2013-07-04 20:56:19 +00:00
|
|
|
/*
|
2020-05-12 08:35:48 +00:00
|
|
|
* Copyright (c)2013-2020 ZeroTier, Inc.
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
2019-08-23 16:23:39 +00:00
|
|
|
* Use of this software is governed by the Business Source License included
|
|
|
|
* in the LICENSE.TXT file in the project's root directory.
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
2020-08-20 19:51:39 +00:00
|
|
|
* Change Date: 2025-01-01
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
2019-08-23 16:23:39 +00:00
|
|
|
* On the date above, in accordance with the Business Source License, use
|
|
|
|
* of this software will be governed by version 2.0 of the Apache License.
|
2013-07-04 20:56:19 +00:00
|
|
|
*/
|
2019-08-23 16:23:39 +00:00
|
|
|
/****/
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2017-01-19 23:16:04 +00:00
|
|
|
#include <stdint.h>
|
|
|
|
#include <stddef.h>
|
2017-02-06 00:19:03 +00:00
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
2017-01-19 23:16:04 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
#include "Packet.hpp"
|
|
|
|
|
2020-11-16 21:30:15 +00:00
|
|
|
#if defined(ZT_USE_X64_ASM_SALSA2012) && defined(ZT_ARCH_X64)
|
2017-04-18 15:45:37 +00:00
|
|
|
#include "../ext/x64-salsa2012-asm/salsa2012.h"
|
|
|
|
#endif
|
2017-04-20 00:11:56 +00:00
|
|
|
#ifdef ZT_USE_ARM32_NEON_ASM_SALSA2012
|
|
|
|
#include "../ext/arm32-neon-salsa2012-asm/salsa2012.h"
|
|
|
|
#endif
|
2017-04-18 15:45:37 +00:00
|
|
|
|
2017-02-06 00:19:03 +00:00
|
|
|
#ifdef _MSC_VER
|
|
|
|
#define FORCE_INLINE static __forceinline
|
|
|
|
#include <intrin.h>
|
2019-03-21 23:18:49 +00:00
|
|
|
#pragma warning(disable : 4127) /* disable: C4127: conditional expression is constant */
|
|
|
|
#pragma warning(disable : 4293) /* disable: C4293: too large shift (32-bits) */
|
2017-02-06 00:19:03 +00:00
|
|
|
#else
|
|
|
|
#define FORCE_INLINE static inline
|
|
|
|
#endif
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
namespace ZeroTier {
|
|
|
|
|
2017-01-19 23:16:04 +00:00
|
|
|
/************************************************************************** */
|
2017-04-20 00:11:56 +00:00
|
|
|
|
|
|
|
/* Set up macros for fast single-pass ASM Salsa20/12 crypto, if we have it */
|
|
|
|
|
|
|
|
// x64 SSE crypto
|
2020-11-16 21:30:15 +00:00
|
|
|
#if defined(ZT_USE_X64_ASM_SALSA2012) && defined(ZT_ARCH_X64)
|
2017-04-20 00:11:56 +00:00
|
|
|
#define ZT_HAS_FAST_CRYPTO() (true)
|
|
|
|
#define ZT_FAST_SINGLE_PASS_SALSA2012(b,l,n,k) zt_salsa2012_amd64_xmm6(reinterpret_cast<unsigned char *>(b),(l),reinterpret_cast<const unsigned char *>(n),reinterpret_cast<const unsigned char *>(k))
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// ARM (32-bit) NEON crypto (must be detected)
|
|
|
|
#ifdef ZT_USE_ARM32_NEON_ASM_SALSA2012
|
|
|
|
class _FastCryptoChecker
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
_FastCryptoChecker() : canHas(zt_arm_has_neon()) {}
|
|
|
|
bool canHas;
|
|
|
|
};
|
|
|
|
static const _FastCryptoChecker _ZT_FAST_CRYPTO_CHECK;
|
|
|
|
#define ZT_HAS_FAST_CRYPTO() (_ZT_FAST_CRYPTO_CHECK.canHas)
|
|
|
|
#define ZT_FAST_SINGLE_PASS_SALSA2012(b,l,n,k) zt_salsa2012_armneon3_xor(reinterpret_cast<unsigned char *>(b),(const unsigned char *)0,(l),reinterpret_cast<const unsigned char *>(n),reinterpret_cast<const unsigned char *>(k))
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// No fast crypto available
|
|
|
|
#ifndef ZT_HAS_FAST_CRYPTO
|
|
|
|
#define ZT_HAS_FAST_CRYPTO() (false)
|
|
|
|
#define ZT_FAST_SINGLE_PASS_SALSA2012(b,l,n,k) {}
|
|
|
|
#endif
|
|
|
|
|
2017-01-19 23:16:04 +00:00
|
|
|
/************************************************************************** */
|
|
|
|
|
|
|
|
/* LZ4 is shipped encapsulated into Packet in an anonymous namespace.
|
|
|
|
*
|
|
|
|
* We're doing this as a deliberate workaround for various Linux distribution
|
|
|
|
* policies that forbid static linking of support libraries.
|
|
|
|
*
|
|
|
|
* The reason is that relying on distribution versions of LZ4 has been too
|
|
|
|
* big a source of bugs and compatibility issues. The LZ4 API is not stable
|
|
|
|
* enough across versions, and dependency hell ensues. So fark it. */
|
|
|
|
|
|
|
|
/* Needless to say the code in this anonymous namespace should be considered
|
|
|
|
* BSD 2-clause licensed. */
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
/* lz4.h ------------------------------------------------------------------ */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* LZ4 - Fast LZ compression algorithm
|
|
|
|
* Header File
|
|
|
|
* Copyright (C) 2011-2016, Yann Collet.
|
|
|
|
|
|
|
|
BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
|
|
|
|
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
|
|
modification, are permitted provided that the following conditions are
|
|
|
|
met:
|
|
|
|
|
2017-03-01 18:22:57 +00:00
|
|
|
* Redistributions of source code must retain the above copyright
|
2017-01-19 23:16:04 +00:00
|
|
|
notice, this list of conditions and the following disclaimer.
|
2017-03-01 18:22:57 +00:00
|
|
|
* Redistributions in binary form must reproduce the above
|
2017-01-19 23:16:04 +00:00
|
|
|
copyright notice, this list of conditions and the following disclaimer
|
|
|
|
in the documentation and/or other materials provided with the
|
|
|
|
distribution.
|
|
|
|
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
You can contact the author at :
|
2017-03-01 18:22:57 +00:00
|
|
|
- LZ4 homepage : http://www.lz4.org
|
|
|
|
- LZ4 source repository : https://github.com/lz4/lz4
|
2017-01-19 23:16:04 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
Introduction
|
|
|
|
|
|
|
|
LZ4 is lossless compression algorithm, providing compression speed at 400 MB/s per core,
|
|
|
|
scalable with multi-cores CPU. It features an extremely fast decoder, with speed in
|
|
|
|
multiple GB/s per core, typically reaching RAM speed limits on multi-core systems.
|
|
|
|
|
|
|
|
The LZ4 compression library provides in-memory compression and decompression functions.
|
|
|
|
Compression can be done in:
|
2017-03-01 18:22:57 +00:00
|
|
|
- a single step (described as Simple Functions)
|
|
|
|
- a single step, reusing a context (described in Advanced Functions)
|
|
|
|
- unbounded multiple steps (described as Streaming compression)
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
lz4.h provides block compression functions. It gives full buffer control to user.
|
|
|
|
Decompressing an lz4-compressed block also requires metadata (such as compressed size).
|
|
|
|
Each application is free to encode such metadata in whichever way it wants.
|
|
|
|
|
|
|
|
An additional format, called LZ4 frame specification (doc/lz4_Frame_format.md),
|
|
|
|
take care of encoding standard metadata alongside LZ4-compressed blocks.
|
|
|
|
If your application requires interoperability, it's recommended to use it.
|
|
|
|
A library is provided to take care of it, see lz4frame.h.
