From c36c92e07781fa6338105aaf989122f2cd0b9e36 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@skunkwerks.at>
Date: Fri, 18 May 2018 09:09:27 +0000
Subject: [PATCH 01/26] node: remove deprecated register hint for C++17
 compatibility

when building with `ZT_DEBUG=1` this hint produces a warning:

> node/Packet.cpp:335:43: error: 'register' storage class specifier is deprecated and incompatible with C++17 [-Werror,-Wdeprecated-register]
See http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/n4340
---
 node/Packet.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/Packet.cpp b/node/Packet.cpp
index 2eeceffa8..c83131ca4 100644
--- a/node/Packet.cpp
+++ b/node/Packet.cpp
@@ -332,7 +332,7 @@ static const int LZ4_minLength = (MFLIMIT+1);
 
 #define LZ4_STATIC_ASSERT(c)    { enum { LZ4_static_assert = 1/(int)(!!(c)) }; }   /* use only *after* variable declarations */
 
-static inline unsigned LZ4_NbCommonBytes (register reg_t val)
+static inline unsigned LZ4_NbCommonBytes (reg_t val)
 {
 	if (LZ4_isLittleEndian()) {
 	    if (sizeof(val)==8) {

From dfe426e4e03b15fb2d7211d8e5837bb0e669f5fb Mon Sep 17 00:00:00 2001
From: Karsten Elfenbein <karsten.elfenbein@googlemail.com>
Date: Sat, 26 May 2018 21:00:09 +0200
Subject: [PATCH 02/26] fix MAC address rule parsing as even/uneven switches at
 every colon

---
 rule-compiler/rule-compiler.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rule-compiler/rule-compiler.js b/rule-compiler/rule-compiler.js
index bd84824e2..9cc4f76aa 100644
--- a/rule-compiler/rule-compiler.js
+++ b/rule-compiler/rule-compiler.js
@@ -226,12 +226,16 @@ function _cleanMac(m)
 {
 	m = m.toLowerCase();
 	var m2 = '';
+	let charcount = 0;
 	for(let i=0;((i<m.length)&&(m2.length<17));++i) {
 		let c = m.charAt(i);
 		if ("0123456789abcdef".indexOf(c) >= 0) {
 			m2 += c;
-			if ((m2.length > 0)&&(m2.length !== 17)&&((m2.length & 1) === 0))
+			charcount++;
+			if ((m2.length > 0)&&(m2.length !== 17)&&(charcount >= 2) ) {
 				m2 += ':';
+				charcount=0;
+			}
 		}
 	}
 	return m2;

From 20f0bed2f6a9d46736e0b3fe8cf1a07979c7df24 Mon Sep 17 00:00:00 2001
From: Alex Forencich <alex@alexforencich.com>
Date: Wed, 30 May 2018 19:10:51 -0700
Subject: [PATCH 03/26] Add UFW firewall application preset

---
 debian/ufw-zerotier-one | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 debian/ufw-zerotier-one

diff --git a/debian/ufw-zerotier-one b/debian/ufw-zerotier-one
new file mode 100644
index 000000000..7c2908941
--- /dev/null
+++ b/debian/ufw-zerotier-one
@@ -0,0 +1,4 @@
+[zerotier-one]
+title=ZeroTier One
+description=A planetary Ethernet switch
+ports=9993/udp

From a307dff3b7e37225c2ff3276b10a620c5e4cd648 Mon Sep 17 00:00:00 2001
From: Guillaume de Jabrun <wykksoss@gmail.com>
Date: Thu, 31 May 2018 23:55:36 +0200
Subject: [PATCH 04/26] Improve debian service requirements

---
 debian/zerotier-one.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/zerotier-one.service b/debian/zerotier-one.service
index a0126b7f6..133d4490c 100644
--- a/debian/zerotier-one.service
+++ b/debian/zerotier-one.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=ZeroTier One
-After=network.target
+After=network-online.target
+Wants=network-online.target
 
 [Service]
 ExecStart=/usr/sbin/zerotier-one

From 9463d4abe4757a67ec83b01b97e68aa7742eac20 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 5 Jun 2018 12:55:39 -0700
Subject: [PATCH 05/26] Fix for issue #778

Double quote before member name in `/controller/network/network_id/member` API
---
 controller/EmbeddedNetworkController.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 9a07b2851..ef52f6e07 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -551,7 +551,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpGET(
 							for(auto member=members.begin();member!=members.end();++member) {
 								mid = (*member)["id"];
 								char tmp[128];
-								OSUtils::ztsnprintf(tmp,sizeof(tmp),"%s\"%s\":%llu",(responseBody.length() > 1) ? ",\"" : "\"",mid.c_str(),(unsigned long long)OSUtils::jsonInt((*member)["revision"],0));
+								OSUtils::ztsnprintf(tmp,sizeof(tmp),"%s\"%s\":%llu",(responseBody.length() > 1) ? "," : "",mid.c_str(),(unsigned long long)OSUtils::jsonInt((*member)["revision"],0));
 								responseBody.append(tmp);
 							}
 						}

From a9ca26c6985d10d1c86a33c56b06c1ae679cda0f Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Thu, 7 Jun 2018 12:58:07 -0700
Subject: [PATCH 06/26] Added TX queue cap for issue #769

---
 node/Constants.hpp | 8 ++++++++
 node/Switch.cpp    | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/node/Constants.hpp b/node/Constants.hpp
index e2a35dcee..03b04e68b 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -193,6 +193,14 @@
  */
 #define ZT_RX_QUEUE_SIZE 64
 
+/**
+ * Size of TX queue
+ *
+ * This is about 2mb, and can be decreased for small devices. A queue smaller
+ * than about 4 is probably going to cause a lot of lost packets.
+ */
+#define ZT_TX_QUEUE_SIZE 64
+
 /**
  * Length of secret key in bytes -- 256-bit -- do not change
  */
diff --git a/node/Switch.cpp b/node/Switch.cpp
index eb1ebadb6..3fa8c31da 100644
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -503,6 +503,9 @@ void Switch::send(void *tPtr,Packet &packet,bool encrypt)
 	if (!_trySend(tPtr,packet,encrypt)) {
 		{
 			Mutex::Lock _l(_txQueue_m);
+			if (_txQueue.size() >= ZT_TX_QUEUE_SIZE) {
+				_txQueue.pop_front();
+			}
 			_txQueue.push_back(TXQueueEntry(dest,RR->node->now(),packet,encrypt));
 		}
 		if (!RR->topology->getPeer(tPtr,dest))

From 4199c56e99ca68b0f7aa01aeab04ceff7e8ece1d Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Mon, 4 Jun 2018 11:07:12 -0700
Subject: [PATCH 07/26] cant compare character arrays with ==

---
 service/OneService.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 04d8c8dff..091beacc4 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1608,11 +1608,13 @@ public:
 			// Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed
 			for(std::list< SharedPtr<ManagedRoute> >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) {
 				bool haveRoute = false;
+
 				if ( (checkIfManagedIsAllowed(n,(*mr)->target())) && (((*mr)->via().ss_family != (*mr)->target().ss_family)||(!matchIpOnly(myIps,(*mr)->via()))) ) {
 					for(unsigned int i=0;i<n.config.routeCount;++i) {
 						const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
 						const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
-						if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (tapdev == (*mr)->device()) ) ) {
+
+						if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())) ) ) {
 							haveRoute = true;
 							break;
 						}

From dce9cb27c1f464cb4a5111c27502d8ca1d7297de Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Mon, 4 Jun 2018 11:24:24 -0700
Subject: [PATCH 08/26] helps to have an ==0 on a strcmp

---
 service/OneService.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 091beacc4..91cf49eed 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1614,7 +1614,7 @@ public:
 						const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
 						const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
 
-						if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())) ) ) {
+						if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())==0) ) ) {
 							haveRoute = true;
 							break;
 						}

From 978d2fcb568d63852ff0d20ef5e7bc84b3bad183 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Thu, 21 Jun 2018 12:08:15 -0700
Subject: [PATCH 09/26] Optimize C25519 and Poly1305 on Windows even in debug.

