|  Adam Ierymenko | 42ba70e79e
							
							Replace long callback arg list with struct, and implement path whitelisting, path blacklisting, and local.conf support for roles. | 9 years ago | 
				
					
						|  Adam Ierymenko | 2ea9f516e1
							
							Rate gate expensive validation of new identities in HELLO. | 9 years ago | 
				
					
						|  Adam Ierymenko | ab4021dd0e
							
							Do packet MAC check before locallyValidate(), and add timing measurement in selftest. | 9 years ago | 
				
					
						|  Adam Ierymenko | bf8d71e82c
							
							Add notion of upstream that is separate from root in Topology, etc. | 9 years ago | 
				
					
						|  Adam Ierymenko | 226123ca08
							
							Refactor controller to permit sending of pushes as well as just replies to config requests. | 9 years ago | 
				
					
						|  Adam Ierymenko | 93b4ac5cb2
							
							Remove unused POW code, will revisit later. | 9 years ago | 
				
					
						|  Adam Ierymenko | 7e90ab3534
							
							TRACE verbosity increase on exceptions in NETWORK_CREDENTIALS. | 9 years ago | 
				
					
						|  Adam Ierymenko | 5ee1ccd659
							
							Send need credential error on more cases. | 9 years ago | 
				
					
						|  Adam Ierymenko | 0b44919ba2
							
							Clusters can send multiple OKs so we must allow this. | 9 years ago | 
				
					
						|  Adam Ierymenko | 9f550292fe
							
							Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics. | 9 years ago | 
				
					
						|  Adam Ierymenko | cc4bacc199
							
							Cleanup, and implement compression disable flag for networks. | 9 years ago | 
				
					
						|  Adam Ierymenko | 15c07c58b6
							
							Refactored network config chunking to sign every chunk to prevent stupid DOS attack potential, and implement network config fast propagate (though we probably will not use this for a bit). | 9 years ago | 
				
					
						|  Adam Ierymenko | 7e4b6b594b
							
							It now builds. | 9 years ago | 
				
					
						|  Adam Ierymenko | eac3667ec1
							
							Bunch more refactoring and work on revocations, etc. | 9 years ago | 
				
					
						|  Adam Ierymenko | 1f74dd4589
							
							Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network. | 9 years ago | 
				
					
						|  Adam Ierymenko | d3524f3609
							
							Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later. | 9 years ago | 
				
					
						|  Adam Ierymenko | 5b6d27e659
							
							Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. | 9 years ago | 
				
					
						|  Adam Ierymenko | 8ef0e4bbaf
							
							Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. | 9 years ago | 
				
					
						|  Adam Ierymenko | 0da9a9a3e0
							
							Set trustEstablished in a few more places. | 9 years ago | 
				
					
						|  Adam Ierymenko | cba37c6107
							
							Add a few more rate limit gates for anti-DOS hardening. | 9 years ago | 
				
					
						|  Adam Ierymenko | ea1da3321a
							
							Rate gate requests for COM. | 9 years ago | 
				
					
						|  Adam Ierymenko | debc4c45ee
							
							Set trust established flag in MULTICAST_GATHER. | 9 years ago | 
				
					
						|  Adam Ierymenko | ab9afbc749
							
							(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup. | 9 years ago | 
				
					
						|  Adam Ierymenko | ef87069957
							
							Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths. | 9 years ago | 
				
					
						|  Adam Ierymenko | 0d4109a9f1
							
							More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions. | 9 years ago | 
				
					
						|  Adam Ierymenko | 16df2c3363
							
							Clean up handling of COMs, network access control, and fix a backward compatiblity issue. | 9 years ago | 
				
					
						|  Adam Ierymenko | c7a4da3dd3
							
							Turns out we do not need to pass network to receive(). | 9 years ago | 
				
					
						|  Adam Ierymenko | 1908aa55f5
							
							Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code. | 9 years ago | 
				
					
						|  Adam Ierymenko | a7d988745b
							
							Use ECHO instead of HELLO where possible. | 9 years ago | 
				
					
						|  Adam Ierymenko | b5c86b6ba4
							
							Bunch more path refactoring. Peers no longer forget paths, but do not normally use expired paths. Expired paths might still be tried if nothing else is reachable. | 9 years ago |