Plumb through roots via API.

2025-02-20 09:46:13 +00:00 · 2019-09-19 09:47:12 -07:00 · 2019-09-19 09:47:12 -07:00 · 3ceb2257e5
commit 3ceb2257e5
parent 624efde7e4
9 changed files with 2480 additions and 2070 deletions
--- a/include/ZeroTierCore.h
+++ b/include/ZeroTierCore.h
--- a/include/ZeroTierOne.h
+++ b/include/ZeroTierOne.h
--- a/include/ZeroTierOne.h
+++ b/include/ZeroTierOne.h
@ -0,0 +1 @@
+ZeroTierCore.h
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@ -14,7 +14,7 @@
 #ifndef ZT_CONSTANTS_HPP
 #define ZT_CONSTANTS_HPP

-#include "../include/ZeroTierOne.h"
+#include "../include/ZeroTierCore.h"

 #if __has_include("version.h")
 #include "version.h"
@ -163,6 +163,17 @@
 #endif
 #endif

+#ifdef SOCKET
+#define ZT_SOCKET SOCKET
+#else
+#define ZT_SOCKET int
+#endif
+#ifdef INVALID_SOCKET
+#define ZT_INVALID_SOCKET INVALID_SOCKET
+#else
+#define ZT_INVALID_SOCKET -1
+#endif
+
 /**
 * Length of a ZeroTier address in bytes
 */
@ -452,9 +463,14 @@
 * See https://conferences.sigcomm.org/imc/2010/papers/p260.pdf for
 * some real world data on NAT UDP timeouts. From the paper: "the
 * lowest measured timeout when a binding has seen bidirectional
- * traffic is 54 sec." We use 45 to be a bit under this.
+ * traffic is 54 sec." 30 seconds is faster than really necessary.
 */
-#define ZT_PEER_PING_PERIOD 45000
+#define ZT_PEER_PING_PERIOD 30000
+
+/**
+ * Delay between refreshes of locators via DNS or other methods
+ */
+#define ZT_DYNAMIC_ROOT_UPDATE_PERIOD 120000

 /**
 * Timeout for overall peer activity (measured from last receive)
--- a/node/Locator.hpp
+++ b/node/Locator.hpp
@ -243,6 +243,8 @@ public:
 	 * record signing public key. False is returned if the TXT records are invalid,
 	 * incomplete, or fail signature check. If true is returned this Locator object
 	 * now contains the contents of the supplied TXT records.
+	 *
+	 * @return True if new Locator is valid
 	 */
 	template<typename I>
 	inline bool decodeTxtRecords(const Str &dnsName,I start,I end)
--- a/node/Network.cpp
+++ b/node/Network.cpp
@ -1270,7 +1270,7 @@ void Network::_requestConfiguration(void *tPtr)
 	const Address ctrl(controller());

 	ScopedPtr< Dictionary<ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY> > rmd(new Dictionary<ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY>());
-	rmd->add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_VENDOR,(uint64_t)ZT_VENDOR_ZEROTIER);
+	rmd->add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_VENDOR,(uint64_t)1); // 1 == ZeroTier, no other vendors at the moment
 	rmd->add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION,(uint64_t)ZT_PROTO_VERSION);
 	rmd->add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MAJOR);
 	rmd->add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MINOR);
--- a/node/Node.cpp
+++ b/node/Node.cpp
@ -49,12 +49,12 @@ Node::Node(void *uptr,void *tptr,const struct ZT_Node_Callbacks *callbacks,int64
 	_now(now),
 	_lastPing(0),
 	_lastHousekeepingRun(0),
-	_lastNetworkHousekeepingRun(0)
+	_lastNetworkHousekeepingRun(0),
+	_lastDynamicRootUpdate(0),
+	_online(false)
 {
 	memcpy(&_cb,callbacks,sizeof(ZT_Node_Callbacks));

-	_online = false;
-
 	memset(_expectingRepliesToBucketPtr,0,sizeof(_expectingRepliesToBucketPtr));
 	memset(_expectingRepliesTo,0,sizeof(_expectingRepliesTo));
 	memset(_lastIdentityVerification,0,sizeof(_lastIdentityVerification));
@ -173,6 +173,35 @@ ZT_ResultCode Node::processVirtualNetworkFrame(
 	} else return ZT_RESULT_ERROR_NETWORK_NOT_FOUND;
 }

