring doc stuff
2016-01-12 14:04:55 -08:00
Adam Ierymenko
d8143a5e18
Implement first pass on rapid dead path detection, and increment version to 1.1.3 (dev)
2016-01-05 16:41:54 -08:00
Adam Ierymenko
cba739fd6b
more dead code
2016-01-05 14:46:26 -08:00
Adam Ierymenko
fb5237d5b6
Outline dead path detection mechanism.
2016-01-05 14:42:56 -08:00
Adam Ierymenko
258f95b2cd
dead code removal
2016-01-05 14:19:16 -08:00
Adam Ierymenko
436c1fac1d
Selectively move over changes from "edge" to "dev" excluding netcon.
2015-12-21 16:15:39 -08:00
Adam Ierymenko
57b71bfff0
Cluster simplification and refactor work in progress...
2015-11-08 13:57:02 -08:00
Adam Ierymenko
f1b6427e63
Decided to make this 1.1.0 (semantic versioning increment is warranted), and add a legacy hack for older clients working with clusters.
2015-11-02 09:32:56 -08:00
Adam Ierymenko
9617208e40
Some cleanup, and use VERB_PUSH_DIRECT_PATHS to redirect newer peers.
2015-10-27 09:53:43 -07:00
Adam Ierymenko
619e113748
Work in progress on Cluster for new root infrastructure, multi-homing.
2015-10-14 14:12:12 -07:00
Adam Ierymenko
824ed99160
.
2015-10-13 12:42:54 -07:00
Adam Ierymenko
5d2f523e81
World stuff...
2015-10-13 12:10:44 -07:00
Adam Ierymenko
cae58f43f1
More World stuff, and mkworld.
2015-10-13 08:49:36 -07:00
Adam Ierymenko
1b1945c63e
Work in progress on refactoring root-topology into World and adding in-band updates.
2015-10-12 18:25:29 -07:00
Adam Ierymenko
aec13b50fd
Be a bit more verbose in circuit test reports to more clearly track current and upstream hop in graph traversal history.
2015-10-09 15:05:26 -07:00
Adam Ierymenko
3fa6dd377f
docs
2015-10-09 08:51:57 -07:00
Adam Ierymenko
273f0d18b0
docs
2015-10-08 09:05:25 -07:00
Adam Ierymenko
fea1b6b2c3
docs
2015-10-07 16:25:08 -07:00
Adam Ierymenko
0ce0bc00d2
Make sure received() gets called for some new messages, and docs.
2015-10-07 16:20:54 -07:00
Adam Ierymenko
69b44bf9a5
Finally add an ECHO.
2015-10-07 16:11:50 -07:00
Adam Ierymenko
e5f168f599
Add proof of work request for future DDOS mitigation use.
2015-10-07 13:35:46 -07:00
Adam Ierymenko
ab0228f626
More cleanup and simple refactoring, consolidate InetAddres serialize/deserialize into the class.
2015-10-07 10:30:47 -07:00
Adam Ierymenko
d3f29d09e8
Plumbing through circuit test stuff.
2015-10-06 14:42:51 -07:00
Adam Ierymenko
5341afcdcd
Handling of CIRCUIT_TEST, should be ready to test.
2015-10-06 11:47:16 -07:00
Adam Ierymenko
0d0039674f
Add new verb names, and fix some Mac compiler flags.
2015-09-30 14:48:07 -07:00
Adam Ierymenko
1a4f16e0ed
More work on circuit testing...
2015-09-30 13:59:05 -07:00
Adam Ierymenko
2d0adb562d
Specify circuit test messages.
2015-09-27 11:37:39 -07:00
Adam Ierymenko
0b354803f3
Clean up some YAGNI issues with implementation of GitHub issue #180 , and make best path choice aware of path rank.
2015-07-13 10:03:04 -07:00
Adam Ierymenko
778c7e6e70
More cleanup to direct path push, comment fixes, etc.
2015-07-07 10:00:34 -07:00
Adam Ierymenko
c863ff3f02
A bunch of comments and cleanup, including some to yesterday's direct path pushing changes. Move path viability check to one place, and stop trying to use link-local addresses since they are not reliable.
2015-07-07 08:54:48 -07:00
Adam Ierymenko
f398952a6c
Revert some bad docs in Packet -- I think we will still use that. Also rename addMembershipCertificate to more security-descriptive validateAndAddMembershipCertificate, give it a return value, and drop unused force parameter.
2015-07-07 08:14:41 -07:00
Adam Ierymenko
79e9a8bcc2
Almost everything for GitHub issue #180 except direct path map setup.
2015-07-06 15:28:48 -07:00
Adam Ierymenko
255320e2a6
pushDirectPaths() implementation
2015-07-06 14:39:28 -07:00
Adam Ierymenko
93bb934d4e
Some cleanup, docs, and Path -> Path > RemotePath refactor.
2015-07-06 14:08:13 -07:00
Adam Ierymenko
9743db3538
docs
2015-07-06 12:37:37 -07:00
Adam Ierymenko
e5f7c55c54
Documentation in Packet, more work on path push, and clean up ancient legacy support code in Switch.
