* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix#1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f4.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixeszerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix#1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
---------
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Version 1.0.2 brings experimental FreeBSD support. It has ONLY been tested
on FreeBSD 10 on an x64 system, and should be considered alpha for this
platform for now.
This version is not going to be pushed out to the entire world via software
update, and the binary version distributed for other platforms via the
zerotier.com web site will remain 1.0.1 as there are no other meaningful
user-facing changes. This is just an interim release to let FreeBSD users
try it out. If you find bugs, please enter them on GitHub or do a pull
request and fix them yourself.
This version is mostly a bug fix release. It fixes a bug that could cause
the service to crash on Windows while running the GUI application. It also
contains a number of fixes to the Linux installer and Linux support for
systemd-based init systems.
It also includes a minor tweak to the multicast algorithm. Version 1.0.0
sent multicasts in a deterministic order, while this version randomizes
the order. The vast majority of users will notice nothing, but this may result
in superior coverage for service announcements on very large networks. It's
a hard variation to test, so we're releasing like this to gather information
from users about the effect. Nothing will change on small networks, and
ordinary multicast functions like ARP and NDP should be unaffected.
The next version will likely focus on additional improvements to Microsoft
Windows support, since there are several known Windows issues in need of
attention. We're working on an NDIS6-based Tap driver that should address
the driver issues experienced by a small number of Windows 7 users.
This version is being tagged and bagged, despite the fact that it's not
going to be released and won't be merged into master until 1.0.0 is ready.
It contains several Linux build fixes, a fix for a unix domain socket resource
leak, and build fixes for the Raspberry Pi.
This version fixes several bugs including an issue with networks that have
EtherType filtering disabled, a file permission issue that affected non-English
versions of Windows, a multicast propagation bug that caused multicasts to
be dropped more often than they should be, and an issue with IP auto-configuration.
It also introduces experimental support for bridging between physical and virtual
networks, a much-requested and powerful ability that's been planned from the start.
ZeroTier One can now replace the functionality of ordinary VPNs, link multiple
offices into a single LAN, and connect virtual machine backplanes in the cloud to
physical networks at home, among other things.
Bridging support isn't "officially" out yet, since the web UI part is still
in development. But when that is done, an official announcement will be
made on the blog and users can try it out. So far bridging has only
been tested under Linux with the Linux kernel's native bridging driver.
YMMV on other platforms. Try it out and let us know by filing bugs at GitHub
or e-mailing them to "contact@zerotier.com".
Version 0.9.0 adds a network-wide toggle for blanket broadcast (ff:ff:ff:ff:ff:ff), contains changes for compatibility with the new web site and netconf server code, and most importantly introduces unique non-conflicting MAC address schemes on a per-virtual-network basis.
The MAC address change is necessary to support bridging, which is the next major feature to be added. It's not absolutely required, but it makes sure that things work properly in the (probably very rare) case that two virtual networks happen to be directly or indirectly bridged together.
The MAC change means that 0.9.0 is a required update. Clients not updating will find themselves unable to communicate with older versions. The underlying protocol is the same, but MAC address resolution and routing will not work properly. Those running binary releases will be updated automatically, while those running from source must download and rebuild.
This version also fixes two minor security issues, including one involving file permissions on non-English Windows versions.
This version fixes a few more issues with TCP tunneling including GitHub issue #63.
It also adds automatic announcement and location of peers on physical LANs (GitHub
issue #56) which should greatly improve performance if you happen to be on the same
LAN or WiFi network as another peer. It can take 60 seconds or so for this to occur,
but it should.
This, quick on the heels of 0.8.0, fixes the fact that TCP tunneling was
broken. :)
There was a bug that only manifested in some cases, and not on my testnet.
I took the opportunity to clean up some of that logic generally. I need a
better testnet, but that will have to wait until we exit beta and hopefully
I can earn a little bit of money off this. A better testnet will require
a big beefy virtualization box or two to run hundreds to thousands of KVMs.