+// This is passed as the argument to the DNS request handler and
+// aggregates results.
+struct _processBackgroundTasks_dnsResultAccumulator
+{
+	_processBackgroundTasks_dnsResultAccumulator(const Str &n) : dnsName(n) {}
+	Str dnsName;
+	std::vector<Str> txtRecords;
+};
+
+static const ZT_DNSRecordType s_txtRecordType[1] = { ZT_DNS_RECORD_TXT };
+
+struct _processBackgroundTasks_check_dynamicRoots
+{
+	ZT_Node_Callbacks *cb;
+	Node *n;
+	void *uPtr;
+	void *tPtr;
+	bool updateAll;
+
+	ZT_ALWAYS_INLINE bool operator()(const Str &dnsName,const Locator &loc)
+	{
+		if ((updateAll)||(!loc)) {
+			_processBackgroundTasks_dnsResultAccumulator *dnsReq = new _processBackgroundTasks_dnsResultAccumulator(dnsName);
+			cb->dnsResolver(reinterpret_cast<ZT_Node *>(n),uPtr,tPtr,s_txtRecordType,1,dnsName.c_str(),(uintptr_t)dnsReq);
+		}
+		return true;
+	}
+};
+
 struct _processBackgroundTasks_ping_eachRoot
 {
 	Hashtable< void *,bool > roots;
@ -227,18 +256,37 @@ ZT_ResultCode Node::processBackgroundTasks(void *tptr,int64_t now,volatile int64
 	if ((now - _lastPing) >= ZT_PEER_PING_PERIOD) {
 		_lastPing = now;
 		try {
+			// Periodically refresh locators for dynamic roots from their DNS names.
+			if (_cb.dnsResolver) {
+				_processBackgroundTasks_check_dynamicRoots cr;
+				cr.cb = &_cb;
+				cr.n = this;
+				cr.uPtr = _uPtr;
+				cr.tPtr = tptr;
+				if ((now - _lastDynamicRootUpdate) >= ZT_DYNAMIC_ROOT_UPDATE_PERIOD) {
+					_lastDynamicRootUpdate = now;
+					cr.updateAll = true;
+				} else {
+					cr.updateAll = false;
+				}
+				RR->topology->eachDynamicRoot(cr);
+			}
+
+			// Ping each root explicitly no matter what
 			_processBackgroundTasks_ping_eachRoot rf;
 			rf.now = now;
 			rf.tPtr = tptr;
 			rf.online = false;
 			RR->topology->eachRoot(rf);

+			// Ping peers that are active and we want to keep alive
 			_processBackgroundTasks_ping_eachPeer pf;
 			pf.now = now;
 			pf.tPtr = tptr;
 			pf.roots = &rf.roots;
 			RR->topology->eachPeer(pf);

+			// Update online status based on whether we can reach a root
 			if (rf.online != _online) {
 				_online = rf.online;
 				postEvent(tptr,_online ? ZT_EVENT_ONLINE : ZT_EVENT_OFFLINE);
@ -298,6 +346,30 @@ ZT_ResultCode Node::processBackgroundTasks(void *tptr,int64_t now,volatile int64
 	return ZT_RESULT_OK;
 }

+void Node::processDNSResult(
+	void *tptr,
+	uintptr_t dnsRequestID,
+	const char *name,
+	enum ZT_DNSRecordType recordType,
+	const void *result,
+	unsigned int resultLength,
+	int resultIsString)
+{
+	if (dnsRequestID) {
+		_processBackgroundTasks_dnsResultAccumulator *const acc = reinterpret_cast<_processBackgroundTasks_dnsResultAccumulator *>(dnsRequestID);
+		if (recordType == ZT_DNS_RECORD_TXT) {
+			if (result)
+				acc->txtRecords.emplace_back(reinterpret_cast<const char *>(result));
+		} else if (recordType == ZT_DNS_RECORD__END_OF_RESULTS) {
+			Locator loc;
+			if (loc.decodeTxtRecords(acc->dnsName,acc->txtRecords.begin(),acc->txtRecords.end())) {
+				RR->topology->setDynamicRoot(acc->dnsName,loc);
+				delete acc;
+			}
+		}
+	}
+}
+
 ZT_ResultCode Node::join(uint64_t nwid,void *uptr,void *tptr)
 {
 	Mutex::Lock _l(_networks_m);
@ -357,6 +429,68 @@ ZT_ResultCode Node::multicastUnsubscribe(uint64_t nwid,uint64_t multicastGroup,u
 	} else return ZT_RESULT_ERROR_NETWORK_NOT_FOUND;
 }