---
 windows/ZeroTierOne/ZeroTierOne.vcxproj | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/windows/ZeroTierOne/ZeroTierOne.vcxproj b/windows/ZeroTierOne/ZeroTierOne.vcxproj
index 105ea1277..d0e0a4d8e 100644
--- a/windows/ZeroTierOne/ZeroTierOne.vcxproj
+++ b/windows/ZeroTierOne/ZeroTierOne.vcxproj
@@ -48,7 +48,12 @@
     <ClCompile Include="..\..\ext\miniupnpc\upnpdev.c" />
     <ClCompile Include="..\..\ext\miniupnpc\upnperrors.c" />
     <ClCompile Include="..\..\ext\miniupnpc\upnpreplyparse.c" />
-    <ClCompile Include="..\..\node\C25519.cpp" />
+    <ClCompile Include="..\..\node\C25519.cpp">
+      <Optimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">MaxSpeed</Optimization>
+      <Optimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">MaxSpeed</Optimization>
+      <BasicRuntimeChecks Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Default</BasicRuntimeChecks>
+      <BasicRuntimeChecks Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Default</BasicRuntimeChecks>
+    </ClCompile>
     <ClCompile Include="..\..\node\Capability.cpp" />
     <ClCompile Include="..\..\node\CertificateOfMembership.cpp" />
     <ClCompile Include="..\..\node\CertificateOfOwnership.cpp" />
@@ -64,7 +69,12 @@
     <ClCompile Include="..\..\node\Packet.cpp" />
     <ClCompile Include="..\..\node\Path.cpp" />
     <ClCompile Include="..\..\node\Peer.cpp" />
-    <ClCompile Include="..\..\node\Poly1305.cpp" />
+    <ClCompile Include="..\..\node\Poly1305.cpp">
+      <Optimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">MaxSpeed</Optimization>
+      <Optimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">MaxSpeed</Optimization>
+      <BasicRuntimeChecks Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Default</BasicRuntimeChecks>
+      <BasicRuntimeChecks Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Default</BasicRuntimeChecks>
+    </ClCompile>
     <ClCompile Include="..\..\node\Revocation.cpp" />
     <ClCompile Include="..\..\node\Salsa20.cpp" />
     <ClCompile Include="..\..\node\SelfAwareness.cpp" />

From 352ec3430f50da47132e741c4bb19ca194e324f6 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Thu, 21 Jun 2018 12:11:10 -0700
Subject: [PATCH 10/26] Add a define to set FD_SETSIZE=1024 on Windows

Default on Windows is extremely low at 64 and is the likely culprit behind the UI and CLI not being able to talk to the background service
---
 windows/ZeroTierOne/ZeroTierOne.vcxproj | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/ZeroTierOne/ZeroTierOne.vcxproj b/windows/ZeroTierOne/ZeroTierOne.vcxproj
index d0e0a4d8e..29f088749 100644
--- a/windows/ZeroTierOne/ZeroTierOne.vcxproj
+++ b/windows/ZeroTierOne/ZeroTierOne.vcxproj
@@ -296,7 +296,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
     </ClCompile>
     <Link>
@@ -312,7 +312,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
     </ClCompile>
     <Link>
@@ -328,7 +328,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_RULES_ENGINE_DEBUGGING;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_RULES_ENGINE_DEBUGGING;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MultiProcessorCompilation>false</MultiProcessorCompilation>
       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
     </ClCompile>
@@ -346,7 +346,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;NOMINMAX;STATICLIB;WIN32;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;NOMINMAX;STATICLIB;WIN32;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="disable";%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MultiProcessorCompilation>false</MultiProcessorCompilation>
       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
     </ClCompile>
@@ -366,7 +366,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;STATICLIB;ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;STATICLIB;ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <EnableEnhancedInstructionSet>StreamingSIMDExtensions2</EnableEnhancedInstructionSet>
       <StringPooling>true</StringPooling>
@@ -393,7 +393,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalIncludeDirectories>
       </AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>ZT_EXPORT;STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ZT_EXPORT;FD_SETSIZE=1024;STATICLIB;ZT_SOFTWARE_UPDATE_DEFAULT="apply";ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;ZT_BUILD_PLATFORM=2;ZT_BUILD_ARCHITECTURE=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
       <StringPooling>true</StringPooling>

From d74817f79f52df05e3f201f4ce18d439b83edcdc Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Fri, 22 Jun 2018 16:46:50 -0700
Subject: [PATCH 11/26] Added blurb about allowTcpFallbackRelay to README