Also fixed a tiny cosmetic issue on Windows. Other than that no changes.
This version introduces a major new feature requested by several users,
both via the user survey and otherwise: TCP tunneling.
If you are not able to communicate over UDP/9993, ZeroTier One will switch to
TCP connections to ZeroTier's supernodes. This is always slower than UDP, but
will allow you to communicate behind all but the most extremely restrictive
firewalls. This TCP traffic travels over port 443 and looks like HTTPS (SSL)
traffic (though it isn't), since that port is almost always open.
This also fixes several minor bugs and attempts to improve the robustness of
Windows tap driver management. Several users have reported spurious issues
with the Windows tap device, though I was unable to reproduce any of these with
clean VMs. (Tried Windows 7 and 8.1, both x86 and x64. No luck.) But I tried
to beef up the tap code anyway in the hopes of catching it. It now tries a lot
harder to make sure the tap is up and running.
There was some significant under the hood refactoring in support of TCP, so
this was a non-trivial change.
I bumped the version to 0.8 to indicate that more and more features are being
crossed off the list as we approach 1.0 and exit from beta. After this, the next
major feature will be LAN announcement to find direct paths to peers on the
same physical LAN. But assuming that 0.8.0 goes smoothly, I am going to divert
attention to the web site. A new design is coming that is much cleaner, sharper,
and easier to use.
Thank you all for all your excellent feedback! We're well on the way to a killer
product that makes conventional VPNs and other kludges obsolete.
Version 0.7.2 marks the first release of ZeroTier One for Windows. Binaries will be
released to a few select testers at first, then to the whole world. Installation from
MSI and auto-update appear to be working. So far Windows 7 and 8 and Windows Server
2008 or newer are supported. Vista has issues so it's not supported at the moment,
and may not be since nobody seems to use it (according to Google Analytics).
This version contains fixes to Linux installation and deployment and adds a
new supernode in Tokyo, Japan. It also has a working Windows installer, though
a bit more testing is going to take place before Windows binaries are
actually released.
Version 0.7.0 commemorates public beta binaries now being in the wild for Mac
and Linux platforms, though this actually happened a few days ago with 0.6.14.
This version fixes two bugs. First, the Linux installer/updater now supports
both systemd and regular SysV init. It will detect which your distro uses at
install/update time and install the zerotier-one service accordingly.
Secondly, this fixes an issue that caused the service to always show ONLINE
in the GUI or 'zerotier-cli info' even if there was no net connection. The
online status should be more reliably reported now.
This version adds persistence of *nix device names (where possible), and fixes
a possible crash in Topology.cpp that was introduced in a previous revision.
It also adds a new supernode located in Singapore!
This version ties up some stuff that remains in the core before binary release.
It adds support for direct interface IP enumeration on *nix systems, as well
as a fix for IPv6 link-local addresses on OSX. This also contains some cleanup
in Peer and some improvements to help detect and route around dead or unreachable
supernodes.
Getting close!
This version fixes a minor NAT traversal issue. In the past, NAT-t links had a timeout
but otherwise were preserved. This version makes them more ephemeral and invalidates
them on sleep/wake or changes in network configuration or environment.
This is because many NAT setups are very fragile with regard to hole punches, so the
past stickiness of links caused dead links to persist too long and break connectivity
between peers.
This is about 75% of what needs to be done to greatly improve robustness. The other 25%
involves detecting failed links or failed relays.
This version is also almost done for the Windows platform, moving us even closer to
binary release.
Not a significant release for OSS users, but this version marks a significant
increase in workitude on the Windows platform. A properly and officially
signed x64 driver is also included. x86 drivers and more Windows work including
Qt UI are coming soon.
Another release leading up to official binary releases... not much to the core,
but quite a bit of work on the UI, installation, and such.
This version will build and run on OSX 10.6 while previous versions would fail
due to a missing getifmaddrs() function.
