eabe091038
Backport only the COM mitigation instead of everything from 1.8
5 years ago
75a45eeb27
Revert "Backport guts of 1.8 to 1.6 tree so we can point release without waiting for UI quirks to be fixed."
...
This reverts commit 48ce7632fa
5 years ago
48ce7632fa
Backport guts of 1.8 to 1.6 tree so we can point release without waiting for UI quirks to be fixed.
5 years ago
7c3166e9be
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
5 years ago
06730c7d1d
BSL date bump
6 years ago
633cf9ec04
Warning removal
7 years ago
e8ae333443
Version bumps, license fixed, and GitHub issue #990 take two
7 years ago
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1
7 years ago
639fc60257
GitHub issue #990
7 years ago
75ebe5172f
Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced)
7 years ago
a019c3dd5d
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
7 years ago
39e1021f62
Replace certificate based gating of multicast like/gather with a simpler more efficient method, fix some minor issues with request based com/cert push, and clean up some other random stuff.
7 years ago
63ec19674c
.
7 years ago
0e597191b8
Updated licenses for 2019
7 years ago
b3c2c0866f
Times should be int64_t, not uint64_t
7 years ago
65c07afe05
Copyright updates for 2018.
8 years ago
099bedd2e9
A few more uint64_t -> int64_t changes for timestamps
9 years ago
b1d60df44c
timestamps changed from uint64_t to int64_t
...
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability. This will keep time calculations within expected ranges.
9 years ago
495c5ce81d
Bunch of remote tracing work.
9 years ago
1b68d6dbdc
License header update.
9 years ago
5ad120208f
Small fix, should filter by temporal validity.
9 years ago
eddbc7e757
Logic simplification, cleanup, and memory use improvements in Membership. Also fix an issue that may cause network instability in some cases.
9 years ago
8a62ba07e5
Membership cleanup work in progress.
9 years ago
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
9 years ago
5e6a4e5f5e
Send revocations automatically on deauth for instant kill, also fix some issues with the RP.
9 years ago
72653e54f9
Finish wiring up ipauth and macauth to Network filter.
9 years ago
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
9 years ago
78d548458b
Capabilities basically work but need to refactor a bit for performance reasons.
9 years ago
eac3667ec1
Bunch more refactoring and work on revocations, etc.
10 years ago
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
10 years ago
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
10 years ago
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
10 years ago
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
10 years ago
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
10 years ago
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
10 years ago
1c08f5e857
Tweak some expire times.
10 years ago
c9ee8612e4
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
10 years ago
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
10 years ago
a3c7627acf
Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags.
10 years ago
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
10 years ago
e52c2c41ec
Add a circuit breaker to prevent too many credentials from being stored per member.
10 years ago
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
10 years ago
32fa061700
Compute credential TTL et al.
10 years ago
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
10 years ago
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
10 years ago
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
10 years ago
e2f783ebbd
.
10 years ago
5cf410490e
.
10 years ago
404a0bbddd
...
10 years ago
f057bb63cd
More work on tags and capabilities.
10 years ago
Adam Ierymenko
Adam Ierymenko
Joseph Henry
Grant Limberg