---
 service/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/service/README.md b/service/README.md
index da29d3d01..8730e5671 100644
--- a/service/README.md
+++ b/service/README.md
@@ -32,7 +32,8 @@ Settings available in `local.conf` (this is not valid JSON, and JSON does not al
 		"softwareUpdateDist": true|false, /* If true, distribute software updates (only really useful to ZeroTier, Inc. itself, default is false) */
 		"interfacePrefixBlacklist": [ "XXX",... ], /* Array of interface name prefixes (e.g. eth for eth#) to blacklist for ZT traffic */
 		"allowManagementFrom": "NETWORK/bits"|null, /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */
-		"bind": [ "ip",... ] /* If present and non-null, bind to these IPs instead of to each interface (wildcard IP allowed) */
+		"bind": [ "ip",... ], /* If present and non-null, bind to these IPs instead of to each interface (wildcard IP allowed) */
+		"allowTcpFallbackRelay": true|false /* Allow or disallow establishment of TCP relay connections (true by default) */
 	}
 }
 ```

From fc225401a5890b07c3f9848219f6e4bf41b8b0a7 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Thu, 28 Jun 2018 15:05:24 -0700
Subject: [PATCH 12/26] use easy mode for network creation

---
 windows/WinUI/CentralAPI.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/WinUI/CentralAPI.cs b/windows/WinUI/CentralAPI.cs
index fc37aedfb..8c36f4559 100644
--- a/windows/WinUI/CentralAPI.cs
+++ b/windows/WinUI/CentralAPI.cs
@@ -207,7 +207,7 @@ namespace WinUI
 
         public async Task<CentralNetwork> CreateNewNetwork()
         {
-            string networkURL = Central.ServerURL + "/api/network/";
+            string networkURL = Central.ServerURL + "/api/network?easy=1";
             CentralNetwork network = new CentralNetwork();
             network.Config = new CentralNetwork.CentralNetworkConfig();
             network.Config.Name = NetworkNameGenerator.GenerateName();

From 4e6151ebd97cbc145d6997f377b3db28d51c6bfc Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Thu, 28 Jun 2018 15:24:45 -0700
Subject: [PATCH 13/26] Added "Create and Join Network" menu item to windows
 system tray UI

---
 windows/WinUI/ToolbarItem.xaml    |  5 +++-
 windows/WinUI/ToolbarItem.xaml.cs | 42 +++++++++++++++++++++++++++----
 2 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/windows/WinUI/ToolbarItem.xaml b/windows/WinUI/ToolbarItem.xaml
index 85e4122a9..9517455c4 100644
--- a/windows/WinUI/ToolbarItem.xaml
+++ b/windows/WinUI/ToolbarItem.xaml
@@ -43,7 +43,10 @@
 							<Separator/>
 							<MenuItem Header="ZeroTier Central"
 												Click="ToolbarItem_CentralClicked"/>
-								
+							<MenuItem Header="Create and Join Network"
+												Click="ToolbarItem_NewNetwork"
+												x:Name="newNetworkItem"/>
+							<Separator/>
 							<MenuItem Header="About..."
                                       Click="ToolbarItem_AboutClicked"/>
 							<MenuItem Header="Preferences..."
diff --git a/windows/WinUI/ToolbarItem.xaml.cs b/windows/WinUI/ToolbarItem.xaml.cs
index c16de3c34..2a0d717b0 100644
--- a/windows/WinUI/ToolbarItem.xaml.cs
+++ b/windows/WinUI/ToolbarItem.xaml.cs
@@ -120,17 +120,21 @@ namespace WinUI
                 if (shouldShowOnboardProcess)
                 {
                     // TODO: Show onboarding process window (on main thread
-                    Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
-                    {
-                        PageSwitcher ps = new PageSwitcher();
-                        ps.Show();
-                    }));
+                    showOnboardProcess();
 
                     shouldShowOnboardProcess = false;
                 }
             }
         }
 
+        private void showOnboardProcess()
+        {
+            Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+            {
+                PageSwitcher ps = new PageSwitcher();
+                ps.Show();
+            }));
+        }
         private void updateStatus(ZeroTierStatus status) 
         {
             if (status != null)
@@ -142,6 +146,15 @@ namespace WinUI
                     nodeId = status.Address;
                 }));
             }
+
+            if (CentralAPI.Instance.HasAccessToken())
+            {
+                newNetworkItem.IsEnabled = true;
+            }
+            else
+            {
+                newNetworkItem.IsEnabled = false;
+            }
         }
 
         private void ToolbarItem_NodeIDClicked(object sender, System.Windows.RoutedEventArgs e)
@@ -331,6 +344,25 @@ namespace WinUI
             }
         }
 
+        private async void ToolbarItem_NewNetwork(object sender, System.Windows.RoutedEventArgs e)
+        {
+            if (CentralAPI.Instance.HasAccessToken())
+            {
+                CentralAPI api = CentralAPI.Instance;
+                CentralNetwork newNetwork = await api.CreateNewNetwork();
+
+                APIHandler handler = APIHandler.Instance;
+                handler.JoinNetwork(this.Dispatcher, newNetwork.Id);
+
+                string nodeId = APIHandler.Instance.NodeAddress();
+                bool authorized = await CentralAPI.Instance.AuthorizeNode(nodeId, newNetwork.Id);
+            }   
+            else
+            {
+                showOnboardProcess();
+            }
+        }
+
         private void setWindowPosition(Window w)
         {
             double width = w.ActualWidth;

From 73e4286fbfce8ce017304f693a1190521ad4a8f9 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 3 Jul 2018 12:51:41 -0700
Subject: [PATCH 14/26] Fix two controller bugs: filesystem bug and another
 possible infinite recursion bug.

---
 controller/DB.cpp                        | 136 -----------------------
 controller/EmbeddedNetworkController.cpp |   2 +
 controller/FileDB.cpp                    |  38 ++++---
 make-linux.mk                            |   4 +-
 4 files changed, 26 insertions(+), 154 deletions(-)

diff --git a/controller/DB.cpp b/controller/DB.cpp
index b2e8878a6..61eed0e96 100644
--- a/controller/DB.cpp
+++ b/controller/DB.cpp
@@ -324,109 +324,6 @@ void DB::_memberChanged(nlohmann::json &old,nlohmann::json &memberConfig,bool pu
 		}
 	}
 
-	/*
-	if (old.is_object()) {
-		json &config = old["config"];
-		if (config.is_object()) {
-			memberId = OSUtils::jsonIntHex(config["id"],0ULL);
-			networkId = OSUtils::jsonIntHex(config["nwid"],0ULL);
-			if ((memberId)&&(networkId)) {
-				{
