1.8.1 merge of changes in master

.github/ISSUE_TEMPLATE/bugs-and-issues.md

@@ -46,3 +46,4 @@ _Using these will ensure you get quicker support, and make this space available
 - Router Config: are you permitting port 9993, uPnP, and NAT-PMP?
 - Firewall Config: are you permitting port 9993 on your OS; setting it to "Private" on Windows?
 - Are you using this at home, in an office, college, etc?
+- Have you tried screaming into your router?

Makefile

@@ -17,8 +17,8 @@ ifeq ($(OSTYPE),FreeBSD)
 	include make-bsd.mk
 endif
 ifeq ($(OSTYPE),OpenBSD)
-	CC=egcc
-	CXX=eg++
+	CC=clang
+	CXX=clang++
 	ZT_BUILD_PLATFORM=9
 	include make-bsd.mk
 endif

README.md

@@ -1,5 +1,6 @@
 ZeroTier - Global Area Networking
 ======
+This document is written for a software developer audience. For information on using ZeroTier, see the: [Website](https://www.zerotier.com), [Documentation Site](https://docs.zerotier.com), and [Discussion Forum](https://discuss.zerotier.com)
 
 ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
 
@@ -66,10 +67,12 @@ Typing `make selftest` will build a *zerotier-selftest* binary which unit tests
 
 Running *zerotier-one* with `-h` option will show help.
 
-On Linux and BSD you can start the service with:
+On Linux and BSD, if you built from source, you can start the service with:
 
     sudo ./zerotier-one -d
 
+On most distributions, macOS, and Windows, the installer will start the service and set it up to start on boot.
+
 A home folder for your system will automatically be created.
 
 The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See [service/README.md](service/README.md) for API documentation.
@@ -81,21 +84,15 @@ Here's where home folders live (by default) on each OS:
  * **Mac**: `/Library/Application Support/ZeroTier/One`
  * **Windows**: `\ProgramData\ZeroTier\One` (That's for Windows 7. The base 'shared app data' folder might be different on different Windows versions.)
 
-Running ZeroTier One on a Mac is the same, but OSX requires a kernel extension. We ship a signed binary build of the ZeroTier tap device driver, which can be installed on Mac with:
-
-    sudo make install-mac-tap
-
-This will create the home folder for Mac, place *tap.kext* there, and set its modes correctly to enable ZeroTier One to manage it with *kextload* and *kextunload*.
-
 ### Basic Troubleshooting
 
 For most users, it just works.
 
-If you are running a local system firewall, we recommend adding a rule permitting UDP port 9993 inbound and outbound. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
+If you are running a local system firewall, we recommend adding a rules permitting zerotier. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
 
-The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. If you're using Ubuntu's *ufw*, you can do this:
+See the [documentation site](https://docs.zerotier.com/zerotier/troubleshooting) for more information.
 
-    sudo ufw allow 9993/udp
+The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools.
 
 On CentOS check `/etc/sysconfig/iptables` for IPTables rules. For other distributions consult your distribution's documentation. You'll also have to check the UIs or documentation for commercial third party firewall applications like Little Snitch (Mac), McAfee Firewall Enterprise (Windows), etc. if you are running any of those. Some corporate environments might have centrally managed firewall software, so you might also have to contact IT.
 

RELEASE-NOTES.md

@@ -22,6 +22,10 @@ ZeroTier Release Notes
  * Check if DNS servers need to be applied on macOS
  * Upgrade json.hpp dependency to version 3.10.2
 
+# 2021-09-21 -- Version 1.6.6
+
+ * Backport COM hash check mitigation against network member impersonation.
+
 # 2021-04-13 -- Version 1.6.5
 
  * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects.

attic/WinUI/AboutView.xaml

@@ -19,7 +19,7 @@
                     <Run Text="ZeroTier One"/>
                 </Paragraph>
                 <Paragraph TextAlignment="Center">
-                    <Run FontSize="14" Text="Version 1.6.5"/>
+                    <Run FontSize="14" Text="Version 1.6.6"/>
                     <LineBreak/>
                     <Run FontSize="14" Text="(c) 2011-2021 ZeroTier, Inc."/>
                     <LineBreak/>

debian/changelog

@@ -10,6 +10,12 @@ zerotier-one (1.8.0) unstable; urgency=medium
 
  -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Wed, 15 Sep 2021 01:00:00 -0700
 
+zerotier-one (1.6.6) unstable; urgency=medium
+
+  * Backport endpoint mitigation against address collision attack.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 21 Sep 2021 01:00:00 -0700
+
 zerotier-one (1.6.5) unstable; urgency=medium
 
   * Fix path filtering bug that could cause "software laser" effect.

service/README.md

@@ -5,7 +5,11 @@ This is the actual implementation of ZeroTier One, a service providing connectiv
 
 ### Local Configuration File
 
-A file called `local.conf` in the ZeroTier home folder contains configuration options that apply to the local node. (It does not exist unless you create it). It can be used to set up trusted paths, blacklist physical paths, set up physical path hints for certain nodes, and define trusted upstream devices (federated roots). In a large deployment it can be deployed using a tool like Puppet, Chef, SaltStack, etc. to set a uniform configuration across systems. It's a JSON format file that can also be edited and rewritten by ZeroTier One itself, so ensure that proper JSON formatting is used. 
+A file called `local.conf` in the ZeroTier [home](https://github.com/zerotier/ZeroTierOne/blob/6faca86bb424d0b9643b6efa50571f73310d8276/README.md) folder contains configuration options that apply to the local node. (It does not exist unless you create it). It can be used to set up trusted paths, blacklist physical paths, set up physical path hints for certain nodes, and define trusted upstream devices (federated roots). In a large deployment it can be deployed using a tool like Puppet, Chef, SaltStack, etc. to set a uniform configuration across systems.
+
+It's a JSON format file that can also be edited and rewritten by ZeroTier One itself, so ensure that proper JSON formatting is used. To validate your config, paste it into a website like [jsonlint.com](https://jsonlint.com), or use a tool like `jq`. 
+
+Check the output of `zerotier-cli info -j` to see if your configuration is being loaded.
 
 Settings available in `local.conf` (this is not valid JSON, and JSON does not allow comments):