|
|
|
|
*/
|
|
|
|
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_VERSION_MAJOR 1 /* for breaking interface changes */
|
|
|
|
#define LZ4_VERSION_MINOR 7 /* for new (non-breaking) interface capabilities */
|
|
|
|
#define LZ4_VERSION_RELEASE 5 /* for tweaks, bug-fixes, or development */
|
2017-01-19 23:16:04 +00:00
|
|
|
#define LZ4_VERSION_NUMBER (LZ4_VERSION_MAJOR *100*100 + LZ4_VERSION_MINOR *100 + LZ4_VERSION_RELEASE)
|
|
|
|
#define LZ4_LIB_VERSION LZ4_VERSION_MAJOR.LZ4_VERSION_MINOR.LZ4_VERSION_RELEASE
|
|
|
|
#define LZ4_QUOTE(str) #str
|
|
|
|
#define LZ4_EXPAND_AND_QUOTE(str) LZ4_QUOTE(str)
|
|
|
|
#define LZ4_VERSION_STRING LZ4_EXPAND_AND_QUOTE(LZ4_LIB_VERSION)
|
|
|
|
#define LZ4_MEMORY_USAGE 14
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_MAX_INPUT_SIZE 0x7E000000 /* 2 113 929 216 bytes */
|
2017-01-19 23:16:04 +00:00
|
|
|
#define LZ4_COMPRESSBOUND(isize) ((unsigned)(isize) > (unsigned)LZ4_MAX_INPUT_SIZE ? 0 : (isize) + ((isize)/255) + 16)
|
|
|
|
|
|
|
|
typedef union LZ4_stream_u LZ4_stream_t; /* incomplete type (defined later) */
|
|
|
|
|
2018-01-11 00:55:07 +00:00
|
|
|
static inline void LZ4_resetStream (LZ4_stream_t* streamPtr);
|
|
|
|
|
2017-01-19 23:16:04 +00:00
|
|
|
#define LZ4_HASHLOG (LZ4_MEMORY_USAGE-2)
|
|
|
|
#define LZ4_HASHTABLESIZE (1 << LZ4_MEMORY_USAGE)
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_HASH_SIZE_U32 (1 << LZ4_HASHLOG) /* required as macro for static allocation */
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
typedef struct {
|
2017-03-01 18:22:57 +00:00
|
|
|
uint32_t hashTable[LZ4_HASH_SIZE_U32];
|
|
|
|
uint32_t currentOffset;
|
|
|
|
uint32_t initCheck;
|
|
|
|
const uint8_t* dictionary;
|
|
|
|
uint8_t* bufferStart; /* obsolete, used for slideInputBuffer */
|
|
|
|
uint32_t dictSize;
|
2017-01-19 23:16:04 +00:00
|
|
|
} LZ4_stream_t_internal;
|
|
|
|
|
|
|
|
typedef struct {
|
2017-03-01 18:22:57 +00:00
|
|
|
const uint8_t* externalDict;
|
|
|
|
size_t extDictSize;
|
|
|
|
const uint8_t* prefixEnd;
|
|
|
|
size_t prefixSize;
|
2017-01-19 23:16:04 +00:00
|
|
|
} LZ4_streamDecode_t_internal;
|
|
|
|
|
|
|
|
#define LZ4_STREAMSIZE_U64 ((1 << (LZ4_MEMORY_USAGE-3)) + 4)
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_STREAMSIZE (LZ4_STREAMSIZE_U64 * sizeof(unsigned long long))
|
2017-01-19 23:16:04 +00:00
|
|
|
union LZ4_stream_u {
|
2017-03-01 18:22:57 +00:00
|
|
|
unsigned long long table[LZ4_STREAMSIZE_U64];
|
|
|
|
LZ4_stream_t_internal internal_donotuse;
|
2017-01-19 23:16:04 +00:00
|
|
|
} ; /* previously typedef'd to LZ4_stream_t */
|
|
|
|
|
|
|
|
#define LZ4_STREAMDECODESIZE_U64 4
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_STREAMDECODESIZE (LZ4_STREAMDECODESIZE_U64 * sizeof(unsigned long long))
|
2017-01-19 23:16:04 +00:00
|
|
|
union LZ4_streamDecode_u {
|
2017-03-01 18:22:57 +00:00
|
|
|
unsigned long long table[LZ4_STREAMDECODESIZE_U64];
|
|
|
|
LZ4_streamDecode_t_internal internal_donotuse;
|
2017-01-19 23:16:04 +00:00
|
|
|
} ; /* previously typedef'd to LZ4_streamDecode_t */
|
|
|
|
|
|
|
|
#ifndef HEAPMODE
|
2018-01-11 00:55:07 +00:00
|
|
|
#define HEAPMODE 0
|
2017-03-17 22:26:08 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef ZT_NO_TYPE_PUNNING
|
|
|
|
#define LZ4_FORCE_MEMORY_ACCESS 0
|
|
|
|
#else
|
|
|
|
#define LZ4_FORCE_MEMORY_ACCESS 2
|
|
|
|
#endif
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
#if defined(_MSC_VER) && defined(_WIN32_WCE) /* Visual Studio for Windows CE does not support Hardware bit count */
|
2018-01-11 00:55:07 +00:00
|
|
|
#define LZ4_FORCE_SW_BITCOUNT
|
2017-02-06 00:19:03 +00:00
|
|
|
#endif
|
2017-01-19 23:16:04 +00:00
|
|
|
|
2017-03-18 03:01:58 +00:00
|
|
|
#ifndef FORCE_INLINE
|
2017-03-17 23:09:18 +00:00
|
|
|
#define FORCE_INLINE static inline
|
2017-03-18 03:01:58 +00:00
|
|
|
#endif
|
2017-03-17 23:09:18 +00:00
|
|
|
|
2017-01-19 23:16:04 +00:00
|
|
|
#define ALLOCATOR(n,s) calloc(n,s)
|
2019-03-21 23:18:49 +00:00
|
|
|
#define FREEMEM free
|
|
|
|
#define MEM_INIT memset
|
2017-01-19 23:16:04 +00:00
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
typedef uint8_t BYTE;
|
|
|
|
typedef uint16_t U16;
|
|
|
|
typedef uint32_t U32;
|
|
|
|
typedef int32_t S32;
|
|
|
|
typedef uint64_t U64;
|
|
|
|
typedef uintptr_t uptrval;
|
2017-02-06 00:19:03 +00:00
|
|
|
typedef uintptr_t reg_t;
|
2017-01-19 23:16:04 +00:00
|
|
|
|
2018-01-11 00:55:07 +00:00
|
|
|
static inline unsigned LZ4_isLittleEndian(void)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
const union { U32 u; BYTE c[4]; } one = { 1 }; /* don't use static : performance detrimental */
|
|
|
|
return one.c[0];
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#if defined(LZ4_FORCE_MEMORY_ACCESS) && (LZ4_FORCE_MEMORY_ACCESS==2)
|
|
|
|
static U16 LZ4_read16(const void* memPtr) { return *(const U16*) memPtr; }
|
|
|
|
static U32 LZ4_read32(const void* memPtr) { return *(const U32*) memPtr; }
|
|
|
|
static reg_t LZ4_read_ARCH(const void* memPtr) { return *(const reg_t*) memPtr; }
|
|
|
|
static void LZ4_write16(void* memPtr, U16 value) { *(U16*)memPtr = value; }
|
|
|
|
static void LZ4_write32(void* memPtr, U32 value) { *(U32*)memPtr = value; }
|
|
|
|
#elif defined(LZ4_FORCE_MEMORY_ACCESS) && (LZ4_FORCE_MEMORY_ACCESS==1)
|
|
|
|
typedef union { U16 u16; U32 u32; reg_t uArch; } __attribute__((packed)) unalign;
|
|
|
|
static U16 LZ4_read16(const void* ptr) { return ((const unalign*)ptr)->u16; }
|
|
|
|
static U32 LZ4_read32(const void* ptr) { return ((const unalign*)ptr)->u32; }
|
|
|
|
static reg_t LZ4_read_ARCH(const void* ptr) { return ((const unalign*)ptr)->uArch; }
|
|
|
|
static void LZ4_write16(void* memPtr, U16 value) { ((unalign*)memPtr)->u16 = value; }
|
|
|
|
static void LZ4_write32(void* memPtr, U32 value) { ((unalign*)memPtr)->u32 = value; }
|
|
|
|
#else /* safe and portable access through memcpy() */
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline U16 LZ4_read16(const void* memPtr)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
U16 val; memcpy(&val, memPtr, sizeof(val)); return val;
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline U32 LZ4_read32(const void* memPtr)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
U32 val; memcpy(&val, memPtr, sizeof(val)); return val;
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline reg_t LZ4_read_ARCH(const void* memPtr)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
reg_t val; memcpy(&val, memPtr, sizeof(val)); return val;
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_write16(void* memPtr, U16 value)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(memPtr, &value, sizeof(value));
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_write32(void* memPtr, U32 value)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(memPtr, &value, sizeof(value));
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
#endif /* LZ4_FORCE_MEMORY_ACCESS */
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline U16 LZ4_readLE16(const void* memPtr)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
if (LZ4_isLittleEndian()) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return LZ4_read16(memPtr);
|
2017-03-01 18:22:57 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
const BYTE* p = (const BYTE*)memPtr;
|
|
|
|
return (U16)((U16)p[0] + (p[1]<<8));
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_writeLE16(void* memPtr, U16 value)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
if (LZ4_isLittleEndian()) {
|
2019-03-21 23:18:49 +00:00
|
|
|
LZ4_write16(memPtr, value);
|
2017-03-01 18:22:57 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
BYTE* p = (BYTE*)memPtr;
|
|
|
|
p[0] = (BYTE) value;
|
|
|
|
p[1] = (BYTE)(value>>8);
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_copy8(void* dst, const void* src)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(dst,src,8);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_wildCopy(void* dstPtr, const void* srcPtr, void* dstEnd)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
BYTE* d = (BYTE*)dstPtr;
|
|
|
|
const BYTE* s = (const BYTE*)srcPtr;
|
|
|
|
BYTE* const e = (BYTE*)dstEnd;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
do {
|
|
|
|
LZ4_copy8(d,s);
|
|
|
|
d+=8;
|
|
|
|
s+=8;
|
|
|
|
