re6stnet:957751c4cce41bc2ac036074b5043dc6bbf0e715 commitshttps://lab.nexedi.com/nexedi/re6stnet/-/commits/957751c4cce41bc2ac036074b5043dc6bbf0e7152014-10-16T18:46:49+02:00https://lab.nexedi.com/nexedi/re6stnet/-/commit/957751c4cce41bc2ac036074b5043dc6bbf0e715babeld with new control socket is required2014-10-16T18:46:49+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/e9583e125a64c695fa55d7e8dfe33daabefb274fDo not delete a tunnel if there are still routes through it2014-10-09T15:59:56+02:00Cédric Le Ninivincedric.leninivin@tiolive.comCo-authored-by: <span data-trailer="Co-authored-by:" data-user="30"><a href="https://lab.nexedi.com/jm" title="jm@nexedi.com"><img alt="Julien Muchembled's avatar" src="https://secure.gravatar.com/avatar/c911061fd96783a1cdab76ca0ef49a66?s=32&d=identicon" class="avatar s16 avatar-inline" title="Julien Muchembled"></a><a href="https://lab.nexedi.com/jm" title="jm@nexedi.com">Julien Muchembled</a> <<a href="mailto:jm@nexedi.com" title="jm@nexedi.com">jm@nexedi.com</a>></span>https://lab.nexedi.com/nexedi/re6stnet/-/commit/2f49dae1d85a80e88a8e0895c4c7ed957ac11d99Use new control socket of babeld to get routes2014-10-09T15:59:53+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/f9991e5855f48afdb7a663a4864d828ecdb2dd9cAdd support for writeable selectable objects2014-10-09T15:50:57+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/3e207f4d4a4527712d0fb1423aba0bb23df529ecReview API between the main loop and the various select-able objects2014-10-09T15:50:57+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/a30aec394b6f217aab9b748cba599d097912f180registry: whitelist RPCs rather than blacklist methods to not publish2014-10-09T15:50:55+02:00Julien Muchembledjm@nexedi.com
Here, it's simpler and safer. We will also want to have private methods that
don't start with an underscore.https://lab.nexedi.com/nexedi/re6stnet/-/commit/19f6cacc9ee95976ddf7b1aa07f298af19a3c720registry: fix condition to decide when to refresh list of peers2014-10-09T15:50:10+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/5d157c4dff1744ebc032b9c1da43556f37350e72demo: fix command to start recent versions of miniupnpd2014-10-06T17:18:34+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/fed90445307391dca543c6eeb8870221ab5ae3efTODO & code documentation2014-09-03T18:03:05+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/15e1f891c876da3369e8a1bc4513a12a10871a09New version of babeld: 1.5.12014-09-02T17:09:30+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/8a5c4880eb15114a13cecc9da9d1edcd598e0bebregistry: delete unused accounts and old tokens automatically2014-08-26T11:24:10+02:00Julien Muchembledjm@nexedi.com
Certificates are deleted 30 days after they get invalid,
so that unused prefixes can be reallocated.https://lab.nexedi.com/nexedi/re6stnet/-/commit/d7d7b425413785fa5dbf99bbcb0fd43841e5ab9dDo not fail on unexpected 'route_up' notifications from OpenVPN clients2014-08-20T14:25:13+02:00Julien Muchembledjm@nexedi.com
This fixes the following error:
TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
Traceback (most recent call last):
File "/usr/sbin/re6stnet", line 438, in main
tunnel_manager.handleTunnelEvent(read_pipe.readline())
File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 389, in handleTunnelEvent
m(*args)
File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 412, in _ovpn_route_up
self._connection_dict[prefix].connected()
File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 76, in connected
i = self._retry - 1
What happened is probably that a route_up notification was received just before
killing/recreating the connection for the same node, and then process twice
the same OpenVPN notification: in this case, the first was for a previous
connection and should have been ignored.https://lab.nexedi.com/nexedi/re6stnet/-/commit/2c3d66bbcde0682fa0d896c44978e391e38abb85registry: fix permission of 'topology' RPC2014-07-31T17:36:44+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/ff341419c8abc6c73804c3a310fa1029b1f70fb4Fix typos in README2014-07-31T16:06:49+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/2889f515703785baef12db3a35ebf35f72a18c1fAvoid fragmentation when using UDP2014-07-29T17:54:49+02:00Julien Muchembledjm@nexedi.com
We'll have to revive UDP because we experienced congestion with TCP.
This should make UDP efficient in good environment.