-					std::lock_guard<std::mutex> l(_networks_l);
-					auto nw2 = _networks.find(networkId);
-					if (nw2 != _networks.end())
-						nw = nw2->second;
-				}
-				if (nw) {
-					std::lock_guard<std::mutex> l(nw->lock);
-					if (OSUtils::jsonBool(config["activeBridge"],false))
-						nw->activeBridgeMembers.erase(memberId);
-					wasAuth = OSUtils::jsonBool(config["authorized"],false);
-					if (wasAuth)
-						nw->authorizedMembers.erase(memberId);
-					json &ips = config["ipAssignments"];
-					if (ips.is_array()) {
-						for(unsigned long i=0;i<ips.size();++i) {
-							json &ipj = ips[i];
-							if (ipj.is_string()) {
-								const std::string ips = ipj;
-								InetAddress ipa(ips.c_str());
-								ipa.setPort(0);
-								nw->allocatedIps.erase(ipa);
-							}
-						}
-					}
-				}
-			}
-		}
-	}
-
-	if (member.is_object()) {
-		json &config = member["config"];
-		if (config.is_object()) {
-			if (!nw) {
-				memberId = OSUtils::jsonIntHex(config["id"],0ULL);
-				networkId = OSUtils::jsonIntHex(config["nwid"],0ULL);
-				if ((!memberId)||(!networkId))
-					return;
-				std::lock_guard<std::mutex> l(_networks_l);
-				std::shared_ptr<_Network> &nw2 = _networks[networkId];
-				if (!nw2)
-					nw2.reset(new _Network);
-				nw = nw2;
-			}
-
-			{
-				std::lock_guard<std::mutex> l(nw->lock);
-
-				nw->members[memberId] = config;
-
-				if (OSUtils::jsonBool(config["activeBridge"],false))
-					nw->activeBridgeMembers.insert(memberId);
-				isAuth = OSUtils::jsonBool(config["authorized"],false);
-				if (isAuth)
-					nw->authorizedMembers.insert(memberId);
-				json &ips = config["ipAssignments"];
-				if (ips.is_array()) {
-					for(unsigned long i=0;i<ips.size();++i) {
-						json &ipj = ips[i];
-						if (ipj.is_string()) {
-							const std::string ips = ipj;
-							InetAddress ipa(ips.c_str());
-							ipa.setPort(0);
-							nw->allocatedIps.insert(ipa);
-						}
-					}
-				}
-
-				if (!isAuth) {
-					const int64_t ldt = (int64_t)OSUtils::jsonInt(config["lastDeauthorizedTime"],0ULL);
-					if (ldt > nw->mostRecentDeauthTime)
-						nw->mostRecentDeauthTime = ldt;
-				}
-			}
-
-			if (push)
-				_controller->onNetworkMemberUpdate(networkId,memberId);
-		}
-	} else if (memberId) {
-		if (nw) {
-			std::lock_guard<std::mutex> l(nw->lock);
-			nw->members.erase(memberId);
-		}
-		if (networkId) {
-			std::lock_guard<std::mutex> l(_networks_l);
-			auto er = _networkByMember.equal_range(memberId);
-			for(auto i=er.first;i!=er.second;++i) {
-				if (i->second == networkId) {
-					_networkByMember.erase(i);
-					break;
-				}
-			}
-		}
-	}
-	*/
-
 	if ((push)&&((wasAuth)&&(!isAuth)&&(networkId)&&(memberId)))
 		_controller->onNetworkMemberDeauthorize(networkId,memberId);
 }
@@ -460,39 +357,6 @@ void DB::_networkChanged(nlohmann::json &old,nlohmann::json &networkConfig,bool
 			_networks.erase(id);
 		}
 	}
-
-	/*
-	if (network.is_object()) {
-		json &config = network["config"];
-		if (networkConfig.is_object()) {
-			const std::string ids = config["id"];
-			const uint64_t id = Utils::hexStrToU64(ids.c_str());
-			if (id) {
-				std::shared_ptr<_Network> nw;
-				{
-					std::lock_guard<std::mutex> l(_networks_l);
-					std::shared_ptr<_Network> &nw2 = _networks[id];
-					if (!nw2)
-						nw2.reset(new _Network);
-					nw = nw2;
-				}
-				{
-					std::lock_guard<std::mutex> l2(nw->lock);
-					nw->config = config;
-				}
-				if (push)
-					_controller->onNetworkUpdate(id);
-			}
-		}
-	} else if (old.is_object()) {
-		const std::string ids = old["id"];
-		const uint64_t id = Utils::hexStrToU64(ids.c_str());
-		if (id) {
-			std::lock_guard<std::mutex> l(_networks_l);
-			_networks.erase(id);
-		}
-	}
-	*/
 }
 
 void DB::_fillSummaryInfo(const std::shared_ptr<_Network> &nw,NetworkSummaryInfo &info)
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index ef52f6e07..a54950ff8 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -504,6 +504,8 @@ void EmbeddedNetworkController::request(
 	qe->identity = identity;
 	qe->metaData = metaData;
 	qe->type = _RQEntry::RQENTRY_TYPE_REQUEST;
+	char buf[1024];
+	printf("!!! %.16llx %.16llx %s\n",nwid,requestPacketId,fromAddr.toString(buf));
 	_queue.post(qe);
 }
 
diff --git a/controller/FileDB.cpp b/controller/FileDB.cpp
index a7b59cbf0..e78a64c91 100644
--- a/controller/FileDB.cpp
+++ b/controller/FileDB.cpp
@@ -91,13 +91,15 @@ void FileDB::save(nlohmann::json *orig,nlohmann::json &record)
 				nlohmann::json old;
 				get(nwid,old);
 
-				OSUtils::ztsnprintf(p1,sizeof(p1),"%s" ZT_PATH_SEPARATOR_S "%.16llx.json.new",_networksPath.c_str(),nwid);
-				OSUtils::ztsnprintf(p2,sizeof(p2),"%s" ZT_PATH_SEPARATOR_S "%.16llx.json",_networksPath.c_str(),nwid);
-				if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1)))
-					fprintf(stderr,"WARNING: controller unable to write to path: %s" ZT_EOL_S,p1);
-				OSUtils::rename(p1,p2);
+				if ((!old.is_object())||(old != record)) {
+					OSUtils::ztsnprintf(p1,sizeof(p1),"%s" ZT_PATH_SEPARATOR_S "%.16llx.json.new",_networksPath.c_str(),nwid);
+					OSUtils::ztsnprintf(p2,sizeof(p2),"%s" ZT_PATH_SEPARATOR_S "%.16llx.json",_networksPath.c_str(),nwid);
+					if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1)))
+						fprintf(stderr,"WARNING: controller unable to write to path: %s" ZT_EOL_S,p1);
+					OSUtils::rename(p1,p2);
 
-				_networkChanged(old,record,true);
+					_networkChanged(old,record,true);
+				}
 			}
 		} else if (objtype == "member") {
 			const uint64_t id = OSUtils::jsonIntHex(record["id"],0ULL);
@@ -106,17 +108,21 @@ void FileDB::save(nlohmann::json *orig,nlohmann::json &record)
 				nlohmann::json network,old;
 				get(nwid,network,id,old);
 
-				OSUtils::ztsnprintf(pb,sizeof(pb),"%s" ZT_PATH_SEPARATOR_S "%.16llx" ZT_PATH_SEPARATOR_S "member",_networksPath.c_str(),(unsigned long long)nwid);
-				OSUtils::ztsnprintf(p1,sizeof(p1),"%s" ZT_PATH_SEPARATOR_S "%.10llx.json.new",pb,(unsigned long long)id);
-				OSUtils::ztsnprintf(p2,sizeof(p2),"%s" ZT_PATH_SEPARATOR_S "%.10llx.json",pb,(unsigned long long)id);
-				if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1))) {
-					OSUtils::mkdir(pb);
-					if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1)))
-						fprintf(stderr,"WARNING: controller unable to write to path: %s" ZT_EOL_S,p1);
-				}
-				OSUtils::rename(p1,p2);
+				if ((!old.is_object())||(old != record)) {
+					OSUtils::ztsnprintf(pb,sizeof(pb),"%s" ZT_PATH_SEPARATOR_S "%.16llx" ZT_PATH_SEPARATOR_S "member",_networksPath.c_str(),(unsigned long long)nwid);