} while (d<e);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#define MINMATCH 4
|
|
|
|
|
|
|
|
#define WILDCOPYLENGTH 8
|
|
|
|
#define LASTLITERALS 5
|
|
|
|
#define MFLIMIT (WILDCOPYLENGTH+MINMATCH)
|
|
|
|
static const int LZ4_minLength = (MFLIMIT+1);
|
|
|
|
|
|
|
|
#define KB *(1 <<10)
|
|
|
|
#define MB *(1 <<20)
|
|
|
|
#define GB *(1U<<30)
|
|
|
|
|
|
|
|
#define MAXD_LOG 16
|
|
|
|
#define MAX_DISTANCE ((1 << MAXD_LOG) - 1)
|
|
|
|
|
|
|
|
#define ML_BITS 4
|
|
|
|
#define ML_MASK ((1U<<ML_BITS)-1)
|
|
|
|
#define RUN_BITS (8-ML_BITS)
|
|
|
|
#define RUN_MASK ((1U<<RUN_BITS)-1)
|
|
|
|
|
2019-03-21 23:18:49 +00:00
|
|
|
#define LZ4_STATIC_ASSERT(c) { enum { LZ4_static_assert = 1/(int)(!!(c)) }; } /* use only *after* variable declarations */
|
2017-01-19 23:16:04 +00:00
|
|
|
|
2018-05-18 09:09:27 +00:00
|
|
|
static inline unsigned LZ4_NbCommonBytes (reg_t val)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
if (LZ4_isLittleEndian()) {
|
2019-03-21 23:18:49 +00:00
|
|
|
if (sizeof(val)==8) {
|
|
|
|
# if defined(_MSC_VER) && defined(_WIN64) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
unsigned long r = 0;
|
|
|
|
_BitScanForward64( &r, (U64)val );
|
|
|
|
return (int)(r>>3);
|
|
|
|
# elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__>=3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
return (__builtin_ctzll((U64)val) >> 3);
|
|
|
|
# else
|
|
|
|
static const int DeBruijnBytePos[64] = { 0, 0, 0, 0, 0, 1, 1, 2, 0, 3, 1, 3, 1, 4, 2, 7, 0, 2, 3, 6, 1, 5, 3, 5, 1, 3, 4, 4, 2, 5, 6, 7, 7, 0, 1, 2, 3, 3, 4, 6, 2, 6, 5, 5, 3, 4, 5, 6, 7, 1, 2, 4, 6, 4, 4, 5, 7, 2, 6, 5, 7, 6, 7, 7 };
|
|
|
|
return DeBruijnBytePos[((U64)((val & -(long long)val) * 0x0218A392CDABBD3FULL)) >> 58];
|
|
|
|
# endif
|
|
|
|
} else /* 32 bits */ {
|
|
|
|
# if defined(_MSC_VER) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
unsigned long r;
|
|
|
|
_BitScanForward( &r, (U32)val );
|
|
|
|
return (int)(r>>3);
|
|
|
|
# elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__>=3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
return (__builtin_ctz((U32)val) >> 3);
|
|
|
|
# else
|
|
|
|
static const int DeBruijnBytePos[32] = { 0, 0, 3, 0, 3, 1, 3, 0, 3, 2, 2, 1, 3, 2, 0, 1, 3, 3, 1, 2, 2, 2, 2, 0, 3, 1, 2, 0, 1, 0, 1, 1 };
|
|
|
|
return DeBruijnBytePos[((U32)((val & -(S32)val) * 0x077CB531U)) >> 27];
|
|
|
|
# endif
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
} else /* Big Endian CPU */ {
|
2019-03-21 23:18:49 +00:00
|
|
|
if (sizeof(val)==8) {
|
|
|
|
# if defined(_MSC_VER) && defined(_WIN64) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
unsigned long r = 0;
|
|
|
|
_BitScanReverse64( &r, val );
|
|
|
|
return (unsigned)(r>>3);
|
|
|
|
# elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__>=3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
return (__builtin_clzll((U64)val) >> 3);
|
|
|
|
# else
|
|
|
|
unsigned r;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (!(val>>32)) {
|
|
|
|
r=4;
|
|
|
|
} else {
|
|
|
|
r=0;
|
|
|
|
val>>=32;
|
|
|
|
}
|
|
|
|
if (!(val>>16)) {
|
|
|
|
r+=2;
|
|
|
|
val>>=8;
|
|
|
|
} else {
|
|
|
|
val>>=24;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
r += (!val);
|
|
|
|
return r;
|
|
|
|
# endif
|
|
|
|
} else /* 32 bits */ {
|
|
|
|
# if defined(_MSC_VER) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
unsigned long r = 0;
|
|
|
|
_BitScanReverse( &r, (unsigned long)val );
|
|
|
|
return (unsigned)(r>>3);
|
|
|
|
# elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__>=3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
|
|
|
|
return (__builtin_clz((U32)val) >> 3);
|
|
|
|
# else
|
|
|
|
unsigned r;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (!(val>>16)) {
|
|
|
|
r=2;
|
|
|
|
val>>=8;
|
|
|
|
} else {
|
|
|
|
r=0;
|
|
|
|
val>>=24;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
r += (!val);
|
|
|
|
return r;
|
|
|
|
# endif
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#define STEPSIZE sizeof(reg_t)
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline unsigned LZ4_count(const BYTE* pIn, const BYTE* pMatch, const BYTE* pInLimit)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
const BYTE* const pStart = pIn;
|
|
|
|
|
|
|
|
while (likely(pIn<pInLimit-(STEPSIZE-1))) {
|
2019-03-21 23:18:49 +00:00
|
|
|
reg_t const diff = LZ4_read_ARCH(pMatch) ^ LZ4_read_ARCH(pIn);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (!diff) {
|
|
|
|
pIn+=STEPSIZE;
|
|
|
|
pMatch+=STEPSIZE; continue;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
pIn += LZ4_NbCommonBytes(diff);
|
|
|
|
return (unsigned)(pIn - pStart);
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
|
|
|
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((STEPSIZE==8) && (pIn<(pInLimit-3)) && (LZ4_read32(pMatch) == LZ4_read32(pIn))) {
|
|
|
|
pIn+=4; pMatch+=4;
|
|
|
|
}
|
|
|
|
if ((pIn<(pInLimit-1)) && (LZ4_read16(pMatch) == LZ4_read16(pIn))) {
|
|
|
|
pIn+=2; pMatch+=2;
|
|
|
|
}
|
|
|
|
if ((pIn<pInLimit) && (*pMatch == *pIn)) {
|
|
|
|
pIn++;
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
return (unsigned)(pIn - pStart);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static const int LZ4_64Klimit = ((64 KB) + (MFLIMIT-1));
|
|
|
|
static const U32 LZ4_skipTrigger = 6; /* Increase this value ==> compression run slower on incompressible data */
|
|
|
|
|
|
|
|
typedef enum { notLimited = 0, limitedOutput = 1 } limitedOutput_directive;
|
|
|
|
typedef enum { byPtr, byU32, byU16 } tableType_t;
|
|
|
|
|
|
|
|
typedef enum { noDict = 0, withPrefix64k, usingExtDict } dict_directive;
|
|
|
|
typedef enum { noDictIssue = 0, dictSmall } dictIssue_directive;
|
|
|
|
|
|
|
|
typedef enum { endOnOutputSize = 0, endOnInputSize = 1 } endCondition_directive;
|
|
|
|
typedef enum { full = 0, partial = 1 } earlyEnd_directive;
|
|
|
|
|
2018-01-11 00:55:07 +00:00
|
|
|
static inline int LZ4_compressBound(int isize) { return LZ4_COMPRESSBOUND(isize); }
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline U32 LZ4_hash4(U32 sequence, tableType_t const tableType)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (tableType == byU16) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return ((sequence * 2654435761U) >> ((MINMATCH*8)-(LZ4_HASHLOG+1)));
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
return ((sequence * 2654435761U) >> ((MINMATCH*8)-LZ4_HASHLOG));
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline U32 LZ4_hash5(U64 sequence, tableType_t const tableType)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
static const U64 prime5bytes = 889523592379ULL;
|
|
|
|
static const U64 prime8bytes = 11400714785074694791ULL;
|
|
|
|
const U32 hashLog = (tableType == byU16) ? LZ4_HASHLOG+1 : LZ4_HASHLOG;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (LZ4_isLittleEndian()) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return (U32)(((sequence << 24) * prime5bytes) >> (64 - hashLog));
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
return (U32)(((sequence >> 24) * prime8bytes) >> (64 - hashLog));
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tableType)
|
|
|
|
{
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((sizeof(reg_t)==8) && (tableType != byU16)) {
|
|
|
|
return LZ4_hash5(LZ4_read_ARCH(p), tableType);
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
return LZ4_hash4(LZ4_read32(p), tableType);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline void LZ4_putPositionOnHash(const BYTE* p, U32 h, void* tableBase, tableType_t const tableType, const BYTE* srcBase)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
switch (tableType) {
|
|
|
|
case byPtr: {
|
|
|
|
const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = p;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
case byU32: {
|
|
|
|
U32* hashTable = (U32*) tableBase; hashTable[h] = (U32)(p-srcBase);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
case byU16: {
|
|
|
|
U16* hashTable = (U16*) tableBase; hashTable[h] = (U16)(p-srcBase);
|
|
|
|
return;
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
FORCE_INLINE void LZ4_putPosition(const BYTE* p, void* tableBase, tableType_t tableType, const BYTE* srcBase)
|
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
U32 const h = LZ4_hashPosition(p, tableType);