2015-07-06 12:34:35 -07:00
Adam Ierymenko
0cbbcf2884
Rename VERB_CMA to the more descriptive VERB_PHYSICAL_ADDRESS_PUSH
2015-06-29 16:01:01 -07:00
Adam Ierymenko
7bae95836c
Root server terminology cleanup, and tighten up a security check by checking full identity of peers instead of just address.
2015-06-19 10:23:25 -07:00
Kees Bos
a425bbc673
Renamed supernode to rootserver
2015-05-06 12:05:20 +02:00
Adam Ierymenko
845955dea5
Add definition for VERB_CMA -- GitHub issue #180
2015-06-13 18:08:00 +02:00
Adam Ierymenko
0bdd56ebd6
A few revisions to PFS design.
2015-05-15 09:04:39 -07:00
Adam Ierymenko
e94518590d
First stab of PFS design work with PKC security -- may not implement in 1.0.3 but stubbing out.
2015-05-14 17:41:05 -07:00
Adam Ierymenko
a8835cd8b3
Some prep work to make room for perfect forward security (PFS). Will not affect existing clients.
2015-05-13 18:53:37 -07:00
Adam Ierymenko
e922324bc6
Stop inlining all the Packet armor/dearmor stuff to reduce binary bloat. This stuff is called all over the place.
2015-05-04 18:39:53 -07:00
Adam Ierymenko
49f031ccb4
Tons of refactoring, change to desperation algorithm to use max of core or link, porting over core loop code from old Node.cpp to new CAPI version, etc.
2015-04-07 19:31:11 -07:00
Adam Ierymenko
a2821e9000
Add code to check external surface against reported surface from other trusted peers, and also rename ExternalSurface to SelfAwareness because lulz.
2015-04-06 20:17:21 -07:00
Adam Ierymenko
6eb9289367
Bunch more cleanup, improvements to NAT traversal logic, finished updating Switch.
2015-04-03 16:52:53 -07:00
Adam Ierymenko
1f28ce3980
Tons more refactoring: simplify Network, move explicit management of Tap out, redo COM serialization, etc.
2015-04-01 19:09:18 -07:00
Adam Ierymenko
93012b0ee5
Re-incorporation: ZeroTier Networks -> ZeroTier, Inc. [Delaware]
2015-02-17 13:11:34 -08:00
Adam Ierymenko
89f0c948f8
Physical address change message verb.
2015-02-04 11:59:02 -08:00
Adam Ierymenko
64ba596e0b
C++ network config master ready to test.
2015-01-08 14:27:55 -08:00
Adam Ierymenko
4e95384ad6
Cleanup, add tristate to config code in Network, and happy new year!
2015-01-05 17:47:59 -08:00
Adam Ierymenko
96e9a90e8e
docs
2015-01-05 16:19:56 -08:00
Adam Ierymenko
87c599df5c
Back out service message type -- YAGNI violation.
2015-01-05 15:52:02 -08:00
Adam Ierymenko
56cfe1d603
Strip out old Service code, add new service message type.
2015-01-05 11:47:22 -08:00
Adam Ierymenko
5484cf4309
More cleanup, and fix a bug in Multicaster::gather()
2014-10-29 16:24:19 -07:00
Adam Ierymenko
5bb854e504
Fix a nasty bug introduced in packet fragmentation a while back during refactoring, and a few other things related to multicast.
2014-10-28 17:25:34 -07:00
Adam Ierymenko
4941c8a1f3
New multicast bug fixes, TRACE improvements, and temporarily disable legacy multicast for debugging purposes.
2014-10-09 17:58:31 -07:00
Adam Ierymenko
d5e0f7e3e4
Reorg multicast packet, and a whole bunch of refactoring around the pushing of certificates of membership.
2014-10-09 12:42:25 -07:00
Adam Ierymenko
87f1b1b1e3
Bug fix in new multicast frame handler, handling of old "P5" multicast frames in new way.
2014-10-06 13:16:16 -07:00
Adam Ierymenko
1109046782
Last steps before test: parse OK(MULTICAST_GATHER) and OK(MULTICAST_FRAME)
2014-10-02 13:50:37 -07:00
Adam Ierymenko
dee86e2448
But since we are now using middle 3 bits we can assign sane values for the cipher suite enum.
2014-10-02 11:13:53 -07:00
Adam Ierymenko
17da733f97
Gotta support old encrypted flag, move cipher spec to middle 3 bits... due to some shortsighted design early-on. In the future this can die once there are no old peers.
2014-10-02 11:08:59 -07:00
Adam Ierymenko
23836d4c11
Change "encrypted" flag to full cipher suite selector. Go ahead and reserve AES256-GCM which might be added in the future.
2014-10-02 10:54:34 -07:00
Adam Ierymenko
e53d208ea4
Improve security posture by eliminating non-const data() accessor from Buffer.
2014-10-02 10:06:29 -07:00
Adam Ierymenko
b41437780b
Add origin to new MULTICAST_FRAME, move security check for certs into Network to remove redundant code and bug-proneness, more work on IncomingPacket...