+					OSUtils::ztsnprintf(p1,sizeof(p1),"%s" ZT_PATH_SEPARATOR_S "%.10llx.json.new",pb,(unsigned long long)id);
+					if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1))) {
+						OSUtils::ztsnprintf(p2,sizeof(p2),"%s" ZT_PATH_SEPARATOR_S "%.16llx",_networksPath.c_str(),(unsigned long long)nwid);
+						OSUtils::mkdir(p2);
+						OSUtils::mkdir(pb);
+						if (!OSUtils::writeFile(p1,OSUtils::jsonDump(record,-1)))
+							fprintf(stderr,"WARNING: controller unable to write to path: %s" ZT_EOL_S,p1);
+					}
+					OSUtils::ztsnprintf(p2,sizeof(p2),"%s" ZT_PATH_SEPARATOR_S "%.10llx.json",pb,(unsigned long long)id);
+					OSUtils::rename(p1,p2);
 
-				_memberChanged(old,record,true);
+					_memberChanged(old,record,true);
+				}
 			}
 		} else if (objtype == "trace") {
 			const std::string id = record["id"];
diff --git a/make-linux.mk b/make-linux.mk
index 56096da86..24e054dc0 100644
--- a/make-linux.mk
+++ b/make-linux.mk
@@ -55,8 +55,8 @@ ifeq ($(ZT_SANITIZE),1)
 	SANFLAGS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
 endif
 ifeq ($(ZT_DEBUG),1)
-	override CFLAGS+=-Wall -Wno-deprecated -Werror -g -pthread $(INCLUDES) $(DEFS)
-	override CXXFLAGS+=-Wall -Wno-deprecated -Werror -g -std=c++11 -pthread $(INCLUDES) $(DEFS)
+	override CFLAGS+=-Wall -Wno-deprecated -g -pthread $(INCLUDES) $(DEFS)
+	override CXXFLAGS+=-Wall -Wno-deprecated -g -std=c++11 -pthread $(INCLUDES) $(DEFS)
 	ZT_TRACE=1
 	STRIP?=echo
 	# The following line enables optimization for the crypto code, since

From 37ae3b2b80e95758e028e476c9bcb485583f8208 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 3 Jul 2018 12:52:35 -0700
Subject: [PATCH 15/26] Remote debug printf.

---
 controller/EmbeddedNetworkController.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index a54950ff8..ef52f6e07 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -504,8 +504,6 @@ void EmbeddedNetworkController::request(
 	qe->identity = identity;
 	qe->metaData = metaData;
 	qe->type = _RQEntry::RQENTRY_TYPE_REQUEST;
-	char buf[1024];
-	printf("!!! %.16llx %.16llx %s\n",nwid,requestPacketId,fromAddr.toString(buf));
 	_queue.post(qe);
 }
 

From f94aea8119bdf5b894c4d9a29e678c3c3594b490 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Wed, 11 Jul 2018 10:42:31 -0700
Subject: [PATCH 16/26] Return error 503 if RethinkDB is down when built as
 RethinkDB-based controller.

---
 controller/DB.hpp                        |  1 +
 controller/EmbeddedNetworkController.cpp |  5 +++--
 controller/FileDB.cpp                    | 10 +++-------
 controller/FileDB.hpp                    |  1 +
 controller/RethinkDB.cpp                 | 11 ++++++++++-
 controller/RethinkDB.hpp                 |  4 ++--
 6 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/controller/DB.hpp b/controller/DB.hpp
index 4757bb406..4b2940cdc 100644
--- a/controller/DB.hpp
+++ b/controller/DB.hpp
@@ -82,6 +82,7 @@ public:
 	virtual ~DB();
 
 	virtual bool waitForReady() = 0;
+	virtual bool isReady() = 0;
 
 	inline bool hasNetwork(const uint64_t networkId) const
 	{
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index ef52f6e07..6a4134c66 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -596,10 +596,11 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpGET(
 		// Controller status
 
 		char tmp[4096];
-		OSUtils::ztsnprintf(tmp,sizeof(tmp),"{\n\t\"controller\": true,\n\t\"apiVersion\": %d,\n\t\"clock\": %llu\n}\n",ZT_NETCONF_CONTROLLER_API_VERSION,(unsigned long long)OSUtils::now());
+		const bool dbOk = _db->isReady();
+		OSUtils::ztsnprintf(tmp,sizeof(tmp),"{\n\t\"controller\": true,\n\t\"apiVersion\": %d,\n\t\"clock\": %llu,\n\t\"databaseReady\": %s\n}\n",ZT_NETCONF_CONTROLLER_API_VERSION,(unsigned long long)OSUtils::now(),dbOk ? "true" : "false");
 		responseBody = tmp;
 		responseContentType = "application/json";
-		return 200;
+		return dbOk ? 200 : 503;
 
 	}
 
diff --git a/controller/FileDB.cpp b/controller/FileDB.cpp
index e78a64c91..8cbd60ceb 100644
--- a/controller/FileDB.cpp
+++ b/controller/FileDB.cpp
@@ -63,14 +63,10 @@ FileDB::FileDB(EmbeddedNetworkController *const nc,const Identity &myId,const ch
 	}
 }
 
-FileDB::~FileDB()
-{
-}
+FileDB::~FileDB() {}
 
-bool FileDB::waitForReady()
-{
-	return true;
-}
+bool FileDB::waitForReady() { return true; }
+bool FileDB::isReady() { return true; }
 
 void FileDB::save(nlohmann::json *orig,nlohmann::json &record)
 {
diff --git a/controller/FileDB.hpp b/controller/FileDB.hpp
index 1e275a364..1a3c12e98 100644
--- a/controller/FileDB.hpp
+++ b/controller/FileDB.hpp
@@ -31,6 +31,7 @@ public:
 	virtual ~FileDB();
 
 	virtual bool waitForReady();
+	virtual bool isReady();
 	virtual void save(nlohmann::json *orig,nlohmann::json &record);
 	virtual void eraseNetwork(const uint64_t networkId);
 	virtual void eraseMember(const uint64_t networkId,const uint64_t memberId);
diff --git a/controller/RethinkDB.cpp b/controller/RethinkDB.cpp
index f6c8a59ca..a46d033f3 100644
--- a/controller/RethinkDB.cpp
+++ b/controller/RethinkDB.cpp
@@ -263,9 +263,13 @@ RethinkDB::RethinkDB(EmbeddedNetworkController *const nc,const Identity &myId,co
 			std::unique_ptr<R::Connection> rdb;
 			while (_run == 1) {
 				try {
-					if (!rdb)
+					if (!rdb) {
+						_connected = 0;
 						rdb = R::connect(this->_host,this->_port,this->_auth);
+					}
+
 					if (rdb) {
+						_connected = 1;
 						R::Array batch;
 						R::Object tmpobj;
 
@@ -434,6 +438,11 @@ bool RethinkDB::waitForReady()
 	return true;
 }
 
+bool RethinkDB::isReady()
+{
+	return ((_ready)&&(_connected));
+}
+
 void RethinkDB::save(nlohmann::json *orig,nlohmann::json &record)
 {
 	if (!record.is_object()) // sanity check
diff --git a/controller/RethinkDB.hpp b/controller/RethinkDB.hpp
index b1049ac3d..60f04c5b8 100644
--- a/controller/RethinkDB.hpp
+++ b/controller/RethinkDB.hpp
@@ -41,6 +41,7 @@ public:
 	virtual ~RethinkDB();
 
 	virtual bool waitForReady();
+	virtual bool isReady();
 	virtual void save(nlohmann::json *orig,nlohmann::json &record);
 	virtual void eraseNetwork(const uint64_t networkId);
 	virtual void eraseMember(const uint64_t networkId,const uint64_t memberId);
@@ -72,8 +73,7 @@ protected:
 	std::thread _heartbeatThread;
 
 	mutable std::mutex _readyLock; // locked until ready
-	std::atomic<int> _ready;
-	std::atomic<int> _run;
+	std::atomic<int> _ready,_connected,_run;
 	mutable volatile bool _waitNoticePrinted;
 };
 