+ZT_RootList *Node::listRoots(int64_t now)
+{
+	return RR->topology->apiRoots(now);
+}
+
+enum ZT_ResultCode Node::setStaticRoot(const char *identity,const struct sockaddr_storage *addresses,unsigned int addressCount)
+{
+	if (!identity)
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+	Identity id;
+	if (id.fromString(identity)) {
+		if (id) {
+			std::vector<InetAddress> addrs;
+			for(unsigned int i=0;i<addressCount;++i)
+				addrs.push_back(InetAddress(addresses[i]));
+			RR->topology->setStaticRoot(identity,addrs);
+			return ZT_RESULT_OK;
+		}
+	}
+	return ZT_RESULT_ERROR_BAD_PARAMETER;
+}
+
+enum ZT_ResultCode Node::setDynamicRoot(const char *dnsName,const void *defaultLocator,unsigned int defaultLocatorSize)
+{
+	if (!dnsName)
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+	if (strlen(dnsName) >= 256)
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+	try {
+		Locator loc;
+		if ((defaultLocator)&&(defaultLocatorSize > 0)&&(defaultLocatorSize < 65535)) {
+			ScopedPtr< Buffer<65536> > locbuf(new Buffer<65536>());
+			locbuf->append(defaultLocator,defaultLocatorSize);
+			loc.deserialize(*locbuf,0);
+			if (!loc.verify())
+				loc = Locator();
+		}
+		return RR->topology->setDynamicRoot(Str(dnsName),loc) ? ZT_RESULT_OK : ZT_RESULT_OK_IGNORED;
+	} catch ( ... ) {
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+	}
+}
+
+enum ZT_ResultCode Node::removeStaticRoot(const char *identity)
+{
+	if (identity) {
+		Identity id;
+		if (id.fromString(identity))
+			RR->topology->removeStaticRoot(id);
+	}
+	return ZT_RESULT_OK;
+}
+
+enum ZT_ResultCode Node::removeDynamicRoot(const char *dnsName)
+{
+	try {
+		if (dnsName)
+			RR->topology->removeDynamicRoot(Str(dnsName));
+	} catch ( ... ) {}
+	return ZT_RESULT_OK;
+}
+
 uint64_t Node::address() const
 {
 	return RR->identity.address().toInt();
@ -726,6 +860,21 @@ enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node *node,void *tptr,int64
 	}
 }

+void ZT_Node_processDNSResult(
+	ZT_Node *node,
+	void *tptr,
+	uintptr_t dnsRequestID,
+	const char *name,
+	enum ZT_DNSRecordType recordType,
+	const void *result,
+	unsigned int resultLength,
+	int resultIsString)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->processDNSResult(tptr,dnsRequestID,name,recordType,result,resultLength,resultIsString);
+	} catch ( ... ) {}
+}
+
 enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,void *uptr,void *tptr)
 {
 	try {
@ -770,6 +919,59 @@ enum ZT_ResultCode ZT_Node_multicastUnsubscribe(ZT_Node *node,uint64_t nwid,uint
 	}
 }