This version contains no significant changes to the engine itself, just to
the installer, the GUI, and packaging and such. It's all stuff for prep for
the big release, which is fast approaching!
New versions will be coming fast and furious for a bit as bugs get fixed and
testing is done in prep to the first binary release.
This version fixes a problem with WAN path discovery and a possible security
issue in PacketDecoder. (see previous comments)
This version contains few changes that are visible to users building from source.
It contains an almost-complete version of the Qt-based GUI in ZeroTierUI, though
this is still a work in progress. It also contains the software update infrastructure,
which is not yet enabled by default but does basically work. Some cleanup and
dead code removal has also occurred.
The next release will probably be the first binary release with auto-update and a
full UI experience for Linux and Mac. Windows will follow later, as more work has
to be done on the Windows port.
This version fixes a recurrent gremlin in the tap driver for Mac. If you are
having this issue, you should reinstall the tap.
If you're already running ZT1, shut it down (sudo killall zerotier-one) and
then do:
sudo kextunload /Library/Application\ Support/ZeroTier/One/tap.kext
This should unload the old version. Then type 'sudo make install-mac-tap' in
the ZT1 source home directory and the new version will be installed. ZT1 will
load the module again when it next starts.
In addition to a fix, I am now distributing tap binaries and it is no longer
built in the default Makefile. This is because Apple's in the midst of some
changes that have made building it somewhat difficult.
Another note for Mavericks users:
The first time you use ZT1, you will get a popup about unsigned kernel
extensions. This will vanish once we're out of beta and have signing keys
and signed drivers.
Other changes in this version:
* Minor improvement to Utils::getSecureRandom
* Bug fixes and a small change to certificates of membership for private
networks, which now appear to be working very well!
* Stubbed out messages for auto-update, which will be done in-band via
the ZT1 protocol. Not implemented yet.
This version removes the peer DBM present in earlier releases. It is not necessary for
regular clients and has been a source of problems.
There is a long-term identity cache that can be enabled by making a directory called
"iddb.d" in the home folder and restarting ZT1. This is probably something only our
supernodes would need, since regular nodes can easily WHOIS peers they've forgotten
about.
On shutdown, the peer database is dumped to disk. It's then restored on startup.
Peers that have not been used in a while are cleaned out, so this keeps this data
set small.
A DBM may re-appear later if it's needed, but for now it was YAGNI.
Whew. This is a big one. More of a marathon than a sprint.
First, four big things:
1) This version breaks backward compatibility with all prior versions.
It's in alpha, I can do that.
2) The port has changed from 8993 to 9993 to mark this change. Probably
not necessary but why not? Also 8993/UDP turned out to be used by some
enterprise LDAP thingy, which doesn't matter much either but again why
not?
3) This version, unlike previous versions, does NOT auto-join the Earth
network. Soon there will be more than one net, and not everyone is going
to want to get dumped on a flat global LAN right out of the box. To
join Earth use the command line interface:
sudo zerotier-cli join bc8f9a8ee3000001
4) Finally, you will get a different IP on Earth. The whole cryptosystem
has changed and we're not going to bother with continuity issues in
alpha testing.
So what's changed? See the blog:
http://blog.zerotier.com/post/62991430345/alpha-zerotier-one-network-is-down-briefly
The net should be up shortly after this commit. If there are any issues,
0.5.0 will be rapidly followed by 0.5.1. :-) Otherwise the next sprint
will be finishing up support for private networks. Then it's off to the
races with BETA, then Windows. (Decided to move into beta before Windows
in all likelihood.)
Changes:
* It now builds and runs on Windows with Visual Studio 2012. Windows is
not ready for prime time yet though for several reasons, so no Windows
release yet. If you're brave you can try to DIY, but the driver is
not signed yet either. Windows is a work in progress still.
* Networks now pull their ethernet type whitelist from the netconf master
instead of having it hard-coded. (Prep for network mgmt.)
