summaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2016-10-11Broke down and added an OR to the rules engine. It is now possible to have a ↵Adam Ierymenko
series of MATCHes that are ORed.
2016-10-05Add a tags both equal match.Adam Ierymenko
2016-10-05Make capability flags match more user-friendly and appropriate since "match ↵Adam Ierymenko
any flag" is generally what we want.
2016-09-30Add new rule to rules engine: random match.Adam Ierymenko
2016-09-26It now builds.Adam Ierymenko
2016-09-26Bunch more refactoring and work on revocations, etc.Adam Ierymenko
2016-09-23Revocation work in progress, add WATCH which is TEE with implicit rate sync ↵Adam Ierymenko
(thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-14Add physical MTU recommendation hint to network config via API.Adam Ierymenko
2016-09-13Implement relay policy, and setting multicast limit to 0 now disables ↵Adam Ierymenko
multicast on the network as would be expected.
2016-09-09More refactoring to clean up code, and add a gate function to make sure we ↵Adam Ierymenko
do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-07Bunch more path refactoring. Peers no longer forget paths, but do not ↵Adam Ierymenko
normally use expired paths. Expired paths might still be tried if nothing else is reachable.
2016-09-03Tweaks to new Path code for dual-stack operation, and other fixes.Adam Ierymenko
2016-09-01Optimize filter code a bit, and add a network-level setting for what should ↵Adam Ierymenko
happen if an unsupported or unknown MATCH is encountered in a rules table.
2016-08-31rename SAMENESS to DIFFERENCE which is less confusingAdam Ierymenko
2016-08-31Add overlooked MATCH_ICMP to rule set.Adam Ierymenko
2016-08-26Documentation updates, add rules engine revision to network config request ↵Adam Ierymenko
meta-data.
2016-08-25Fix chicken or egg problem in tags, and better filter debug instrumentation.Adam Ierymenko
2016-08-25Add a debug log feature in the filter, which only works if enabled in ↵Adam Ierymenko
Network.cpp.
2016-08-24Increase rule limits a little since chunking in netconf can accomodate this.Adam Ierymenko
2016-08-24It basically works... at least on current controllers.Adam Ierymenko
2016-08-24Push NETWORK_CONFIG_REFRESH on POSTs to /member/... in controller.Adam Ierymenko
2016-08-24Add length limit to TEE and REDIRECT, and completely factor out old C ↵Adam Ierymenko
json-parser to eliminate a dependency.
2016-08-05.Adam Ierymenko
2016-08-04.Adam Ierymenko
2016-08-04More cleanup and removal of DeferredPackets, will do the latter in a more ↵Adam Ierymenko
elegant way.
2016-08-03Bunch of work on pushing and replication of tags and capabilities, and ↵Adam Ierymenko
protocol cleanup.
2016-08-03Add tag rules and split out rule serialize/deserialize so the code can be ↵Adam Ierymenko
reused.
2016-08-02Rules engine work: capability based security model with tags and ↵Adam Ierymenko
capabilities, and some cleanup across other places.
2016-07-28Cleanup...Adam Ierymenko
2016-07-28More rules engine work: key/value pair matching for microsegmentation.Adam Ierymenko
2016-07-25Basic L2/L3 filter for rules engine (not integrated yet) and some cleanup.Adam Ierymenko
2016-07-12Plumbing through trusted path stuff to OneService.Adam Ierymenko
2016-07-12Trusted path support, and version bump to 1.1.9Adam Ierymenko
2016-06-21Add rule type to match a COM field of the peer by ID and value because this ↵Adam Ierymenko
will be powerful.
2016-06-16Big refactor mostly builds. We now have a uniform backward compatible netconf.Adam Ierymenko
2016-06-14Big refactor in service code to prep for plumbing through route management.Adam Ierymenko
2016-06-09Add flags and metric to ZT-managed routes.Adam Ierymenko
2016-06-07Carry virtual network routes through to API.Adam Ierymenko
2016-05-09Add TCP relative sequence number criterion for documentation/posterity.Adam Ierymenko
2016-05-06Simplify a bunch of NetworkConfig stuff by eliminating accessors, also makes ↵Adam Ierymenko
network controller easier to refactor.
2016-05-06docsAdam Ierymenko
2016-05-06Dead code removal.Adam Ierymenko
2016-05-06Merge gateways and routes in netconf since they are the same thing.Adam Ierymenko
2016-04-28Beginning of security doc and kill some obsolete defines in main include file.Adam Ierymenko
2016-04-26Bunch more refactoring for an even more compact NetworkConfig ↵Adam Ierymenko
representation, especially rules.
2016-04-26Define an "anchor" as a statically defined device that serves as a network ↵Adam Ierymenko
lookup point.
2016-04-22Refactor rules table in-memory structure in new NetworkConfig to permit far ↵Adam Ierymenko
more rules with better space efficiency.
2016-04-12Shrink NetworkConfig slightly.Adam Ierymenko
2016-04-12NetworkConfig refactor part 1Adam Ierymenko
2016-02-22Make maximum size of a circuit test structure sane.Adam Ierymenko