+ZT_RootList *ZT_Node_listRoots(ZT_Node *node,int64_t now)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->listRoots(now);
+	} catch ( ... ) {
+		return nullptr;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_setStaticRoot(ZT_Node *node,const char *identity,const struct sockaddr_storage *addresses,unsigned int addressCount)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->setStaticRoot(identity,addresses,addressCount);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_setDynamicRoot(ZT_Node *node,const char *dnsName,const void *defaultLocator,unsigned int defaultLocatorSize)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->setDynamicRoot(dnsName,defaultLocator,defaultLocatorSize);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_removeStaticRoot(ZT_Node *node,const char *identity)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->removeStaticRoot(identity);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_removeDynamicRoot(ZT_Node *node,const char *dnsName)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->removeDynamicRoot(dnsName);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
 uint64_t ZT_Node_address(ZT_Node *node)
 {
 	return reinterpret_cast<ZeroTier::Node *>(node)->address();
--- a/node/Node.hpp
+++ b/node/Node.hpp
@ -80,10 +80,23 @@ public:
 		unsigned int frameLength,
 		volatile int64_t *nextBackgroundTaskDeadline);
 	ZT_ResultCode processBackgroundTasks(void *tptr,int64_t now,volatile int64_t *nextBackgroundTaskDeadline);
+	void processDNSResult(
+		void *tptr,
+		uintptr_t dnsRequestID,
+		const char *name,
+		enum ZT_DNSRecordType recordType,
+		const void *result,
+		unsigned int resultLength,
+		int resultIsString);
 	ZT_ResultCode join(uint64_t nwid,void *uptr,void *tptr);
 	ZT_ResultCode leave(uint64_t nwid,void **uptr,void *tptr);
 	ZT_ResultCode multicastSubscribe(void *tptr,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
 	ZT_ResultCode multicastUnsubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
+	ZT_RootList *listRoots(int64_t now);
+	enum ZT_ResultCode setStaticRoot(const char *identity,const struct sockaddr_storage *addresses,unsigned int addressCount);
+	enum ZT_ResultCode setDynamicRoot(const char *dnsName,const void *defaultLocator,unsigned int defaultLocatorSize);
+	enum ZT_ResultCode removeStaticRoot(const char *identity);
+	enum ZT_ResultCode removeDynamicRoot(const char *dnsName);
 	uint64_t address() const;
 	void status(ZT_NodeStatus *status) const;
 	ZT_PeerList *peers() const;
@ -289,6 +302,7 @@ private:
 	int64_t _lastPing;
 	int64_t _lastHousekeepingRun;
 	int64_t _lastNetworkHousekeepingRun;
+	int64_t _lastDynamicRootUpdate;
 	bool _online;
 };

--- a/node/Topology.hpp
+++ b/node/Topology.hpp
@ -72,7 +72,7 @@ private:
 		Str *k = (Str *)0;
 		Locator *v = (Locator *)0;
 		while (i.next(k,v)) {
-			if (v->id())
+			if (*v)
 				_dynamicRootIdentities.set(v->id(),true);
 		}
 	}
@ -211,7 +211,7 @@ public:
 	 * @param now Current time
 	 * @return Number of peers with active direct paths
 	 */
-	ZT_ALWAYS_INLINE unsigned long countActive(int64_t now) const
+	inline unsigned long countActive(int64_t now) const
 	{
 		unsigned long cnt = 0;
 		Mutex::Lock _l(_peers_l);
@ -340,7 +340,7 @@ public:
 	 * @param id Static root's identity
 	 * @param addrs Static root's IP address(es)
 	 */
-	ZT_ALWAYS_INLINE void setStaticRoot(const Identity &id,const std::vector<InetAddress> &addrs)
+	inline void setStaticRoot(const Identity &id,const std::vector<InetAddress> &addrs)
 	{
 		Mutex::Lock l(_staticRoots_l);
 		_staticRoots[id] = addrs;
@ -351,7 +351,7 @@ public:
 	 *
 	 * @param id Identity to remove
 	 */
-	ZT_ALWAYS_INLINE void removeStaticRoot(const Identity &id)
+	inline void removeStaticRoot(const Identity &id)
 	{
 		Mutex::Lock l(_staticRoots_l);
 		_staticRoots.erase(id);
@ -360,19 +360,28 @@ public:
 	/**
 	 * Clear all static roots
 	 */
-	ZT_ALWAYS_INLINE void removeStaticRoot()
+	inline void removeStaticRoot()
 	{
 		Mutex::Lock l(_staticRoots_l);
 		_staticRoots.clear();
 	}