|
|
|
|
LZ4_putPositionOnHash(p, h, tableBase, tableType, srcBase);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline const BYTE* LZ4_getPositionOnHash(U32 h, void* tableBase, tableType_t tableType, const BYTE* srcBase)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (tableType == byPtr) {
|
|
|
|
const BYTE** hashTable = (const BYTE**) tableBase;
|
|
|
|
return hashTable[h];
|
|
|
|
}
|
|
|
|
if (tableType == byU32) {
|
|
|
|
const U32* const hashTable = (U32*) tableBase;
|
|
|
|
return hashTable[h] + srcBase;
|
|
|
|
}
|
|
|
|
{ /* default, to ensure a return */
|
|
|
|
const U16* const hashTable = (U16*) tableBase;
|
|
|
|
return hashTable[h] + srcBase;
|
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
FORCE_INLINE const BYTE* LZ4_getPosition(const BYTE* p, void* tableBase, tableType_t tableType, const BYTE* srcBase)
|
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
U32 const h = LZ4_hashPosition(p, tableType);
|
|
|
|
return LZ4_getPositionOnHash(h, tableBase, tableType, srcBase);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
FORCE_INLINE int LZ4_compress_generic(
|
2019-03-21 23:18:49 +00:00
|
|
|
LZ4_stream_t_internal* const cctx,
|
|
|
|
const char* const source,
|
|
|
|
char* const dest,
|
|
|
|
const int inputSize,
|
|
|
|
const int maxOutputSize,
|
|
|
|
const limitedOutput_directive outputLimited,
|
|
|
|
const tableType_t tableType,
|
|
|
|
const dict_directive dict,
|
|
|
|
const dictIssue_directive dictIssue,
|
|
|
|
const U32 acceleration)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
const BYTE* ip = (const BYTE*) source;
|
|
|
|
const BYTE* base;
|
|
|
|
const BYTE* lowLimit;
|
|
|
|
const BYTE* const lowRefLimit = ip - cctx->dictSize;
|
|
|
|
const BYTE* const dictionary = cctx->dictionary;
|
|
|
|
const BYTE* const dictEnd = dictionary + cctx->dictSize;
|
|
|
|
const ptrdiff_t dictDelta = dictEnd - (const BYTE*)source;
|
|
|
|
const BYTE* anchor = (const BYTE*) source;
|
|
|
|
const BYTE* const iend = ip + inputSize;
|
|
|
|
const BYTE* const mflimit = iend - MFLIMIT;
|
|
|
|
const BYTE* const matchlimit = iend - LASTLITERALS;
|
|
|
|
|
|
|
|
BYTE* op = (BYTE*) dest;
|
|
|
|
BYTE* const olimit = op + maxOutputSize;
|
|
|
|
|
|
|
|
U32 forwardH;
|
|
|
|
|
|
|
|
/* Init conditions */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((U32)inputSize > (U32)LZ4_MAX_INPUT_SIZE) {
|
|
|
|
return 0; /* Unsupported inputSize, too large (or negative) */
|
|
|
|
}
|
|
|
|
switch(dict) {
|
2017-03-01 18:22:57 +00:00
|
|
|
case noDict:
|
|
|
|
default:
|
2019-03-21 23:18:49 +00:00
|
|
|
base = (const BYTE*)source;
|
|
|
|
lowLimit = (const BYTE*)source;
|
|
|
|
break;
|
2017-03-01 18:22:57 +00:00
|
|
|
case withPrefix64k:
|
2019-03-21 23:18:49 +00:00
|
|
|
base = (const BYTE*)source - cctx->currentOffset;
|
|
|
|
lowLimit = (const BYTE*)source - cctx->dictSize;
|
|
|
|
break;
|
2017-03-01 18:22:57 +00:00
|
|
|
case usingExtDict:
|
2019-03-21 23:18:49 +00:00
|
|
|
base = (const BYTE*)source - cctx->currentOffset;
|
|
|
|
lowLimit = (const BYTE*)source;
|
|
|
|
break;
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((tableType == byU16) && (inputSize>=LZ4_64Klimit)) {
|
|
|
|
return 0; /* Size too large (not within 64K limit) */
|
|
|
|
}
|
|
|
|
if (inputSize<LZ4_minLength) {
|
|
|
|
goto _last_literals; /* Input too small, no compression (all literals) */
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
|
|
|
|
/* First Byte */
|
|
|
|
LZ4_putPosition(ip, cctx->hashTable, tableType, base);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
ip++;
|
|
|
|
forwardH = LZ4_hashPosition(ip, tableType);
|
2017-03-01 18:22:57 +00:00
|
|
|
|
|
|
|
/* Main Loop */
|
|
|
|
for ( ; ; ) {
|
2019-03-21 23:18:49 +00:00
|
|
|
ptrdiff_t refDelta = 0;
|
|
|
|
const BYTE* match;
|
|
|
|
BYTE* token;
|
|
|
|
|
|
|
|
/* Find a match */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
{
|
|
|
|
const BYTE* forwardIp = ip;
|
2019-03-21 23:18:49 +00:00
|
|
|
unsigned step = 1;
|
|
|
|
unsigned searchMatchNb = acceleration << LZ4_skipTrigger;
|
|
|
|
do {
|
|
|
|
U32 const h = forwardH;
|
|
|
|
ip = forwardIp;
|
|
|
|
forwardIp += step;
|
|
|
|
step = (searchMatchNb++ >> LZ4_skipTrigger);
|
|
|
|
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (unlikely(forwardIp > mflimit)) {
|
|
|
|
goto _last_literals;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
match = LZ4_getPositionOnHash(h, cctx->hashTable, tableType, base);
|
|
|
|
if (dict==usingExtDict) {
|
|
|
|
if (match < (const BYTE*)source) {
|
|
|
|
refDelta = dictDelta;
|
|
|
|
lowLimit = dictionary;
|
|
|
|
} else {
|
|
|
|
refDelta = 0;
|
|
|
|
lowLimit = (const BYTE*)source;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
forwardH = LZ4_hashPosition(forwardIp, tableType);
|
|
|
|
LZ4_putPositionOnHash(ip, h, cctx->hashTable, tableType, base);
|
|
|
|
|
|
|
|
} while ( ((dictIssue==dictSmall) ? (match < lowRefLimit) : 0)
|
|
|
|
|| ((tableType==byU16) ? 0 : (match + MAX_DISTANCE < ip))
|
|
|
|
|| (LZ4_read32(match+refDelta) != LZ4_read32(ip)) );
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Catch up */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
while (((ip>anchor) & (match+refDelta > lowLimit)) && (unlikely(ip[-1]==match[refDelta-1]))) {
|
|
|
|
ip--;
|
|
|
|
match--;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
/* Encode Literals */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
{
|
|
|
|
unsigned const litLength = (unsigned)(ip - anchor);
|
2019-03-21 23:18:49 +00:00
|
|
|
token = op++;
|
|
|
|
if ((outputLimited) && /* Check output buffer overflow */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
(unlikely(op + litLength + (2 + 1 + LASTLITERALS) + (litLength/255) > olimit))) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return 0;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
if (litLength >= RUN_MASK) {
|
|
|
|
int len = (int)litLength-RUN_MASK;
|
|
|
|
*token = (RUN_MASK<<ML_BITS);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
for(; len >= 255 ; len-=255) {
|
|
|
|
*op++ = 255;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
*op++ = (BYTE)len;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
|
|
|
*token = (BYTE)(litLength<<ML_BITS);
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Copy Literals */
|
|
|
|
LZ4_wildCopy(op, anchor, op+litLength);
|
|
|
|
op+=litLength;
|
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
_next_match:
|
2019-03-21 23:18:49 +00:00
|
|
|
/* Encode Offset */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
LZ4_writeLE16(op, (U16)(ip-match));
|
|
|
|
op+=2;
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
/* Encode MatchLength */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
{
|
|
|
|
unsigned matchCode;
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
if ((dict==usingExtDict) && (lowLimit==dictionary)) {
|
|
|
|
const BYTE* limit;
|
|
|
|
match += refDelta;
|
|
|
|
limit = ip + (dictEnd-match);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (limit > matchlimit) {
|
|
|
|
limit = matchlimit;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
matchCode = LZ4_count(ip+MINMATCH, match+MINMATCH, limit);
|
|
|
|
ip += MINMATCH + matchCode;
|
|
|
|
if (ip==limit) {
|
|
|
|
unsigned const more = LZ4_count(ip, (const BYTE*)source, matchlimit);
|
|
|
|
matchCode += more;
|
|
|
|
ip += more;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
matchCode = LZ4_count(ip+MINMATCH, match+MINMATCH, matchlimit);
|
|
|
|
ip += MINMATCH + matchCode;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( outputLimited && /* Check output buffer overflow */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
(unlikely(op + (1 + LASTLITERALS) + (matchCode>>8) > olimit)) ) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return 0;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
if (matchCode >= ML_MASK) {
|
|
|
|
*token += ML_MASK;
|
|
|
|
matchCode -= ML_MASK;
|
|
|
|
LZ4_write32(op, 0xFFFFFFFF);
|
2023-01-17 17:38:10 +00:00
|
|
|
while (matchCode >= 4*255) {
|
|
|
|
op+=4;
|
|
|
|
LZ4_write32(op, 0xFFFFFFFF);
|
|
|
|
matchCode -= 4*255;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
op += matchCode / 255;
|
|
|
|
*op++ = (BYTE)(matchCode % 255);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
