zerotier/ZeroTierOne
0
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2026-05-22 16:20:28 -07:00
Code Issues Packages Projects Releases Wiki Activity
3,106 Commits 15 Branches 106 Tags
83abc00aaedfa2eb9698af496bfa2f1891401726
Commit Graph

201 Commits

Author SHA1 Message Date
Adam Ierymenko 5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko 8ef0e4bbaf Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. 2016-09-13 10:46:36 -07:00
Adam Ierymenko 0da9a9a3e0 Set trustEstablished in a few more places. 2016-09-13 10:33:03 -07:00
Adam Ierymenko cba37c6107 Add a few more rate limit gates for anti-DOS hardening. 2016-09-13 10:13:23 -07:00
Adam Ierymenko ea1da3321a Rate gate requests for COM. 2016-09-12 15:19:21 -07:00
Adam Ierymenko debc4c45ee Set trust established flag in MULTICAST_GATHER. 2016-09-09 11:45:34 -07:00
Adam Ierymenko ab9afbc749 (1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. 2016-09-09 11:36:10 -07:00
Adam Ierymenko ef87069957 Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. 2016-09-09 09:32:00 -07:00
Adam Ierymenko 0d4109a9f1 More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. 2016-09-09 08:43:58 -07:00
Adam Ierymenko 16df2c3363 Clean up handling of COMs, network access control, and fix a backward compatiblity issue. 2016-09-08 19:48:05 -07:00
Adam Ierymenko c7a4da3dd3 Turns out we do not need to pass network to receive(). 2016-09-07 15:24:53 -07:00
Adam Ierymenko 1908aa55f5 Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. 2016-09-07 15:15:52 -07:00
Adam Ierymenko a7d988745b Use ECHO instead of HELLO where possible. 2016-09-07 12:01:03 -07:00
Adam Ierymenko b5c86b6ba4 Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. 2016-09-07 11:13:17 -07:00
Adam Ierymenko 48a374c82c (1) fix crazy bug introduced in doRENDEZVOUS(), (2) reclaim Paths after paths[] condense, (3) fix an edge case around symmetric NAT and external IP change detection. 2016-09-06 14:05:58 -07:00
Adam Ierymenko 4992ac2d9f Cluster sub-optimal is in fact necessary... 2016-09-02 14:20:55 -07:00
Adam Ierymenko 4f8253dcdb Tweaks to path handling... 2016-09-02 13:33:56 -07:00
Adam Ierymenko e8f6b4b5d3 Rest of big Path canonicalization refactor. 2016-09-02 11:51:33 -07:00
Adam Ierymenko 74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko f0636ffd4a EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule. 2016-08-29 15:54:06 -07:00
Adam Ierymenko cd3683f2ba Fix a missing receive(). 2016-08-24 17:50:51 -07:00
Adam Ierymenko 347ebcd899 Set trust flag in network controllers if remote query is accepted to allow NATed network controllers to better traverse. 2016-08-24 17:48:13 -07:00
Adam Ierymenko c476285bd6 Harden PUSH_DIRECT_PATHS and simplify things by only doing it on receive when hops>0 and trust has been established. 2016-08-24 16:16:39 -07:00
Adam Ierymenko 0ee4d3554a Stub out USER_MESSAGE. 2016-08-23 14:38:20 -07:00
Adam Ierymenko 0a7a33ef8f Instantaneous blacklisting and credential revocation. 2016-08-23 13:46:36 -07:00