Add bindToWildcard local.conf option.

osdep/Binder.hpp

@@ -125,20 +125,21 @@ public:
 	 *
 	 * @param phy Physical interface
 	 * @param ports Ports to bind on all interfaces
-	 * @param ignoreInterfacesByName Ignore these interfaces by name
+	 * @param portCount Number of ports
-	 * @param ignoreInterfacesByNamePrefix Ignore these interfaces by name-prefix (starts-with, e.g. zt ignores zt*)
+	 * @param bindtoWildcard If true, bind wildcard instead of per-interface IPs
-	 * @param ignoreInterfacesByAddress Ignore these interfaces by address
+	 * @param ifChecker Interface checker function to see if an interface should be used
 	 * @tparam PHY_HANDLER_TYPE Type for Phy<> template
 	 * @tparam INTERFACE_CHECKER Type for class containing shouldBindInterface() method
 	 */
 	template<typename PHY_HANDLER_TYPE,typename INTERFACE_CHECKER>
-	void refresh(Phy<PHY_HANDLER_TYPE> &phy,unsigned int *ports,unsigned int portCount,INTERFACE_CHECKER &ifChecker)
+	void refresh(Phy<PHY_HANDLER_TYPE> &phy,unsigned int *ports,unsigned int portCount,bool bindToWildcard,INTERFACE_CHECKER &ifChecker)
 	{
 		std::map<InetAddress,std::string> localIfAddrs;
 		PhySocket *udps,*tcps;
 		Mutex::Lock _l(_lock);
 		bool interfacesEnumerated = true;
 
+		if (!bindToWildcard) {
 #ifdef __WINDOWS__
 
 			char aabuf[32768];
@@ -327,6 +328,7 @@ public:
 			}
 
 #endif
+		}
 
 		// Default to binding to wildcard if we can't enumerate addresses
 		if (!interfacesEnumerated && localIfAddrs.empty()) {

service/OneService.cpp

@@ -565,6 +565,7 @@ public:
 			}
 
 			// Read local configuration
+			bool bindToWildcard = false;
 			{
 				std::map<InetAddress,ZT_PhysicalPathConfiguration> ppc;
 
@@ -626,12 +627,15 @@ public:
 					}
 				}
 
-				// Allow controller DB path to be put somewhere else
 				json &settings = _localConfig["settings"];
 				if (settings.is_object()) {
+					// Allow controller DB path to be put somewhere else
 					const std::string cdbp(OSUtils::jsonString(settings["controllerDbPath"],""));
 					if (cdbp.length() > 0)
 						_controllerDbPath = cdbp;
+
+					// Bind to wildcard instead of to specific interfaces (disables full tunnel capability)
+					bindToWildcard = OSUtils::jsonBool(settings["bindToWildcard"],false);
 				}
 
 				// Set trusted paths if there are any
@@ -801,7 +805,7 @@ public:
 						if (_ports[i])
 							p[pc++] = _ports[i];
 					}
-					_binder.refresh(_phy,p,pc,*this);
+					_binder.refresh(_phy,p,pc,bindToWildcard,*this);
 					{
 						Mutex::Lock _l(_nets_m);
 						for(std::map<uint64_t,NetworkState>::iterator n(_nets.begin());n!=_nets.end();++n) {

service/README.md

@@ -31,7 +31,8 @@ Settings available in `local.conf` (this is not valid JSON, and JSON does not al
 		"softwareUpdateChannel": "release"|"beta", /* Software update channel */
 		"softwareUpdateDist": true|false, /* If true, distribute software updates (only really useful to ZeroTier, Inc. itself, default is false) */
 		"interfacePrefixBlacklist": [ "XXX",... ], /* Array of interface name prefixes (e.g. eth for eth#) to blacklist for ZT traffic */
-		"allowManagementFrom": "NETWORK/bits"|null /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */
+		"allowManagementFrom": "NETWORK/bits"|null, /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */
+		"bindToWildcard": true|false /* If true, bind to wildcard e.g. 0.0.0.0 instead of per interface */
 	}
 }
 ```