*token += (BYTE)(matchCode);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
anchor = ip;
|
|
|
|
|
|
|
|
/* Test end of chunk */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (ip > mflimit) {
|
|
|
|
break;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
/* Fill table */
|
|
|
|
LZ4_putPosition(ip-2, cctx->hashTable, tableType, base);
|
|
|
|
|
|
|
|
/* Test next position */
|
|
|
|
match = LZ4_getPosition(ip, cctx->hashTable, tableType, base);
|
|
|
|
if (dict==usingExtDict) {
|
|
|
|
if (match < (const BYTE*)source) {
|
|
|
|
refDelta = dictDelta;
|
|
|
|
lowLimit = dictionary;
|
|
|
|
} else {
|
|
|
|
refDelta = 0;
|
|
|
|
lowLimit = (const BYTE*)source;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
LZ4_putPosition(ip, cctx->hashTable, tableType, base);
|
|
|
|
if ( ((dictIssue==dictSmall) ? (match>=lowRefLimit) : 1)
|
|
|
|
&& (match+MAX_DISTANCE>=ip)
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
&& (LZ4_read32(match+refDelta)==LZ4_read32(ip)) ) {
|
|
|
|
token=op++;
|
|
|
|
*token=0;
|
|
|
|
goto _next_match;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
/* Prepare next loop */
|
|
|
|
forwardH = LZ4_hashPosition(++ip, tableType);
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
_last_literals:
|
2017-03-01 18:22:57 +00:00
|
|
|
/* Encode Last Literals */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
{
|
|
|
|
size_t const lastRun = (size_t)(iend - anchor);
|
2019-03-21 23:18:49 +00:00
|
|
|
if ( (outputLimited) && /* Check output buffer overflow */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
((op - (BYTE*)dest) + lastRun + 1 + ((lastRun+255-RUN_MASK)/255) > (U32)maxOutputSize) ) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return 0;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
if (lastRun >= RUN_MASK) {
|
|
|
|
size_t accumulator = lastRun - RUN_MASK;
|
|
|
|
*op++ = RUN_MASK << ML_BITS;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
for(; accumulator >= 255 ; accumulator-=255) {
|
|
|
|
*op++ = 255;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
*op++ = (BYTE) accumulator;
|
|
|
|
} else {
|
|
|
|
*op++ = (BYTE)(lastRun<<ML_BITS);
|
|
|
|
}
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(op, anchor, lastRun);
|
2019-03-21 23:18:49 +00:00
|
|
|
op += lastRun;
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* End */
|
|
|
|
return (int) (((char*)op)-dest);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline int LZ4_compress_fast_extState(void* state, const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
LZ4_stream_t_internal* ctx = &((LZ4_stream_t*)state)->internal_donotuse;
|
|
|
|
LZ4_resetStream((LZ4_stream_t*)state);
|
2017-03-17 23:09:18 +00:00
|
|
|
//if (acceleration < 1) acceleration = ACCELERATION_DEFAULT;
|
2017-03-01 18:22:57 +00:00
|
|
|
|
|
|
|
if (maxOutputSize >= LZ4_compressBound(inputSize)) {
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (inputSize < LZ4_64Klimit) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return LZ4_compress_generic(ctx, source, dest, inputSize, 0, notLimited, byU16, noDict, noDictIssue, acceleration);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
return LZ4_compress_generic(ctx, source, dest, inputSize, 0, notLimited, (sizeof(void*)==8) ? byU32 : byPtr, noDict, noDictIssue, acceleration);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
} else {
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (inputSize < LZ4_64Klimit) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return LZ4_compress_generic(ctx, source, dest, inputSize, maxOutputSize, limitedOutput, byU16, noDict, noDictIssue, acceleration);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2019-03-21 23:18:49 +00:00
|
|
|
return LZ4_compress_generic(ctx, source, dest, inputSize, maxOutputSize, limitedOutput, (sizeof(void*)==8) ? byU32 : byPtr, noDict, noDictIssue, acceleration);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline int LZ4_compress_fast(const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
|
|
|
#if (HEAPMODE)
|
2017-03-01 18:22:57 +00:00
|
|
|
void* ctxPtr = ALLOCATOR(1, sizeof(LZ4_stream_t)); /* malloc-calloc always properly aligned */
|
2017-01-19 23:16:04 +00:00
|
|
|
#else
|
2017-03-01 18:22:57 +00:00
|
|
|
LZ4_stream_t ctx;
|
|
|
|
void* const ctxPtr = &ctx;
|
2017-01-19 23:16:04 +00:00
|
|
|
#endif
|
|
|
|
|
2017-03-01 18:22:57 +00:00
|
|
|
int const result = LZ4_compress_fast_extState(ctxPtr, source, dest, inputSize, maxOutputSize, acceleration);
|
2017-01-19 23:16:04 +00:00
|
|
|
|
|
|
|
#if (HEAPMODE)
|
2017-03-01 18:22:57 +00:00
|
|
|
FREEMEM(ctxPtr);
|
2017-01-19 23:16:04 +00:00
|
|
|
#endif
|
2017-03-01 18:22:57 +00:00
|
|
|
return result;
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2018-01-11 00:55:07 +00:00
|
|
|
static inline void LZ4_resetStream (LZ4_stream_t* LZ4_stream)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
MEM_INIT(LZ4_stream, 0, sizeof(LZ4_stream_t));
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
FORCE_INLINE int LZ4_decompress_generic(
|
2019-03-21 23:18:49 +00:00
|
|
|
const char* const source,
|
|
|
|
char* const dest,
|
|
|
|
int inputSize,
|
|
|
|
int outputSize, /* If endOnInput==endOnInputSize, this value is the max size of Output Buffer. */
|
|
|
|
|
|
|
|
int endOnInput, /* endOnOutputSize, endOnInputSize */
|
|
|
|
int partialDecoding, /* full, partial */
|
|
|
|
int targetOutputSize, /* only used if partialDecoding==partial */
|
|
|
|
int dict, /* noDict, withPrefix64k, usingExtDict */
|
|
|
|
const BYTE* const lowPrefix, /* == dest when no prefix */
|
|
|
|
const BYTE* const dictStart, /* only if dict==usingExtDict */
|
|
|
|
const size_t dictSize /* note : = 0 if noDict */
|
|
|
|
)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
/* Local Variables */
|
|
|
|
const BYTE* ip = (const BYTE*) source;
|
|
|
|
const BYTE* const iend = ip + inputSize;
|
|
|
|
|
|
|
|
BYTE* op = (BYTE*) dest;
|
|
|
|
BYTE* const oend = op + outputSize;
|
|
|
|
BYTE* cpy;
|
|
|
|
BYTE* oexit = op + targetOutputSize;
|
|
|
|
const BYTE* const lowLimit = lowPrefix - dictSize;
|
|
|
|
|
|
|
|
const BYTE* const dictEnd = (const BYTE*)dictStart + dictSize;
|
|
|
|
const unsigned dec32table[] = {0, 1, 2, 1, 4, 4, 4, 4};
|
|
|
|
const int dec64table[] = {0, 0, 0, -1, 0, 1, 2, 3};
|
|
|
|
|
|
|
|
const int safeDecode = (endOnInput==endOnInputSize);
|
|
|
|
const int checkOffset = ((safeDecode) && (dictSize < (int)(64 KB)));
|
|
|
|
|
|
|
|
|
|
|
|
/* Special cases */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((partialDecoding) && (oexit > oend-MFLIMIT)) {
|
|
|
|
oexit = oend-MFLIMIT; /* targetOutputSize too high => decode everything */
|
|
|
|
}
|
|
|
|
if ((endOnInput) && (unlikely(outputSize==0))) {
|
|
|
|
return ((inputSize==1) && (*ip==0)) ? 0 : -1; /* Empty output buffer */
|
|
|
|
}
|
|
|
|
if ((!endOnInput) && (unlikely(outputSize==0))) {
|
|
|
|
return (*ip==0?1:-1);
|
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
|
|
|
|
/* Main Loop : decode sequences */
|
|
|
|
while (1) {
|
2019-03-21 23:18:49 +00:00
|
|
|
size_t length;
|
|
|
|
const BYTE* match;
|
|
|
|
size_t offset;
|
|
|
|
|
|
|
|
/* get literal length */
|
|
|
|
unsigned const token = *ip++;
|
|
|
|
if ((length=(token>>ML_BITS)) == RUN_MASK) {
|
|
|
|
unsigned s;
|
|
|
|
do {
|
|
|
|
s = *ip++;
|
|
|
|
length += s;
|
|
|
|
} while ( likely(endOnInput ? ip<iend-RUN_MASK : 1) & (s==255) );
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((safeDecode) && unlikely((uptrval)(op)+length<(uptrval)(op))) {
|
|
|
|
goto _output_error; /* overflow detection */
|
|
|
|
}
|
|
|
|
if ((safeDecode) && unlikely((uptrval)(ip)+length<(uptrval)(ip))) {
|
|
|
|
goto _output_error; /* overflow detection */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* copy literals */
|
|
|
|
cpy = op+length;
|
|
|
|
if ( ((endOnInput) && ((cpy>(partialDecoding?oexit:oend-MFLIMIT)) || (ip+length>iend-(2+1+LASTLITERALS))) )
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
|| ((!endOnInput) && (cpy>oend-WILDCOPYLENGTH)) ) {
|
2019-03-21 23:18:49 +00:00
|
|
|
if (partialDecoding) {
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (cpy > oend) {
|
|
|
|
goto _output_error; /* Error : write attempt beyond end of output buffer */
