Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev

Dockerfile.release

@@ -0,0 +1,22 @@
+# vim: ft=dockerfile
+
+FROM debian:buster as stage
+
+ARG PACKAGE_BASEURL=https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/
+ARG ARCH=amd64
+ARG VERSION
+
+RUN apt-get update -qq && apt-get install curl -y
+RUN curl -sSL -o zerotier-one.deb "${PACKAGE_BASEURL}/zerotier-one_${VERSION}_${ARCH}.deb"
+
+FROM debian:buster
+
+COPY --from=stage zerotier-one.deb .
+
+RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb
+RUN echo "${VERSION}" >/etc/zerotier-version
+
+COPY entrypoint.sh.release /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+CMD /entrypoint.sh

entrypoint.sh.release

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+grepzt() {
+  (find /proc -name exe | xargs -I{} readlink {}) 2>/dev/null | grep -q zerotier-one
+  return $?
+}
+
+echo "starting zerotier"
+setsid /usr/sbin/zerotier-one &
+
+while ! grepzt
+do
+  echo "zerotier hasn't started, waiting a second"
+  sleep 1
+done
+
+echo "joining networks"
+
+for i in "$@"
+do
+  echo "joining $i"
+
+  while ! zerotier-cli join "$i"
+  do 
+    echo "joining $i failed; trying again in 1s"
+    sleep 1
+  done
+done
+
+sleep infinity

ext/bin/tap-windows-ndis6/x64.old/zttap300.inf

@@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557
 
 [Strings]
 DeviceDescription = "ZeroTier One Virtual Port"
-Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
+Provider = "ZeroTier Networks LLC"
 
 ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
 [Manufacturer]
@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x64/zttap300.inf

@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x86.old/zttap300.inf

@@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557
 
 [Strings]
 DeviceDescription = "ZeroTier One Virtual Port"
-Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
+Provider = "ZeroTier Networks LLC"
 
 ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
 [Manufacturer]
@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x86/zttap300.inf

@@ -67,7 +67,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

make-linux.mk

@@ -45,10 +45,6 @@ endif
 # Trying to use dynamically linked libhttp-parser causes tons of compatibility problems.
 ONE_OBJS+=ext/http-parser/http_parser.o
 
-# Build with address sanitization library for advanced debugging (clang)
-ifeq ($(ZT_SANITIZE),1)
-	DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
-endif
 ifeq ($(ZT_DEBUG_TRACE),1)
 	DEFS+=-DZT_DEBUG_TRACE
 endif
@@ -62,7 +58,7 @@ endif
 
 # Build with address sanitization library for advanced debugging (clang)
 ifeq ($(ZT_SANITIZE),1)
-	SANFLAGS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
+	override DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
 endif
 ifeq ($(ZT_DEBUG),1)
 	override CFLAGS+=-Wall -Wno-deprecated -g -O -pthread $(INCLUDES) $(DEFS)
@@ -408,7 +404,7 @@ uninstall:	FORCE
 # These are just for convenience for building Linux packages
 
 debian:	FORCE
-	debuild --no-lintian -I -i -us -uc -nc -b 
+	debuild --no-lintian -I -i -us -uc -nc -b
 
 debian-clean: FORCE
 	rm -rf debian/files debian/zerotier-one*.debhelper debian/zerotier-one.substvars debian/*.log debian/zerotier-one debian/.debhelper debian/debhelper-build-stamp

