 Adam Ierymenko
|
ab9afbc749
(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.
|
9 年之前 |
|
Adam Ierymenko
|
ef87069957
Fix gating of multicast GATHER replies since these can come from upstream, etc., and fix an issue with sending ECHO to recheck marginal paths.
|
9 年之前 |
|
Adam Ierymenko
|
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
|
9 年之前 |
|
Adam Ierymenko
|
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
|
9 年之前 |
|
Adam Ierymenko
|
1f6b13b7fd
Fix bug causing null addresses to get in memberships[] hash.
|
9 年之前 |
|
Adam Ierymenko
|
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
|
9 年之前 |
|
Adam Ierymenko
|
20278bb9e4
Also send MULTICAST_LIKEs to controllers.
|
9 年之前 |
|
Adam Ierymenko
|
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
|
9 年之前 |
|
Adam Ierymenko
|
eebcf08084
Tweaks to new Path code for dual-stack operation, and other fixes.
|
9 年之前 |
|
Adam Ierymenko
|
22271f2a49
Cleanup.
|
9 年之前 |
|
Adam Ierymenko
|
8b6d23b9f6
Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
|
9 年之前 |
|
Adam Ierymenko
|
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
|
9 年之前 |
|
Adam Ierymenko
|
994b25af4e
Simplify some logic.
|
9 年之前 |
|
Adam Ierymenko
|
74afef8eb1
Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
|
9 年之前 |
|
Adam Ierymenko
|
54489a7f61
rename SAMENESS to DIFFERENCE which is less confusing
|
9 年之前 |
|
Adam Ierymenko
|
8e3004591b
Add overlooked MATCH_ICMP to rule set.
|
9 年之前 |
|
Adam Ierymenko
|
cb63babac4
Debug output fixes.
|
9 年之前 |
|
Adam Ierymenko
|
ac1c127b68
Debug output fixes.
|
9 年之前 |
|
Adam Ierymenko
|
cb82193333
Debug output fixes.
|
9 年之前 |
|
Adam Ierymenko
|
f0636ffd4a
EXT_FRAME messages should always be accepted if we are the destination for a matching TEE or REDIRECT rule.
|
9 年之前 |
|
Adam Ierymenko
|
51a420671f
Make rules engine debug a bit more verbose.
|
9 年之前 |
|
Adam Ierymenko
|
7223685b96
.
|
9 年之前 |
|
Adam Ierymenko
|
e7dff1c785
Change logic a little for self-as-destination in TEE and REDIRECT.
|
9 年之前 |
|
Adam Ierymenko
|
a5383d83d8
Do not TEE or REDIRECT to self.
|
9 年之前 |
|
Adam Ierymenko
|
fb5217761b
Add missing names in filter debug code.
|
9 年之前 |
|
Adam Ierymenko
|
90f3e94565
Always output trace info when debugging rules.
|
9 年之前 |
|
Adam Ierymenko
|
ded5a53a6c
Documentation updates, add rules engine revision to network config request meta-data.
|
9 年之前 |
|
Adam Ierymenko
|
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
|
9 年之前 |
|
Adam Ierymenko
|
b5e0d014ab
Controller bug fixes
|
9 年之前 |
|
Adam Ierymenko
|
5eaf397a94
Add a debug log feature in the filter, which only works if enabled in Network.cpp.
|
9 年之前 |