* Netconf master now sends name and description of networks so this can
be used to set Windows network display names.
* A couple minor bug fixes here and there, nothing major.
* No protocol changes that break compatibility.
In addition to a lot of Windows port work that isn't finished yet (and doesn't
affect the *nix platforms at all), this version contains quite a bit of multicast
cleanup and code simplification.
I also pulled rate limits for now, as it seems to be causing problems. More testing
on the testnet is going to be needed.
This version fixes problems with locating the 'ip' command on Gentoo
and possibly other Linux systems, and a problem that could cause a
crash if EthernetTap was unable to locate one of the commands it
invokes to configure IP information on tap devices.
The code also now builds on Windows. It doesn't run yet, but it's a
step. Windows port is in full swing.
Version 0.4.2 is largely a cleanup release. Changes are minor:
* Programatically replace libcrypto's random number generator with our
own (using /dev/urandom or Windows CAPI) since libcrypto's RNG likes
to use uninitialized memory as one of its entropy sources. This causes
massive floods of valgrind (debugger) errors during memory error
profiling analysis.
* Clean up some other code to eliminate valgrind errors.
Valgrind now runs on Linux with only one error. This error is in
EthernetTap and is a false positive.
This version adds a draft of the multicast rate limiting architecture. A
few minor bugs are also fixed. The Linux version builds in debug mode for
now.
In keeping with the wild west alpha phase of this software, this version is
a major departure from 0.3.0 and an upgrade is required.
The protocol hasn't changed much, but the system of network membership, network
IDs, and network configuration bootstrapping has changed dramatically.
The mechanism for network autoconfiguration is now in-band, via the ZeroTier
protocol itself, rather than using an HTTP API. This simplifies the code and
allows us to use a consistent system of encryption and authentication.
To accomodate this change, network IDs now contain in their most significant
40 bits the ZeroTier address of a node responsible for overseeing the addressing
of participating network members. The remaining bits are free, so each network
controller (netconf node) can control up to 2^24 networks. The code for the
netconf service is in /netconf-service, but for ordinary users there's not much
need to look at it or use it. It's just there to be open source.
The system for network membership tracking is also revamped. For open networks
like Earth this doesn't matter, but for closed networks membership is now driven
by something called a membership certificate that is signed by the controlling
node in the network. There's still work to be done here, so private network
support isn't fully baked yet. But public open networks work fine.
Nodes still join "Earth" by default. The ID for Earth has changed from 1 to
6c92786fee000001 (hex). This means that old 0.3.0 clients and older will not
be able to communicate with 0.4.0 as their network IDs will not match.
The new certificate-based network membership system scales better than the old
HTTP API system and will support some pretty amazing features. Stay tuned!
For now just update and relaunch. You should get the same IPv4 address you
had before.
The second big change is zerotier-cli. Try running it as root (or after
copying the auth file to the path it tells you about when you first run it)
with 'help' as a command.
This version is not compatible with versions prior to 0.3.0, so
'git pull' and restart if you are following the alpha.
Changes from 0.2.5:
- All multicast frames are now signed by the original sender. This
will permit very efficient and fault tolerant rate limitation
across networks, and imposes a kind of "hash cash" cost on those
who wish to flood the network by forcing them to keep regenerating
new identities.
- Simplified peer last unicast / last multicast accounting.
- Improvements to multicast propagation algorithm to achieve better
coverage with less redundant messages.
- The bloated Switch class went on a diet, having packet decoding
broken out into PacketDecoder and multicast propagation algorithm
broken out into Multicaster.
- Multicaster is implemented as a template mockable class to permit
future simulations of huge scale multicast using the actual code
instead of mockups in another language.
- Introduced a faster non-cryptographic random source for things
like multicast propagation and address choosing.
- Some code cleanup, removal of outdated comments, etc.
Adam Ierymenko
Brenton Bostick
Grant Limberg
Adam Ierymenko