2014-09-30 17:26:34 -07:00
Adam Ierymenko
2659427864
Multicaster needs to be global, not per-network, and a bunch of other stuff.
2014-09-30 16:28:25 -07:00
Adam Ierymenko
8607aa7c3c
Everything in for new multicast except IncomingPacket parsing...
2014-09-30 08:38:03 -07:00
Adam Ierymenko
ed0ba49502
A few more revisions to new multicast verbs.
2014-09-26 14:18:25 -07:00
Adam Ierymenko
9e186bbd89
.
2014-09-25 15:57:43 -07:00
Adam Ierymenko
431476e2e4
Some more multicast algo work...
2014-09-24 13:45:58 -07:00
Adam Ierymenko
954f9cbc13
Yet more WIP on mulitcast algo...
2014-09-22 13:18:24 -07:00
Adam Ierymenko
d9abd4d9be
Work on defining new direct broadcast multicast algorithm.
2014-09-18 18:28:14 -07:00
Adam Ierymenko
9b93141dd0
Upgrade LZ4 to latest version.
2014-07-30 15:34:15 -07:00
Adam Ierymenko
aead1050fb
Bridging (GitHub issue #68 ) does indeed work! Just needed to fix a packet size thinko.
2014-06-21 12:29:33 -04:00
Adam Ierymenko
6e485833ef
.
2014-06-21 12:25:10 -04:00
Adam Ierymenko
d6a4f8d77b
Add flags to EXT_FRAME for better future proofness.
2014-06-12 11:40:30 -07:00
Adam Ierymenko
c30f9832b0
Packet decoder work for EXT_FRAME for bridging - GitHub issue #68
2014-06-10 21:41:34 -07:00
Adam Ierymenko
fb31f93c52
Protocol messages for bridging. GitHub issue #68
2014-06-10 15:25:15 -07:00
Adam Ierymenko
aee742e767
More toward GitHub issue #56
2014-04-10 16:30:15 -07:00
Adam Ierymenko
b5c3a92be2
Boring stuff: update dates in copyrights across all files.
2014-02-16 12:40:22 -08:00
Adam Ierymenko
8b65b3e6d7
Yank PROBE stuff since it's not used and was a premature addition to the protocol.
2014-01-28 10:41:43 -08:00
Adam Ierymenko
07f505971c
Windows build fixes.
2014-01-17 17:09:59 -08:00
Adam Ierymenko
10df5dcf70
Fix several things:
...
(1) The changes to path learning in the two previous releases were poorly thought out,
and this version should remedy that by introducing PROBE. This is basically a kind of
ECHO request and is used to authenticate endpoints that are not learned via a valid
request/response pair. Thus we will still passively learn endpoints, but securely.
(2) Turns out there was a security oversight in _doHELLO() that could have permitted...
well... I'm not sure it was exploitable to do anything particularly interesting since
a bad identity would be discarded anyway, but fix it just the same.
2013-12-31 11:03:45 -08:00
Adam Ierymenko
612c17240a
Dead code removal, fix for cleanup GitHub issue #28
2013-12-06 16:49:20 -08:00
Adam Ierymenko
f5d397e8c8
Pull in-band file transfer stuff. Toyed around with that idea, but it seems that updates for some platforms are big enough and there are enough reliability concerns that just using TCP/HTTP is safer and easier.
2013-12-04 10:45:15 -08:00
Adam Ierymenko
9fdec3acfc
More updater work... coming along.
2013-11-05 17:08:29 -05:00
Adam Ierymenko
6c63bfce69
File transfer work, add identities for validation of updates.
2013-11-04 17:31:00 -05:00
Adam Ierymenko
ae138566a9
Updater code, work in progress...
2013-11-01 12:38:38 -04:00
Adam Ierymenko
17778a36ba
Clean up secure random, add packet definitions for update distribution facility.
2013-10-27 07:26:50 -04:00
Adam Ierymenko
942cc0ca21
Certificate of membership works now... had to fix multicast propagation so COM is pushed with multicast, which makes tremendous sense in retrospect.
2013-10-25 14:51:55 -04:00
Adam Ierymenko
8c9b73f67b
Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.
2013-10-18 17:39:48 -04:00
Adam Ierymenko
ce14ba9004
Take the 0.6.0 opportunity to add flags to a few protocol verbs and do a bit more cleanup. Also fix it so certificates wont be accepted unless they are newer than existing ones.
2013-10-17 06:41:52 -04:00
Adam Ierymenko
7e7e28f5f7
Add support for pushing network config refresh hints from a MEMORY queue table. That ways it will be possible for network changes to take effect almost immediately across all active peers.
2013-10-17 05:37:01 -04:00
Adam Ierymenko
46f868bd4f
Lots of cleanup, more work on certificates, some security fixes.
2013-10-16 17:47:26 -04:00
Adam Ierymenko
4d594b24bc
Automagically push netconf certs -- Network support.
2013-10-07 16:13:52 -04:00