From 62a93c58fda12c4539bc2f5e0efbeca8ec8d530d Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Thu, 19 Jul 2018 17:50:10 -0700
Subject: [PATCH 17/26] Added ifdefs surrounding usage of getifaddrs() on
 Android

---
 osdep/Binder.hpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp
index 93fad9f13..691e52816 100644
--- a/osdep/Binder.hpp
+++ b/osdep/Binder.hpp
@@ -293,7 +293,7 @@ public:
 #else
 			const bool gotViaProc = false;
 #endif
-
+#if !defined(ZT_SDK) || !defined(__ANDROID__) // getifaddrs() freeifaddrs() not available on Android
 			if (!gotViaProc) {
 				struct ifaddrs *ifatbl = (struct ifaddrs *)0;
 				struct ifaddrs *ifa;
@@ -325,6 +325,7 @@ public:
 					interfacesEnumerated = false;
 				}
 			}
+#endif
 
 #endif
 		} else {

From ac40f2191caa638603d51bd776f14cfd68abf2c6 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 20 Jul 2018 07:41:47 -0700
Subject: [PATCH 18/26] .

---
 node/Topology.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/node/Topology.cpp b/node/Topology.cpp
index 7c526b412..a1b66ac7f 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -382,6 +382,8 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now)
 		}
 	}
 
+	// Temporarily disable path cleanup to test hypothesis about periodic threading issues as reported by Keysight.
+/*
 	{
 		Mutex::Lock _l(_paths_m);
 		Hashtable< Path::HashKey,SharedPtr<Path> >::Iterator i(_paths);
@@ -392,6 +394,7 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now)
 				_paths.erase(*k);
 		}
 	}
+*/
 }
 
 void Topology::_memoizeUpstreams(void *tPtr)

From 5b114791e52c046be3b5db254566928ccc6c7a23 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 20 Jul 2018 14:01:58 -0700
Subject: [PATCH 19/26] Fix a bug that caused a crash on empty HTTP requests
 (localhost only) and add a lightweight lock to the RX queue to prevent
 possible threads stepping on each other in parallel receive paths.

---
 node/Switch.cpp        | 5 +++++
 node/Switch.hpp        | 1 +
 node/Topology.cpp      | 3 ---
 service/OneService.cpp | 2 ++
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/node/Switch.cpp b/node/Switch.cpp
index 3fa8c31da..eeeca5dbd 100644
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -121,6 +121,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre
 						// seeing a Packet::Fragment?
 
 						RXQueueEntry *const rq = _findRXQueueEntry(fragmentPacketId);
+						Mutex::Lock rql(rq->lock);
 						if (rq->packetId != fragmentPacketId) {
 							// No packet found, so we received a fragment without its head.
 
@@ -203,6 +204,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre
 					);
 
 					RXQueueEntry *const rq = _findRXQueueEntry(packetId);
+					Mutex::Lock rql(rq->lock);
 					if (rq->packetId != packetId) {
 						// If we have no other fragments yet, create an entry and save the head
 
@@ -237,6 +239,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre
 					IncomingPacket packet(data,len,path,now);
 					if (!packet.tryDecode(RR,tPtr)) {
 						RXQueueEntry *const rq = _nextRXQueueEntry();
+						Mutex::Lock rql(rq->lock);
 						rq->timestamp = now;
 						rq->packetId = packet.packetId();
 						rq->frag0 = packet;
@@ -545,6 +548,7 @@ void Switch::doAnythingWaitingForPeer(void *tPtr,const SharedPtr<Peer> &peer)
 	const int64_t now = RR->node->now();
 	for(unsigned int ptr=0;ptr<ZT_RX_QUEUE_SIZE;++ptr) {
 		RXQueueEntry *const rq = &(_rxQueue[ptr]);
+		Mutex::Lock rql(rq->lock);
 		if ((rq->timestamp)&&(rq->complete)) {
 			if ((rq->frag0.tryDecode(RR,tPtr))||((now - rq->timestamp) > ZT_RECEIVE_QUEUE_TIMEOUT))
 				rq->timestamp = 0;
@@ -594,6 +598,7 @@ unsigned long Switch::doTimerTasks(void *tPtr,int64_t now)
 
 	for(unsigned int ptr=0;ptr<ZT_RX_QUEUE_SIZE;++ptr) {
 		RXQueueEntry *const rq = &(_rxQueue[ptr]);
+		Mutex::Lock rql(rq->lock);
 		if ((rq->timestamp)&&(rq->complete)) {
 			if ((rq->frag0.tryDecode(RR,tPtr))||((now - rq->timestamp) > ZT_RECEIVE_QUEUE_TIMEOUT)) {
 				rq->timestamp = 0;
diff --git a/node/Switch.hpp b/node/Switch.hpp
index 906f418e6..5de17fa0c 100644
--- a/node/Switch.hpp
+++ b/node/Switch.hpp
@@ -159,6 +159,7 @@ private:
 		unsigned int totalFragments; // 0 if only frag0 received, waiting for frags
 		uint32_t haveFragments; // bit mask, LSB to MSB
 		volatile bool complete; // if true, packet is complete
+		Mutex lock;
 	};
 	RXQueueEntry _rxQueue[ZT_RX_QUEUE_SIZE];
 	AtomicCounter _rxQueuePtr;
diff --git a/node/Topology.cpp b/node/Topology.cpp
index a1b66ac7f..7c526b412 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -382,8 +382,6 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now)
 		}
 	}
 
-	// Temporarily disable path cleanup to test hypothesis about periodic threading issues as reported by Keysight.
-/*
 	{
 		Mutex::Lock _l(_paths_m);
 		Hashtable< Path::HashKey,SharedPtr<Path> >::Iterator i(_paths);
@@ -394,7 +392,6 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now)
 				_paths.erase(*k);
 		}
 	}
-*/
 }
 
 void Topology::_memoizeUpstreams(void *tPtr)
diff --git a/service/OneService.cpp b/service/OneService.cpp
index 91cf49eed..ea336f074 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1063,6 +1063,8 @@ public:
 					else urlArgs[a->substr(0,eqpos)] = a->substr(eqpos + 1);
 				}
 			}
+		} else {
+			return 404;
 		}
 
 		bool isAuth = false;

From fa7e7fc6f976e3ad27fd1212d3ba17148764bc21 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 20 Jul 2018 15:53:19 -0700
Subject: [PATCH 20/26] Revert fix for GitHub issue #600 because it causes
 route objects to build up forever (at least on Mac). Bleh. #600 is a rare
 issue and will need some other fix after reliable duplication.

---
 osdep/ManagedRoute.cpp | 1 +
 service/OneService.cpp | 5 -----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp
index d7c807049..324fada0a 100644
--- a/osdep/ManagedRoute.cpp
+++ b/osdep/ManagedRoute.cpp
@@ -246,6 +246,7 @@ static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains)
 
 static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *ifscope,const char *localInterface)
 {
+	//char f1[1024],f2[1024]; printf("%s %s %s %s %s\n",op,target.toString(f1),via.toString(f2),ifscope,localInterface);
 	long p = (long)fork();
 	if (p > 0) {
 		int exitcode = -1;
diff --git a/service/OneService.cpp b/service/OneService.cpp
index ea336f074..389cdc91d 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1610,12 +1610,10 @@ public:
 			// Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed
