Adam Ierymenko
|
65c07afe05
Copyright updates for 2018.
|
7 years ago |
Grant Limberg
|
099bedd2e9
A few more uint64_t -> int64_t changes for timestamps
|
7 years ago |
Grant Limberg
|
b1d60df44c
timestamps changed from uint64_t to int64_t
|
7 years ago |
Adam Ierymenko
|
495c5ce81d
Bunch of remote tracing work.
|
8 years ago |
Adam Ierymenko
|
1b68d6dbdc
License header update.
|
8 years ago |
Adam Ierymenko
|
5ad120208f
Small fix, should filter by temporal validity.
|
8 years ago |
Adam Ierymenko
|
eddbc7e757
Logic simplification, cleanup, and memory use improvements in Membership. Also fix an issue that may cause network instability in some cases.
|
8 years ago |
Adam Ierymenko
|
8a62ba07e5
Membership cleanup work in progress.
|
8 years ago |
Adam Ierymenko
|
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
|
8 years ago |
Adam Ierymenko
|
5e6a4e5f5e
Send revocations automatically on deauth for instant kill, also fix some issues with the RP.
|
8 years ago |
Adam Ierymenko
|
72653e54f9
Finish wiring up ipauth and macauth to Network filter.
|
8 years ago |
Adam Ierymenko
|
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
|
8 years ago |
Adam Ierymenko
|
78d548458b
Capabilities basically work but need to refactor a bit for performance reasons.
|
8 years ago |
Adam Ierymenko
|
eac3667ec1
Bunch more refactoring and work on revocations, etc.
|
9 years ago |
Adam Ierymenko
|
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
|
9 years ago |
Adam Ierymenko
|
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
|
9 years ago |
Adam Ierymenko
|
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
9 years ago |
Adam Ierymenko
|
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
9 years ago |
Adam Ierymenko
|
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
9 years ago |
Adam Ierymenko
|
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
9 years ago |
Adam Ierymenko
|
1c08f5e857
Tweak some expire times.
|
9 years ago |
Adam Ierymenko
|
c9ee8612e4
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
|
9 years ago |
Adam Ierymenko
|
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
|
9 years ago |
Adam Ierymenko
|
a3c7627acf
Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags.
|
9 years ago |
Adam Ierymenko
|
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
9 years ago |
Adam Ierymenko
|
e52c2c41ec
Add a circuit breaker to prevent too many credentials from being stored per member.
|
9 years ago |
Adam Ierymenko
|
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
|
9 years ago |
Adam Ierymenko
|
32fa061700
Compute credential TTL et al.
|
9 years ago |
Adam Ierymenko
|
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
|
9 years ago |
Adam Ierymenko
|
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
|
9 years ago |