 	/**
-	 * @return Names of dynamic roots currently known by the system
+	 * Iterate through all dynamic roots
+	 *
+	 * @param f Function of (Str,Locator)
 	 */
-	ZT_ALWAYS_INLINE std::vector<Str> dynamicRootNames() const
+	template<typename F>
+	ZT_ALWAYS_INLINE void eachDynamicRoot(F f) const
 	{
 		Mutex::Lock l(_dynamicRoots_l);
-		return _dynamicRoots.keys();
+		Str *k = (Str *)0;
+		Locator *v = (Locator *)0;
+		Hashtable< Str,Locator >::Iterator i(const_cast<Topology *>(this)->_dynamicRoots);
+		while (i.next(k,v)) {
+			if (!f(*k,*v))
+				break;
+		}
 	}

 	/**
@ -382,15 +391,20 @@ public:
 	 *
 	 * @param dnsName DNS name used to retrive root
 	 * @param latestLocator Latest locator
-	 * @return True if locator is newer
+	 * @return True if locator is newer or if a new entry was created
 	 */
-	ZT_ALWAYS_INLINE bool setDynamicRoot(const Str &dnsName,const Locator &latestLocator)
+	inline bool setDynamicRoot(const Str &dnsName,const Locator &latestLocator)
 	{
 		Mutex::Lock l(_dynamicRoots_l);
-		Locator &ll = _dynamicRoots[dnsName];
-		if (ll.timestamp() < latestLocator.timestamp()) {
-			ll = latestLocator;
-			_updateDynamicRootIdentities();
+		if (latestLocator) {
+			Locator &ll = _dynamicRoots[dnsName];
+			if (ll.timestamp() < latestLocator.timestamp()) {
+				ll = latestLocator;
+				_updateDynamicRootIdentities();
+				return true;
+			}
+		} else if (!_dynamicRoots.contains(dnsName)) {
+			_dynamicRoots[dnsName];
 			return true;
 		}
 		return false;
@ -401,7 +415,7 @@ public:
 	 *
 	 * @param dnsName DNS name to remove
 	 */
-	ZT_ALWAYS_INLINE void removeDynamicRoot(const Str &dnsName)
+	inline void removeDynamicRoot(const Str &dnsName)
 	{
 		Mutex::Lock l(_dynamicRoots_l);
 		_dynamicRoots.erase(dnsName);
@ -411,13 +425,109 @@ public:
 	/**
 	 * Remove all dynamic roots
 	 */
-	ZT_ALWAYS_INLINE void clearDynamicRoots()
+	inline void clearDynamicRoots()
 	{
 		Mutex::Lock l(_dynamicRoots_l);
 		_dynamicRoots.clear();
 		_dynamicRootIdentities.clear();
 	}