 			for(std::list< SharedPtr<ManagedRoute> >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) {
 				bool haveRoute = false;
-
 				if ( (checkIfManagedIsAllowed(n,(*mr)->target())) && (((*mr)->via().ss_family != (*mr)->target().ss_family)||(!matchIpOnly(myIps,(*mr)->via()))) ) {
 					for(unsigned int i=0;i<n.config.routeCount;++i) {
 						const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
 						const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
-
 						if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())==0) ) ) {
 							haveRoute = true;
 							break;
@@ -1640,15 +1638,12 @@ public:
 				bool haveRoute = false;
 
 				// Ignore routes implied by local managed IPs since adding the IP adds the route
-				// Commented out to fix ticket #600 (disappearing routes on macOS). Remove this block when we're sure there's no side effects
-				/*
 				for(std::vector<InetAddress>::iterator ip(n.managedIps.begin());ip!=n.managedIps.end();++ip) {
 					if ((target->netmaskBits() == ip->netmaskBits())&&(target->containsAddress(*ip))) {
 						haveRoute = true;
 						break;
 					}
 				}
-				*/
 				if (haveRoute)
 					continue;
 

From 1fc14292fe87d5fec2478760726e7535b6c5e455 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Wed, 25 Jul 2018 12:09:31 -0700
Subject: [PATCH 21/26] Version bumps.

---
 debian/changelog                                     |  6 ++++++
 ext/installfiles/mac/ZeroTier One.pkgproj            |  2 +-
 .../chocolatey/zerotier-one/zerotier-one.nuspec      |  2 +-
 version.h                                            |  2 +-
 windows/WinUI/AboutView.xaml                         |  4 ++--
 zerotier-one.spec                                    | 12 ++++++------
 6 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 1c0204115..ef195c315 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+zerotier-one (1.2.12) unstable; urgency=medium
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 25 July 2018 01:00:00 -0700
+
 zerotier-one (1.2.10) unstable; urgency=medium
 
   * See https://github.com/zerotier/ZeroTierOne for release notes.
diff --git a/ext/installfiles/mac/ZeroTier One.pkgproj b/ext/installfiles/mac/ZeroTier One.pkgproj
index 866029eed..0d3d0bdac 100755
--- a/ext/installfiles/mac/ZeroTier One.pkgproj	
+++ b/ext/installfiles/mac/ZeroTier One.pkgproj	
@@ -664,7 +664,7 @@
 			<key>USE_HFS+_COMPRESSION</key>
 			<false/>
 			<key>VERSION</key>
-			<string>1.2.10</string>
+			<string>1.2.12</string>
 		</dict>
 		<key>PROJECT_COMMENTS</key>
 		<dict>
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec b/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec
index 1270652b5..2fb4fe573 100644
--- a/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec
@@ -26,7 +26,7 @@ This is a nuspec. It mostly adheres to https://docs.nuget.org/create/Nuspec-Refe
     <!-- version should MATCH as closely as possible with the underlying software -->
     <!-- Is the version a prerelease of a version? https://docs.nuget.org/create/versioning#creating-prerelease-packages -->
     <!-- Note that unstable versions like 0.0.1 can be considered a released version, but it's possible that one can release a 0.0.1-beta before you release a 0.0.1 version. If the version number is final, that is considered a released version and not a prerelease. -->
-    <version>1.2.10</version>
+    <version>1.2.12</version>
     <!-- <packageSourceUrl>Where is this Chocolatey package located (think GitHub)? packageSourceUrl is highly recommended for the community feed</packageSourceUrl>-->
     <!-- owners is a poor name for maintainers of the package. It sticks around by this name for compatibility reasons. It basically means you. -->
     <!--<owners>ZeroTier, Inc.</owners>-->
diff --git a/version.h b/version.h
index 808879d7e..f5f6aa0bd 100644
--- a/version.h
+++ b/version.h
@@ -40,7 +40,7 @@
 /**
  * Revision
  */
-#define ZEROTIER_ONE_VERSION_REVISION 10
+#define ZEROTIER_ONE_VERSION_REVISION 12
 
 /**
  * Build version
diff --git a/windows/WinUI/AboutView.xaml b/windows/WinUI/AboutView.xaml
index b1df750be..118a61b1e 100644
--- a/windows/WinUI/AboutView.xaml
+++ b/windows/WinUI/AboutView.xaml
@@ -19,9 +19,9 @@
                     <Run Text="ZeroTier One"/>
                 </Paragraph>
                 <Paragraph TextAlignment="Center">
-                    <Run FontSize="14" Text="Version 1.2.10"/>
+                    <Run FontSize="14" Text="Version 1.2.12"/>
                     <LineBreak/>
-                    <Run FontSize="14" Text="(c) 2011-2017 ZeroTier, Inc."/>
+                    <Run FontSize="14" Text="(c) 2011-2018 ZeroTier, Inc."/>
                     <LineBreak/>
                     <Run FontSize="14" Text="www.zerotier.com"/>
                 </Paragraph>
diff --git a/zerotier-one.spec b/zerotier-one.spec
index 41af5acad..55cc1fb05 100644
--- a/zerotier-one.spec
+++ b/zerotier-one.spec
@@ -1,5 +1,5 @@
 Name:           zerotier-one
-Version:        1.2.10
+Version:        1.2.12
 Release:        1%{?dist}
 Summary:        ZeroTier One network virtualization service
 
@@ -33,13 +33,13 @@ Requires(pre): /usr/sbin/useradd, /usr/bin/getent
 %description
 ZeroTier is a software defined networking layer for Earth.
 
-It can be used for on-premise network virtualization, as a peer to peer VPN 
-for mobile teams, for hybrid or multi-data-center cloud deployments, or just 
+It can be used for on-premise network virtualization, as a peer to peer VPN
+for mobile teams, for hybrid or multi-data-center cloud deployments, or just
 about anywhere else secure software defined virtual networking is useful.
 
-ZeroTier One is our OS-level client service. It allows Mac, Linux, Windows, 
-FreeBSD, and soon other types of clients to join ZeroTier virtual networks 
-like conventional VPNs or VLANs. It can run on native systems, VMs, or 
+ZeroTier One is our OS-level client service. It allows Mac, Linux, Windows,
+FreeBSD, and soon other types of clients to join ZeroTier virtual networks
+like conventional VPNs or VLANs. It can run on native systems, VMs, or
 containers (Docker, OpenVZ, etc.).
 
 %prep

From b30f423fc96e090d6a682aa2ed5bb01054be9fd4 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Wed, 25 Jul 2018 12:11:59 -0700
Subject: [PATCH 22/26] .

---
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index ef195c315..490fbedc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ zerotier-one (1.2.12) unstable; urgency=medium
 