|
|
|
|
}
|
|
|
|
if ((endOnInput) && (ip+length > iend)) {
|
|
|
|
goto _output_error; /* Error : read attempt beyond end of input buffer */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
} else {
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((!endOnInput) && (cpy != oend)) {
|
|
|
|
goto _output_error; /* Error : block decoding must stop exactly there */
|
|
|
|
}
|
|
|
|
if ((endOnInput) && ((ip+length != iend) || (cpy > oend))) {
|
|
|
|
goto _output_error; /* Error : input must be consumed */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(op, ip, length);
|
2019-03-21 23:18:49 +00:00
|
|
|
ip += length;
|
|
|
|
op += length;
|
|
|
|
break; /* Necessarily EOF, due to parsing restrictions */
|
|
|
|
}
|
|
|
|
LZ4_wildCopy(op, ip, cpy);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
ip += length;
|
|
|
|
op = cpy;
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
/* get offset */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
offset = LZ4_readLE16(ip);
|
|
|
|
ip += 2;
|
2019-03-21 23:18:49 +00:00
|
|
|
match = op - offset;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((checkOffset) && (unlikely(match < lowLimit))) {
|
|
|
|
goto _output_error; /* Error : offset outside buffers */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
LZ4_write32(op, (U32)offset); /* costs ~1%; silence an msan warning when offset==0 */
|
|
|
|
|
|
|
|
/* get matchlength */
|
|
|
|
length = token & ML_MASK;
|
|
|
|
if (length == ML_MASK) {
|
|
|
|
unsigned s;
|
|
|
|
do {
|
|
|
|
s = *ip++;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((endOnInput) && (ip > iend-LASTLITERALS)) {
|
|
|
|
goto _output_error;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
length += s;
|
|
|
|
} while (s==255);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((safeDecode) && unlikely((uptrval)(op)+length<(uptrval)op)) {
|
|
|
|
goto _output_error; /* overflow detection */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
|
|
|
length += MINMATCH;
|
|
|
|
|
|
|
|
/* check external dictionary */
|
|
|
|
if ((dict==usingExtDict) && (match < lowPrefix)) {
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (unlikely(op+length > oend-LASTLITERALS)) {
|
|
|
|
goto _output_error; /* doesn't respect parsing restriction */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
|
|
|
|
if (length <= (size_t)(lowPrefix-match)) {
|
|
|
|
/* match can be copied as a single segment from external dictionary */
|
|
|
|
memmove(op, dictEnd - (lowPrefix-match), length);
|
|
|
|
op += length;
|
|
|
|
} else {
|
|
|
|
/* match encompass external dictionary and current block */
|
|
|
|
size_t const copySize = (size_t)(lowPrefix-match);
|
|
|
|
size_t const restSize = length - copySize;
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(op, dictEnd - copySize, copySize);
|
2019-03-21 23:18:49 +00:00
|
|
|
op += copySize;
|
|
|
|
if (restSize > (size_t)(op-lowPrefix)) { /* overlap copy */
|
|
|
|
BYTE* const endOfMatch = op + restSize;
|
|
|
|
const BYTE* copyFrom = lowPrefix;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
while (op < endOfMatch) {
|
|
|
|
*op++ = *copyFrom++;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
} else {
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(op, lowPrefix, restSize);
|
2019-03-21 23:18:49 +00:00
|
|
|
op += restSize;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* copy match within block */
|
|
|
|
cpy = op + length;
|
|
|
|
if (unlikely(offset<8)) {
|
|
|
|
const int dec64 = dec64table[offset];
|
|
|
|
op[0] = match[0];
|
|
|
|
op[1] = match[1];
|
|
|
|
op[2] = match[2];
|
|
|
|
op[3] = match[3];
|
|
|
|
match += dec32table[offset];
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(op+4, match, 4);
|
2019-03-21 23:18:49 +00:00
|
|
|
match -= dec64;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
|
|
|
LZ4_copy8(op, match);
|
|
|
|
match+=8;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
op += 8;
|
|
|
|
|
|
|
|
if (unlikely(cpy>oend-12)) {
|
|
|
|
BYTE* const oCopyLimit = oend-(WILDCOPYLENGTH-1);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (cpy > oend-LASTLITERALS) {
|
|
|
|
goto _output_error; /* Error : last LASTLITERALS bytes must be literals (uncompressed) */
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
if (op < oCopyLimit) {
|
|
|
|
LZ4_wildCopy(op, match, oCopyLimit);
|
|
|
|
match += oCopyLimit - op;
|
|
|
|
op = oCopyLimit;
|
|
|
|
}
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
while (op<cpy) {
|
|
|
|
*op++ = *match++;
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
} else {
|
|
|
|
LZ4_copy8(op, match);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (length>16) {
|
|
|
|
LZ4_wildCopy(op+8, match+8, cpy);
|
|
|
|
}
|
2019-03-21 23:18:49 +00:00
|
|
|
}
|
|
|
|
op=cpy; /* correction */
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* end of decoding */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (endOnInput) {
|
2019-03-21 23:18:49 +00:00
|
|
|
return (int) (((char*)op)-dest); /* Nb of output bytes decoded */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
} else {
|
2017-03-01 18:22:57 +00:00
|
|
|
return (int) (((const char*)ip)-source); /* Nb of input bytes read */
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-03-01 18:22:57 +00:00
|
|
|
/* Overflow error detected */
|
2017-01-19 23:16:04 +00:00
|
|
|
_output_error:
|
2017-03-01 18:22:57 +00:00
|
|
|
return (int) (-(((const char*)ip)-source))-1;
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
static inline int LZ4_decompress_safe(const char* source, char* dest, int compressedSize, int maxDecompressedSize)
|
2017-01-19 23:16:04 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
return LZ4_decompress_generic(source, dest, compressedSize, maxDecompressedSize, endOnInputSize, full, 0, noDict, (BYTE*)dest, NULL, 0);
|
2017-01-19 23:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
} // anonymous namespace
|
|
|
|
|
|
|
|
/************************************************************************** */
|
|
|
|
/************************************************************************** */
|
|
|
|
|
2013-09-27 20:03:13 +00:00
|
|
|
const unsigned char Packet::ZERO_KEY[32] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
|
2013-09-25 14:55:27 +00:00
|
|
|
|
2020-08-21 21:23:31 +00:00
|
|
|
void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
|
2015-05-05 01:39:53 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
2020-08-21 21:23:31 +00:00
|
|
|
if ((aesKeys) && (encryptPayload)) {
|
2020-11-16 21:30:15 +00:00
|
|
|
//char tmp0[16],tmp1[16];
|
2020-08-21 21:23:31 +00:00
|
|
|
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
|
2017-03-01 18:22:57 +00:00
|
|
|
|
2020-08-21 21:23:31 +00:00
|
|
|
uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
|
|
|
|
const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
|
2018-01-08 21:06:24 +00:00
|
|
|
|
2020-08-21 21:23:31 +00:00
|
|
|
AES::GMACSIVEncryptor enc(aesKeys[0],aesKeys[1]);
|
|
|
|
enc.init(Utils::loadMachineEndian<uint64_t>(data + ZT_PACKET_IDX_IV),payload);
|
|
|
|
enc.aad(data + ZT_PACKET_IDX_DEST,11);
|
|
|
|
enc.update1(payload,payloadLen);
|
|
|
|
enc.finish1();
|
|
|
|
enc.update2(payload,payloadLen);
|
|
|
|
const uint64_t *const tag = enc.finish2();
|
|
|
|
|
|
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
|
|
Utils::copy<8>(data,tag);
|
|
|
|
Utils::copy<8>(data + ZT_PACKET_IDX_MAC,tag + 1);
|
2017-04-20 16:33:35 +00:00
|
|
|
#else
|
2020-09-15 00:44:21 +00:00
|
|
|
*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV) = tag[0];
|
2020-08-21 21:23:31 +00:00
|
|
|
*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC) = tag[1];
|
2017-04-20 16:33:35 +00:00
|
|
|
#endif
|
2017-04-20 00:11:56 +00:00
|
|
|
} else {
|
2020-08-21 21:23:31 +00:00
|
|
|
setCipher(encryptPayload ? ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012 : ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE);
|
2020-08-25 21:13:20 +00:00
|
|
|
|
|
|
|
uint8_t mangledKey[32];
|
2020-08-21 21:23:31 +00:00
|
|
|
_salsa20MangleKey((const unsigned char *)key,mangledKey);
|
2020-08-25 21:13:20 +00:00
|
|
|
|
2020-08-21 21:23:31 +00:00
|
|
|
if (ZT_HAS_FAST_CRYPTO()) {
|
2020-08-25 21:13:20 +00:00
|
|
|