MTU discovery is required however to enable UDP by default.https://lab.nexedi.com/nexedi/re6stnet/-/commit/756bda32b8f9b07dd27f78d332435f6fcb3a4f68Do not fail on messages received from link-local ipv62014-07-29T16:20:58+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/1f394dc73c561cc2fe71ca511fbc3a8848db4e9fFix TypeError when the system lacks memory2014-07-22T10:22:02+02:00Julien Muchembledjm@nexedi.com
This fixes up commit <a href="/jhuge/re6stnet/-/commit/e3781aff443b7504f09bd818ebeafe90285b5990" data-original="e3781aff443b7504f09bd818ebeafe90285b5990" data-link="false" data-link-reference="false" data-project="1297" data-commit="e3781aff443b7504f09bd818ebeafe90285b5990" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="Reduce probability of dying when the system lacks memory" class="gfm gfm-commit has-tooltip">e3781aff</a>
(Reduce probability of dying when the system lacks memory").https://lab.nexedi.com/nexedi/re6stnet/-/commit/87bc6bb9a3a217266f23718c97e9b0f911ec67b7Update comment after changed systemd's TODO2014-07-18T21:08:57+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/e15da4c4ec8d8bd66d133dd2a813025d91e3b615New re6st.version module2014-07-18T21:08:57+02:00Julien Muchembledjm@nexedi.com
- new -V/--version command line option
- protocol extended to get the version of any node in the network,
which will allow to track those running an old version of re6sthttps://lab.nexedi.com/nexedi/re6stnet/-/commit/6b7605e78a8f921598d64420d63a9d1699932f38Old clients are in the minority now so avoid them2014-07-16T19:43:20+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/265cbe532fa1e232df739618a68dc0831573d113Remove network suffix from 're6stnet_ip' environment variable2014-07-16T19:36:09+02:00Julien Muchembledjm@nexedi.com
It's already in 're6stnet_subnet' and it's useful to bind to 're6stnet_ip'
without having to edit it first.https://lab.nexedi.com/nexedi/re6stnet/-/commit/beef4c8f6c7ec232c41b2356db192a648874f2d0Increase rtt-decay factor to match our higher hello interval2014-07-12T05:12:00+02:00Julien Muchembledjm@nexedi.com
256 * (1 - (1-42/256.)**(15/4.)) ≈ 125
where:
- 42 is default rtt-decay
- 4 is default hello in babeld
- 15 is default hello in re6sthttps://lab.nexedi.com/nexedi/re6stnet/-/commit/38d91ef2b9c3d35474901af4abfbff52cc1e9f98Do not advertise any IPv6 when UPnP is used2014-07-11T16:20:35+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/2cf88eef7062049b525537c45c0884a985143de9Code cleanup2014-07-11T15:43:33+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/6d759c9bcbedbcfe30bd5cbaaf0fb471ec274c3bre6st-conf: add warning about the importance of the private key2014-07-11T15:38:37+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/031c5e3463f690118cda467a2e97230cdfaec874Add support for OpenVPN tunnels over IPv62014-07-10T11:39:10+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/f5b794e8e7e830ce1aab4ada94d5b5ea290e9c5fFix server-less mode (--max-clients=0)2014-07-07T17:21:19+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/dcf95b360cd31e01c2352bab7cf1bcfcec5d1cacAdd timeout when communicating with the registry2014-07-03T11:29:27+02:00Julien Muchembledjm@nexedi.com
This makes sure re6st does not stop working because a connection is stuck.https://lab.nexedi.com/nexedi/re6stnet/-/commit/85187191c3a3000e404cb3803cc5d22a4495f5d8Switch RTT-based metric for routing2014-07-02T17:12:00+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/f0488d4cd4b3372193d6fc75fa76fdfcc6a549b5Document that firewall must accept UDPv6 port 3262014-07-02T12:25:56+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/c84b2cec906c2eeae66869bcbb2e5053be08cbb8security: drop UDP packets that are empty or from outside same re6st network2014-04-29T16:47:48+02:00Julien Muchembledjm@nexedi.com
Also accepts packets from loopback.https://lab.nexedi.com/nexedi/re6stnet/-/commit/543e4faa506b9e2e62d0df6d002e94f8aba00105iproute shipped by CentOS 6 is too old and does not provide 'tuntap' subcommand2014-02-20T11:37:54+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/7ef3f232d1cb035aec922f883571dddcb1b5c97bLower severity of getBootstrapPeer failure when it has no UDP answer2014-02-19T20:13:51+01:00Julien Muchembledjm@nexedi.com
It's normal such failure happens occasionally and re6st retries later so:
- do not frighten user/admin with 500 status and ssl errors
- do not waste resources by killing session with registryhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/c6936c3f9240099f03757ee1975cc26561e62864Debian: 'iproute' package is deprecated2014-02-19T14:20:39+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/296676368fa64931257d64146b9dc4e7793f625fReset --tunnel-refresh countdown when a tunnel is created2014-02-03T15:08:25+01:00Julien Muchembledjm@nexedi.com
This prevents re6stnet from killing tunnels prematurely.https://lab.nexedi.com/nexedi/re6stnet/-/commit/d46b09e1d9aca15e98179c5e2e5b0a575dd7f68bDisable clean up of unused tap interface2014-02-01T17:40:08+01:00Julien Muchembledjm@nexedi.com
Current implementation is too aggressive and after some time, babeld stops
working properly, with log full of:
setsockopt(IPV6_JOIN_GROUP): Cannot allocate memory
setsockopt(IPV6_LEAVE_GROUP): Cannot assign requested addresshttps://lab.nexedi.com/nexedi/re6stnet/-/commit/e3781aff443b7504f09bd818ebeafe90285b5990Reduce probability of dying when the system lacks memory2014-01-16T17:00:53+01:00Julien Muchembledjm@nexedi.com
Some servers can only be accessed via their re6st IP. re6st itself uses little
memory so it should not die when it fails to fork.https://lab.nexedi.com/nexedi/re6stnet/-/commit/e7649c7885fae5739765ace6b21f2213f295fe99Fix compatibility issue with Python < 2.72013-12-23T14:06:42+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/ee43ad043b46792e6e35685e3de35735ccafdb92New --neighbour option to make sure given peers are reachable directly2013-11-25T18:46:45+01:00Julien Muchembledjm@nexedi.com
This is a workaround waiting that we have better criteria to select tunnels
to create or destroy.https://lab.nexedi.com/nexedi/re6stnet/-/commit/bcb18c38c53dafa830c03aa9e4767727a826a928Fix most race conditions causing bad cleanup2013-11-21T02:32:07+01:00Julien Muchembledjm@nexedi.com