+	/**
+	 * @param Current time
+	 * @return ZT_RootList as returned by the external CAPI
+	 */
+	inline ZT_RootList *apiRoots(const int64_t now) const
+	{
+		Mutex::Lock l1(_staticRoots_l);
+		Mutex::Lock l2(_dynamicRoots_l);
+
+		// The memory allocated here has room for all roots plus the maximum size
+		// of their DNS names, identities, and up to 16 physical addresses. Most
+		// roots will have two: one V4 and one V6.
+		const unsigned int totalRoots = _staticRoots.size() + _dynamicRoots.size();
+		ZT_RootList *rl = reinterpret_cast<ZT_RootList *>(malloc(sizeof(ZT_RootList) + (sizeof(ZT_Root) * totalRoots) + ((sizeof(struct sockaddr_storage) * ZT_MAX_PEER_NETWORK_PATHS) * totalRoots) + ((ZT_IDENTITY_STRING_BUFFER_LENGTH + 1024) * totalRoots)));
+		if (!rl) {
+			return nullptr;
+		}
+
+		unsigned int c = 0;
+		char *nameBufPtr = reinterpret_cast<char *>(rl) + sizeof(ZT_RootList) + (sizeof(ZT_Root) * totalRoots);
+		struct sockaddr_storage *addrBuf = reinterpret_cast<struct sockaddr_storage *>(nameBufPtr);
+		nameBufPtr += (sizeof(struct sockaddr_storage) * ZT_MAX_PEER_NETWORK_PATHS) * totalRoots;
+
+		_bestRoot_l.lock();
+		const Peer *const bestRootPtr = _bestRoot.ptr();
+		_bestRoot_l.unlock();
+
+		{
+			Str *k = (Str *)0;
+			Locator *v = (Locator *)0;
+			Hashtable< Str,Locator >::Iterator i(const_cast<Topology *>(this)->_dynamicRoots);
+			while (i.next(k,v)) {
+				rl->roots[c].dnsName = nameBufPtr;
+				const char *p = k->c_str();
+				while (*p)
+					*(nameBufPtr++) = *(p++);
+				*(nameBufPtr++) = (char)0;
+
+				if (v->id()) {
+					rl->roots[c].identity = nameBufPtr;
+					v->id().toString(false,nameBufPtr);
+					nameBufPtr += strlen(nameBufPtr) + 1;
+				}
+
+				rl->roots[c].addresses = addrBuf;
+				unsigned int ac = 0;
+				for(unsigned int j=(unsigned int)v->phy().size();(ac<j)&&(ac<16);++ac)
+					*(addrBuf++) = v->phy()[ac];
+				rl->roots[c].addressCount = ac;
+
+				_peers_l.lock();
+				const SharedPtr<Peer> *psptr = _peers.get(v->id().address());
+				if (psptr) {
+					rl->roots[c].preferred = (psptr->ptr() == bestRootPtr) ? 1 : 0;
+					rl->roots[c].online = (*psptr)->alive(now) ? 1 : 0;
+				}
+				_peers_l.unlock();
+
+				++c;
+			}
+		}
+
+		{
+			Hashtable< Identity,std::vector<InetAddress> >::Iterator i(const_cast<Topology *>(this)->_staticRoots);
+			Identity *k = (Identity *)0;
+			std::vector<InetAddress> *v = (std::vector<InetAddress> *)0;
+			while (i.next(k,v)) {
+				rl->roots[c].dnsName = nullptr;
+
+				rl->roots[c].identity = nameBufPtr;
+				k->toString(false,nameBufPtr);
+				nameBufPtr += strlen(nameBufPtr) + 1;
+
+				rl->roots[c].addresses = addrBuf;
+				unsigned int ac = 0;
+				for(unsigned int j=(unsigned int)v->size();(ac<j)&&(ac<16);++ac)
+					*(addrBuf++) = (*v)[ac];
+				rl->roots[c].addressCount = ac;
+
+				_peers_l.lock();
+				const SharedPtr<Peer> *psptr = _peers.get(k->address());
+				if (psptr) {
+					rl->roots[c].preferred = (psptr->ptr() == bestRootPtr) ? 1 : 0;
+					rl->roots[c].online = (*psptr)->alive(now) ? 1 : 0;
+				}
+				_peers_l.unlock();
+
+				++c;
+			}
+		}
+
+		rl->count = c;
+
+		return rl;
+	}
+
 	/**
 	 * Get the best relay to a given address, which may or may not be a root
 	 *
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@ -25,7 +25,7 @@
 #include <mutex>
 #include <condition_variable>

-#include "../include/ZeroTierOne.h"
+#include "../include/ZeroTierCore.h"

 #include "../node/Constants.hpp"
 #include "../node/Mutex.hpp"
@ -1844,6 +1844,9 @@ public:
 				OSUtils::ztsnprintf(dirname,sizeof(dirname),"%s" ZT_PATH_SEPARATOR_S "peers.d",_homePath.c_str());
 				OSUtils::ztsnprintf(p,sizeof(p),"%s" ZT_PATH_SEPARATOR_S "%.10llx.peer",dirname,(unsigned long long)id[0]);
 				break;
+			case ZT_STATE_OBJECT_ROOT_LIST:
+				OSUtils::ztsnprintf(p,sizeof(p),"%s" ZT_PATH_SEPARATOR_S "roots",_homePath.c_str());
+				break;
 			default:
 				return;
 		}