const unsigned int payloadLen = (encryptPayload) ? (size() - ZT_PACKET_IDX_VERB) : 0;
|
2020-08-21 21:23:31 +00:00
|
|
|
uint64_t keyStream[(ZT_PROTO_MAX_PACKET_LENGTH + 64 + 8) / 8];
|
2020-08-25 21:13:20 +00:00
|
|
|
ZT_FAST_SINGLE_PASS_SALSA2012(keyStream,payloadLen + 64,(data + ZT_PACKET_IDX_IV),mangledKey);
|
|
|
|
Salsa20::memxor(data + ZT_PACKET_IDX_VERB,reinterpret_cast<const uint8_t *>(keyStream + 8),payloadLen);
|
2020-08-21 21:23:31 +00:00
|
|
|
uint64_t mac[2];
|
|
|
|
Poly1305::compute(mac,data + ZT_PACKET_IDX_VERB,size() - ZT_PACKET_IDX_VERB,keyStream);
|
|
|
|
#ifdef ZT_NO_TYPE_PUNNING
|
|
|
|
memcpy(data + ZT_PACKET_IDX_MAC,mac,8);
|
|
|
|
#else
|
|
|
|
(*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC)) = mac[0];
|
|
|
|
#endif
|
|
|
|
} else {
|
|
|
|
Salsa20 s20(mangledKey,data + ZT_PACKET_IDX_IV);
|
|
|
|
|
|
|
|
uint64_t macKey[4];
|
|
|
|
s20.crypt12(ZERO_KEY,macKey,sizeof(macKey));
|
|
|
|
|
|
|
|
uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
|
|
|
|
const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (encryptPayload) {
|
2020-08-21 21:23:31 +00:00
|
|
|
s20.crypt12(payload,payload,payloadLen);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2020-08-21 21:23:31 +00:00
|
|
|
uint64_t mac[2];
|
|
|
|
|
|
|
|
Poly1305::compute(mac,payload,payloadLen,macKey);
|
|
|
|
memcpy(data + ZT_PACKET_IDX_MAC,mac,8);
|
|
|
|
}
|
2017-04-20 00:11:56 +00:00
|
|
|
}
|
2015-05-05 01:39:53 +00:00
|
|
|
}
|
|
|
|
|
2020-08-25 21:13:20 +00:00
|
|
|
bool Packet::dearmor(const void *key,const AES aesKeys[2])
|
2015-05-05 01:39:53 +00:00
|
|
|
{
|
2017-03-01 18:22:57 +00:00
|
|
|
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
2015-05-05 01:39:53 +00:00
|
|
|
const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
|
2017-03-01 18:22:57 +00:00
|
|
|
unsigned char *const payload = data + ZT_PACKET_IDX_VERB;
|
|
|
|
const unsigned int cs = cipher();
|
2015-05-05 01:39:53 +00:00
|
|
|
|
2020-08-25 21:13:20 +00:00
|
|
|
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
|
|
|
|
if (aesKeys) {
|
|
|
|
uint64_t tag[2];
|
|
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
|
|
Utils::copy<8>(tag, data);
|
|
|
|
Utils::copy<8>(tag + 1, data + ZT_PACKET_IDX_MAC);
|
|
|
|
#else
|
2020-09-15 00:44:21 +00:00
|
|
|
tag[0] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV);
|
2020-08-25 21:13:20 +00:00
|
|
|
tag[1] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC);
|
|
|
|
#endif
|
|
|
|
|
2020-09-15 00:44:21 +00:00
|
|
|
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
|
2020-08-25 21:13:20 +00:00
|
|
|
dec.init(tag, payload);
|
2020-09-15 00:44:21 +00:00
|
|
|
const uint8_t oldFlags = data[ZT_PACKET_IDX_FLAGS];
|
|
|
|
data[ZT_PACKET_IDX_FLAGS] &= 0xf8;
|
2020-08-25 21:13:20 +00:00
|
|
|
dec.aad(data + ZT_PACKET_IDX_DEST,11);
|
2020-09-15 00:44:21 +00:00
|
|
|
data[ZT_PACKET_IDX_FLAGS] = oldFlags;
|
2020-08-25 21:13:20 +00:00
|
|
|
dec.update(payload, payloadLen);
|
|
|
|
return dec.finish();
|
|
|
|
}
|
|
|
|
} else if ((cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)||(cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)) {
|
|
|
|
uint8_t mangledKey[32];
|
2015-05-05 01:39:53 +00:00
|
|
|
_salsa20MangleKey((const unsigned char *)key,mangledKey);
|
2017-04-20 00:11:56 +00:00
|
|
|
if (ZT_HAS_FAST_CRYPTO()) {
|
|
|
|
uint64_t keyStream[(ZT_PROTO_MAX_PACKET_LENGTH + 64 + 8) / 8];
|
|
|
|
ZT_FAST_SINGLE_PASS_SALSA2012(keyStream,((cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012) ? (payloadLen + 64) : 64),(data + ZT_PACKET_IDX_IV),mangledKey);
|
|
|
|
uint64_t mac[2];
|
|
|
|
Poly1305::compute(mac,payload,payloadLen,keyStream);
|
2017-04-20 16:33:35 +00:00
|
|
|
#ifdef ZT_NO_TYPE_PUNNING
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (!Utils::secureEq(mac,data + ZT_PACKET_IDX_MAC,8)) {
|
2017-04-20 16:33:35 +00:00
|
|
|
return false;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-20 16:33:35 +00:00
|
|
|
#else
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((*reinterpret_cast<const uint64_t *>(data + ZT_PACKET_IDX_MAC)) != mac[0]) { // also secure, constant time
|
2017-04-20 16:33:35 +00:00
|
|
|
return false;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-20 16:33:35 +00:00
|
|
|
#endif
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012) {
|
2017-04-20 16:33:35 +00:00
|
|
|
Salsa20::memxor(data + ZT_PACKET_IDX_VERB,reinterpret_cast<const uint8_t *>(keyStream + 8),payloadLen);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-20 00:11:56 +00:00
|
|
|
} else {
|
|
|
|
Salsa20 s20(mangledKey,data + ZT_PACKET_IDX_IV);
|
|
|
|
uint64_t macKey[4];
|
|
|
|
s20.crypt12(ZERO_KEY,macKey,sizeof(macKey));
|
|
|
|
uint64_t mac[2];
|
|
|
|
Poly1305::compute(mac,payload,payloadLen,macKey);
|
2017-04-20 16:33:35 +00:00
|
|
|
#ifdef ZT_NO_TYPE_PUNNING
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (!Utils::secureEq(mac,data + ZT_PACKET_IDX_MAC,8)) {
|
2017-04-20 16:33:35 +00:00
|
|
|
return false;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-20 16:33:35 +00:00
|
|
|
#else
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if ((*reinterpret_cast<const uint64_t *>(data + ZT_PACKET_IDX_MAC)) != mac[0]) { // also secure, constant time
|
2017-04-20 16:33:35 +00:00
|
|
|
return false;
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-20 16:33:35 +00:00
|
|
|
#endif
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
if (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012) {
|
2017-04-20 00:11:56 +00:00
|
|
|
s20.crypt12(payload,payload,payloadLen);
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
}
|
2017-04-18 15:45:37 +00:00
|
|
|
}
|
|
|
|
return true;
|
2017-03-01 18:22:57 +00:00
|
|
|
}
|
2020-08-25 21:13:20 +00:00
|
|
|
|
|
|
|
return false;
|
2015-05-05 01:39:53 +00:00
|
|
|
}
|
|
|
|
|
2017-02-06 00:19:03 +00:00
|
|
|
void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
|
|
|
|
{
|
2017-03-11 01:54:14 +00:00
|
|
|
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
2017-03-11 01:44:25 +00:00
|
|
|
uint8_t iv[8];
|
1.12.0 merge to main (#2104)
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108195f6bbc2e224f00da5b785df4b7f9.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix #1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
* Windows 1.10.4 Advanced Installer bump
* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"
This reverts commit dd627cd7f44ad623a110bb14f72d0bea72a09e30.
* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style
* Fix addIp being called with applied ips (#1897)
This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.
```
if (! n.tap()->addIp(*ip)) {
fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);
```
* 1.10.5 (#1905)
* 1.10.5 bump
* 1.10.5 for Windows
* 1.10.5
* Prevent path-learning loops (#1914)
* Prevent path-learning loops
* Only allow new overwrite if not bonded
* fix binding temporary ipv6 addresses on macos (#1910)
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* 1.10.6 (#1929)
* 1.10.5 bump
* 1.10.6
* 1.10.6 AIP for Windows.
* Release notes for 1.10.6 (#1931)
* Minor tweak to Synology Docker image script (#1936)
* Change if_def again so ios can build (#1937)
All apple's variables are "defined"
but sometimes they are defined as "0"
* move begin/commit into try/catch block (#1932)
Thread was exiting in some cases
* Bump openssl from 0.10.45 to 0.10.48 in /zeroidc (#1938)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* new drone bits
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Bump h2 from 0.3.16 to 0.3.17 in /zeroidc (#1963)
Bumps [h2](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.16...v0.3.17)
---
updated-dependencies:
- dependency-name: h2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Add note that binutils is required on FreeBSD (#1968)
* Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e11452019cdf48e32ed4cd878c2705b.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* Central startup update (#1973)
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* x86_64-unknown-linux-gnu on ubuntu runner (#1975)
* adding incoming zt packet type metrics (#1976)
* use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server. Makes the control plane code much more legible. Also no longer randomly stops responding.
* Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
* Add short-term validation test workflow (#1974)
Add short-term validation test workflow
* Brenton/curly braces (#1971)
* fix formatting
* properly adjust various lines
breakup multiple statements onto multiple lines
* insert {} around if, for, etc.
* Fix rust dependency caching (#1983)
* fun with rust caching
* kick
* comment out invalid yaml keys for now
* Caching should now work
* re-add/rename key directives
* bump
* bump
* bump
* Don't force rebuild on Windows build GH Action (#1985)
Switching `/t:ZeroTierOne:Rebuild` to just `/t:ZeroTierOne` allows the Windows build to use the rust cache. `/t:ZeroTierOne:Rebuild` cleared the cache before building.
* More packet metrics (#1982)
* found path negotation sends that weren't accounted for
* Fix histogram so it will actually compile
* Found more places for packet metrics
* separate the bind & listen calls on the http backplane (#1988)
* fix memory leak (#1992)
* fix a couple of metrics (#1989)
* More aggressive CLI spamming (#1993)
* fix type signatures (#1991)
* Network-metrics (#1994)
* Add a couple quick functions for converting a uint64_t network ID/node ID into std::string
* Network metrics
* Peer metrics (#1995)
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Metrics consolidation (#1997)
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Update readme files for metrics (#2000)
* Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Enable RTTI in Windows build
The new prometheus histogram stuff needs it.
Access violation - no RTTI data!INVALID packet 636ebd9ee8cac6c0 from cafe9efeb9(2605:9880:200:1200:30:571:e34:51/9993) (unexpected exception in tryDecode())
* Don't re-apply routes on BSD
See issue #1986
* Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix typos (#2010)
* central controller metrics & request path updates (#2012)
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* Improve validation test (#2013)
* fix init order for EmbeddedNetworkController (#2014)
* add constant for getifaddrs cache time
* cache getifaddrs - mac
* cache getifaddrs - linux
* cache getifaddrs - bsd
* cache getifaddrs - windows
* Fix oidc client lookup query
join condition referenced the wrong table. Worked fine unless there were multiple identical client IDs
* Fix udp sent metric
was only incrementing by 1 for each packet sent
* Allow sending all surface addresses to peer in low-bandwidth mode
* allow enabling of low bandwidth mode on controllers
* don't unborrow bad connections
pool will clean them up later
* Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
* Update README.md
issue #2009
* docker tags change
* fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);
the only place authAuthURL is called, the url can be retrieved
from the network config instead.
You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.
Since now there are no callers of getAuthURL I deleted it.
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning
* fix unused import cargo warning
* fix unused return value cargo warning
---------
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978)
* Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics
Allows administrators to distribute a token that only has access to read
metrics and nothing else.
Also added support for using bearer auth tokens for both types of tokens
Separate endpoint for metrics #2041
* Update readme
* fix a couple of cases of writing the wrong token
* Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.
ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
* ARM64 Support for TapDriver6 (#1949)
* Release memory previously allocated by UPNP_GetValidIGD
* Fix ifdef that breaks libzt on iOS (#2050)
* less drone (#2060)
* Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* tcp-proxy: fix build
* Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
* remove ZT_NO_METRIC ifdef
* Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
* suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063)
* fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
* Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* fix docker tag for controllers (#2066)
* Update build.sh (#2068)
fix mkwork compilation errors
* Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
* Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
* Fix reporting of secondaryPort and tertiaryPort See: #2039
* Fix typos (#2075)
* Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.
Fixes zerotier/ZeroTierOne#1179
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* Test that starting zerotier before internet works
* Don't skip hellos when there are no paths available
working on #2082
* Update validate-1m-linux.sh
* Save zt node log files on abort
* Separate test and summary step in validator script
* Don't apply default route until zerotier is "online"
I was running into issues with restarting the zerotier service while
"full tunnel" mode is enabled.
When zerotier first boots, it gets network state from the cache
on disk. So it immediately applies all the routes it knew about
before it shutdown.
The network config may have change in this time.
If it has, then your default route is via a route
you are blocked from talking on. So you can't get the current
network config, so your internet does not work.
Other options include
- don't use cached network state on boot
- find a better criteria than "online"
* Fix node time-to-online counter in validator script
* Export variables so that they are accessible by exit function
* Fix PortMapper issue on ZeroTier startup
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
* testing
* Comment out PortMapper debug
this got left turned on in a confusing merge previously
* fix macos default route again
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
* Catch all conditions in switch statement, remove trailing whitespaces
* Add setmtu command, fix bond lifetime issue
* Basic cleanups
* Check if null is passed to VirtualNetworkConfig.equals and name fixes
* ANDROID-96: Simplify and use return code from node_init directly
* Windows arm64 (#2099)
* ARM64 changes for 1.12
* 1.12 Windows advanced installer updates and updates for ARM64
* 1.12.0
* Linux build fixes for old distros.
* release notes
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Jake Vis <jakevis@outlook.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: lison <imlison@foxmail.com>
Co-authored-by: Kenny MacDermid <kenny@macdermid.ca>
2023-08-23 18:24:21 +00:00
|
|
|
for(int i=0;i<8;++i) {
|
|
|
|
iv[i] = data[i];
|
|
|
|
}
|
2017-03-11 01:44:25 +00:00
|
|
|
iv[7] &= 0xf8; // mask off least significant 3 bits of packet ID / IV since this is unset when this function gets called
|
2017-04-17 23:43:03 +00:00
|
|
|
Salsa20 s20(key,iv);
|
2017-03-11 01:54:14 +00:00
|
|
|
s20.crypt12(data + start,data + start,len);
|
2017-02-06 00:19:03 +00:00
|
|
|
}
|
|
|
|
|
2015-05-05 01:39:53 +00:00
|
|
|
bool Packet::compress()
|
|
|
|
{
|
2017-03-18 00:15:23 +00:00
|
|
|
char *const data = reinterpret_cast<char *>(unsafeData());
|
|
|
|
char buf[ZT_PROTO_MAX_PACKET_LENGTH * 2];
|
|
|
|
|
2017-03-17 23:09:18 +00:00
|
|
|
if ((!compressed())&&(size() > (ZT_PACKET_IDX_PAYLOAD + 64))) { // don't bother compressing tiny packets
|
2015-05-05 01:39:53 +00:00
|
|
|
int pl = (int)(size() - ZT_PACKET_IDX_PAYLOAD);
|
2019-03-21 23:18:49 +00:00
|
|
|
int cl = LZ4_compress_fast(data + ZT_PACKET_IDX_PAYLOAD,buf,pl,ZT_PROTO_MAX_PACKET_LENGTH * 2,1);
|
2015-05-05 01:39:53 +00:00
|
|
|
if ((cl > 0)&&(cl < pl)) {
|
2017-03-18 00:15:23 +00:00
|
|
|
data[ZT_PACKET_IDX_VERB] |= (char)ZT_PROTO_VERB_FLAG_COMPRESSED;
|
2015-05-05 01:39:53 +00:00
|
|
|
setSize((unsigned int)cl + ZT_PACKET_IDX_PAYLOAD);
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(data + ZT_PACKET_IDX_PAYLOAD,buf,cl);
|
2015-05-05 01:39:53 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2017-03-18 00:15:23 +00:00
|
|
|
data[ZT_PACKET_IDX_VERB] &= (char)(~ZT_PROTO_VERB_FLAG_COMPRESSED);
|
|
|
|
|
2015-05-05 01:39:53 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Packet::uncompress()
|
|
|
|
{
|
2017-03-18 00:15:23 +00:00
|
|
|
char *const data = reinterpret_cast<char *>(unsafeData());
|
|
|
|
char buf[ZT_PROTO_MAX_PACKET_LENGTH];
|
|
|
|
|
2015-05-05 01:39:53 +00:00
|
|
|
if ((compressed())&&(size() >= ZT_PROTO_MIN_PACKET_LENGTH)) {
|
|
|
|
if (size() > ZT_PACKET_IDX_PAYLOAD) {
|
|
|
|
unsigned int compLen = size() - ZT_PACKET_IDX_PAYLOAD;
|
2017-03-18 00:15:23 +00:00
|
|
|
int ucl = LZ4_decompress_safe((const char *)data + ZT_PACKET_IDX_PAYLOAD,buf,compLen,sizeof(buf));
|
2015-05-05 01:39:53 +00:00
|
|
|
if ((ucl > 0)&&(ucl <= (int)(capacity() - ZT_PACKET_IDX_PAYLOAD))) {
|
|
|
|
setSize((unsigned int)ucl + ZT_PACKET_IDX_PAYLOAD);
|
2019-03-22 22:50:15 +00:00
|
|
|
memcpy(data + ZT_PACKET_IDX_PAYLOAD,buf,ucl);
|
2017-03-18 00:15:23 +00:00
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
2015-05-05 01:39:53 +00:00
|
|
|
}
|
2017-03-18 00:15:23 +00:00
|
|
|
data[ZT_PACKET_IDX_VERB] &= (char)(~ZT_PROTO_VERB_FLAG_COMPRESSED);
|
2015-05-05 01:39:53 +00:00
|
|
|
}
|
2017-03-18 00:15:23 +00:00
|
|
|
|
2015-05-05 01:39:53 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
} // namespace ZeroTier
|