one.cpp

@@ -287,7 +287,7 @@ static int cli(int argc,char **argv)
 			}
 #endif
 			if (!authToken.length()) {
-				fprintf(stderr,"%s: missing authentication token and authtoken.secret not found (or readable) in %s" ZT_EOL_S,argv[0],homeDir.c_str());
+				fprintf(stderr,"%s: authtoken.secret not found or readable in %s (try again as root)" ZT_EOL_S,argv[0],homeDir.c_str());
 				return 2;
 			}
 		}
@@ -1070,7 +1070,7 @@ static int cli(int argc,char **argv)
 	} else if (command == "dump") {
 		std::stringstream dump;
 		dump << "platform: ";
-#ifdef __APPLE__ 
+#ifdef __APPLE__
 		dump << "macOS" << ZT_EOL_S;
 #elif defined(_WIN32)
 		dump << "Windows" << ZT_EOL_S;
@@ -1188,7 +1188,7 @@ static int cli(int argc,char **argv)
 		UInt8 path[PATH_MAX];
 		if (FSFindFolder(kUserDomain, kDesktopFolderType, kDontCreateFolder, &fsref) == noErr &&
 				FSRefMakePath(&fsref, path, sizeof(path)) == noErr) {
-			
+
 		} else if (getenv("SUDO_USER")) {
 			sprintf((char*)path, "/Users/%s/Desktop/", getenv("SUDO_USER"));
 		} else {
@@ -1204,12 +1204,12 @@ static int cli(int argc,char **argv)
 			fprintf(stderr, "Error creating file.\n");
 			return 1;
 		}
-		write(fd, dump.str().c_str(), dump.str().size());	
+		write(fd, dump.str().c_str(), dump.str().size());
 		close(fd);
 #elif defined(_WIN32)
 		ULONG buffLen = 16384;
 		PIP_ADAPTER_ADDRESSES addresses;
-		
+
 		ULONG ret = 0;
 		do {
 			addresses = (PIP_ADAPTER_ADDRESSES)malloc(buffLen);
@@ -1223,7 +1223,7 @@ static int cli(int argc,char **argv)
 				break;
 			}
 		} while (ret == ERROR_BUFFER_OVERFLOW);
-		
+
 		int i = 0;
 		if (ret == NO_ERROR) {
 			PIP_ADAPTER_ADDRESSES curAddr = addresses;
@@ -1311,9 +1311,9 @@ static int cli(int argc,char **argv)
 		char buf[1024];
 		char stringBuffer[128];
 		int success = 0;
-		
+
 		int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP);
-		
+
 		ifc.ifc_len = sizeof(buf);
 		ifc.ifc_buf = buf;
 		ioctl(sock, SIOCGIFCONF, &ifc);
@@ -1333,7 +1333,7 @@ static int cli(int argc,char **argv)
 					if (ioctl(sock, SIOCGIFHWADDR, &ifr) == 0) {
 						unsigned char mac_addr[6];
 						memcpy(mac_addr, ifr.ifr_hwaddr.sa_data, 6);
-						char macStr[16];
+						char macStr[18];
 						sprintf(macStr, "%02x:%02x:%02x:%02x:%02x:%02x",
 								mac_addr[0],
 								mac_addr[1],
@@ -1376,7 +1376,7 @@ static int cli(int argc,char **argv)
 			fprintf(stderr, "Error creating file.\n");
 			return 1;
 		}
-		write(fd, dump.str().c_str(), dump.str().size());	
+		write(fd, dump.str().c_str(), dump.str().size());
 		close(fd);
 #else
 	fprintf(stderr, "%s", dump.str().c_str());

service/OneService.cpp

@@ -242,7 +242,7 @@ static void _networkToJson(nlohmann::json &nj,const ZT_VirtualNetworkConfig *nc,
 	m["domain"] = nc->dns.domain;
 	m["servers"] = nlohmann::json::array();
 	for(int j=0;j<ZT_MAX_DNS_SERVERS;++j) {
-		
+
 		InetAddress a(nc->dns.server_addr[j]);
 		if (a.isV4() || a.isV6()) {
 			char buf[256];
@@ -250,7 +250,7 @@ static void _networkToJson(nlohmann::json &nj,const ZT_VirtualNetworkConfig *nc,
 		}
 	}
 	nj["dns"] = m;
-	
+
 }
 
 static void _peerToJson(nlohmann::json &pj,const ZT_Peer *peer)
@@ -274,10 +274,12 @@ static void _peerToJson(nlohmann::json &pj,const ZT_Peer *peer)
 	pj["latency"] = peer->latency;
 	pj["role"] = prole;
 	pj["isBonded"] = peer->isBonded;
-	pj["bondingPolicy"] = peer->bondingPolicy;
-	pj["isHealthy"] = peer->isHealthy;
-	pj["numAliveLinks"] = peer->numAliveLinks;
-	pj["numTotalLinks"] = peer->numTotalLinks;
+	if (peer->isBonded) {
+		pj["bondingPolicy"] = peer->bondingPolicy;
+		pj["isHealthy"] = peer->isHealthy;
+		pj["numAliveLinks"] = peer->numAliveLinks;
+		pj["numTotalLinks"] = peer->numTotalLinks;
+	}
 
 	nlohmann::json pa = nlohmann::json::array();
 	for(unsigned int i=0;i<peer->pathCount;++i) {
@@ -676,6 +678,9 @@ public:
 			readLocalSettings();
 			applyLocalConfig();
 
+			// Save original port number to show it if bind error
+			const int _configuredPort = _primaryPort;
+
 			// Make sure we can use the primary port, and hunt for one if configured to do so
 			const int portTrials = (_primaryPort == 0) ? 256 : 1; // if port is 0, pick random
 			for(int k=0;k<portTrials;++k) {
@@ -693,7 +698,7 @@ public:
 			if (_ports[0] == 0) {
 				Mutex::Lock _l(_termReason_m);
 				_termReason = ONE_UNRECOVERABLE_ERROR;
-				_fatalErrorMessage = "cannot bind to local control interface port";
+				_fatalErrorMessage = std::string("cannot bind to local control interface port ")+std::to_string(_configuredPort);
 				return _termReason;
 			}
 
@@ -3039,7 +3044,9 @@ public:
 				if (!strncmp(p->c_str(),ifname,p->length()))
 					return false;
 			}
-			return _node->bondController()->allowedToBind(std::string(ifname));
+			if (!_node->bondController()->allowedToBind(std::string(ifname))) {
+				return false;
+			}
 		}
 		{
 			// Check global blacklists