   * See https://github.com/zerotier/ZeroTierOne for release notes.
 
- -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 25 July 2018 01:00:00 -0700
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 25 Jul 2018 01:00:00 -0700
 
 zerotier-one (1.2.10) unstable; urgency=medium
 

From d724af6a99b3698bd396801f0b1ba64a5378fc94 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Wed, 25 Jul 2018 15:03:01 -0700
Subject: [PATCH 23/26] Replace Sao Paolo root with Buenos Aires in default
 planet def (will push to network too)

---
 attic/world/mkworld.cpp                    |   6 +++---
 attic/world/{ => old}/earth-2016-01-13.bin | Bin
 attic/world/world.bin                      | Bin 0 -> 634 bytes
 attic/world/world.c                        |   3 +++
 node/Topology.cpp                          |   6 +++---
 5 files changed, 9 insertions(+), 6 deletions(-)
 rename attic/world/{ => old}/earth-2016-01-13.bin (100%)
 create mode 100644 attic/world/world.bin
 create mode 100644 attic/world/world.c

diff --git a/attic/world/mkworld.cpp b/attic/world/mkworld.cpp
index e0f477b31..647ddd219 100644
--- a/attic/world/mkworld.cpp
+++ b/attic/world/mkworld.cpp
@@ -81,7 +81,7 @@ int main(int argc,char **argv)
 	std::vector<World::Root> roots;
 
 	const uint64_t id = ZT_WORLD_ID_EARTH;
-	const uint64_t ts = 1452708876314ULL; // January 13th, 2016
+	const uint64_t ts = 1532555817048ULL; // July 25th, 2018
 
 	// Alice
 	roots.push_back(World::Root());
@@ -92,8 +92,8 @@ int main(int argc,char **argv)
 	roots.back().stableEndpoints.push_back(InetAddress("2c0f:f850:154:197::33/9993")); // Johannesburg
 	roots.back().stableEndpoints.push_back(InetAddress("159.203.97.171/9993")); // New York
 	roots.back().stableEndpoints.push_back(InetAddress("2604:a880:800:a1::54:6001/9993")); // New York
-	roots.back().stableEndpoints.push_back(InetAddress("169.57.143.104/9993")); // Sao Paolo
-	roots.back().stableEndpoints.push_back(InetAddress("2607:f0d0:1d01:57::2/9993")); // Sao Paolo
+	roots.back().stableEndpoints.push_back(InetAddress("131.255.6.16/9993")); // Buenos Aires
+	roots.back().stableEndpoints.push_back(InetAddress("2803:eb80:0:e::2/9993")); // Buenos Aires
 	roots.back().stableEndpoints.push_back(InetAddress("107.170.197.14/9993")); // San Francisco
 	roots.back().stableEndpoints.push_back(InetAddress("2604:a880:1:20::200:e001/9993")); // San Francisco
 	roots.back().stableEndpoints.push_back(InetAddress("128.199.197.217/9993")); // Singapore
diff --git a/attic/world/earth-2016-01-13.bin b/attic/world/old/earth-2016-01-13.bin
similarity index 100%
rename from attic/world/earth-2016-01-13.bin
rename to attic/world/old/earth-2016-01-13.bin
diff --git a/attic/world/world.bin b/attic/world/world.bin
new file mode 100644
index 0000000000000000000000000000000000000000..bbafb43a5e09e0f45ff1c1c68a120e7ebd9d835c
GIT binary patch
literal 634
zcmZQ%00NFzC%G6H7*j46eu&tyxnoJDlE}nWv(BcSDf7AaH;j3{K>9k-XLItm=vIds
z^V#286Euf?(%)i-WvdiduUOLgcij>%%l*0xsk2U=ka)fS?^UDkqIpdDI~jSmR<qo&
zIx23-V)l3LG20cN`zoKGDDOQ}xnuRQ88!1wR7D=@U!N}c#>8hn|CUzX*@71jontt{
zCG36r@H#y)2Jbr);_7C*u#1`{+N7*{=~iL0T;jwHrn!m}EI%_aewd^+<MC#{J^Mc!
ztIa)>dVPVys%>+N_W639nbR|AN=0~~YR<)*PAhq(FJ8K{_*KjM+Sc{Y66Lqpf7tG*
zc9ScQfrn+!vbc@voNQXm8xAlqF<fA%WncsahB_z9ET^N2Kp7qW9|4RZjMEv6&v5+s
zb%p~dGyinrYM_i7%ZdgL28M+UAqk8Of50-$|Jek9G8)XU8-RxJF)+bpvR57DgX#g=
zpuoiNfRW=LSWm<8qc?#vDh!DrJr@|ZJ3wVR938s!7<S7VemboDDCOld$D)JF{mVP2
zhQ1XjmARVN<`8pFu$SrnztC7Wo%30(Ta#skOnG`^k8ti1*vS;j?-KLH^QN{8(2u$b
z$C`jPC@@NXNMUF^9Kyix|DS|xBG4y#sSADrWx&2?2HKrvz*xa>7Uak5{d$+6dNLTA
zmoTK9<!E38%jhb6+YFV7VCen<HcfQ%ETA4;g&*NinF5B{Cm}LNzJf!H38(-ZVmxbs
N_NWyw{u2es003e;@O%IO

literal 0
HcmV?d00001

diff --git a/attic/world/world.c b/attic/world/world.c
new file mode 100644
index 000000000..58ec9f38a
--- /dev/null
+++ b/attic/world/world.c
@@ -0,0 +1,3 @@
+
+#define ZT_DEFAULT_WORLD_LENGTH 634
+static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x64,0xd3,0x71,0xf0,0x58,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0xbf,0xfd,0xd5,0x32,0xf7,0x15,0x6e,0x02,0x6f,0xb9,0x01,0x0d,0xb5,0x7b,0x04,0xd8,0x3a,0xc5,0x17,0x39,0x04,0x36,0xfd,0x9d,0xc6,0x3d,0xa8,0xf3,0x8e,0x79,0xe7,0xc8,0x77,0x8d,0xcc,0x79,0xb8,0xab,0xc6,0x98,0x7c,0x9f,0x34,0x25,0x14,0xe1,0x2f,0xd7,0x97,0x11,0xec,0x34,0x4c,0x9f,0x0f,0xb4,0x85,0x0d,0x9b,0x11,0xd1,0xc2,0xce,0x00,0xc4,0x0a,0x13,0x4b,0xcb,0xc3,0xae,0x2e,0x16,0x00,0x4b,0xdc,0x90,0x5e,0x7e,0x9b,0x44,0x07,0x15,0x36,0x61,0x3c,0x64,0xaa,0xe9,0x46,0x78,0x3c,0xa7,0x18,0xc8,0xd8,0x02,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x7d,0x00,0x01,0x00,0x00,0x00,0x00,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x33,0xcc,0x08,0xf8,0xfa,0xcc,0x08,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x54,0x60,0x01,0x00,0xfc,0xcc,0x08,0x27,0x09,0x04,0x83,0xff,0x06,0x10,0x27,0x09,0x06,0x28,0x03,0xeb,0x80,0x00,0x00,0x00,0x0e,0x00,0x02,0x60,0x01,0x00,0xfc,0xcc,0x08,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x02,0x00,0xe0,0x01,0x08,0xfe,0xcc,0x08,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0xb7,0x40,0x01,0x08,0xfe,0xcc,0x08,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x6a,0x30,0x01,0x78,0x00,0xcd,0x08,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x64,0xcd,0x08,0x80,0x01,0xcd,0x08,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x26,0x70,0x01,0xfe,0x15,0xc4,0xf5,0x27,0x09};
diff --git a/node/Topology.cpp b/node/Topology.cpp
index 7c526b412..12aa8d2ca 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -36,7 +36,7 @@
 namespace ZeroTier {
 
 /*
- * 2016-01-13 ZeroTier planet definition for the third planet of Sol:
+ * 2018-07-26 ZeroTier planet definition for the third planet of Sol:
  *
  * There are two roots, each of which is a cluster spread across multiple
  * continents and providers. They are named Alice and Bob after the
@@ -47,7 +47,7 @@ namespace ZeroTier {
  * root-alice-ams-01: Amsterdam, Netherlands
  * root-alice-joh-01: Johannesburg, South Africa
  * root-alice-nyc-01: New York, New York, USA
- * root-alice-sao-01: Sao Paolo, Brazil
+ * root-alice-arg-01: Buenos Aires, Argentina
  * root-alice-sfo-01: San Francisco, California, USA
  * root-alice-sgp-01: Singapore
  *
@@ -61,7 +61,7 @@ namespace ZeroTier {
  * root-bob-tor-01: Toronto, Canada
  */
 #define ZT_DEFAULT_WORLD_LENGTH 634
-static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x52,0x3c,0x32,0x50,0x1a,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x4a,0xf7,0x86,0xa8,0x40,0xd6,0x52,0xea,0xae,0x9e,0x7a,0xbf,0x4c,0x97,0x66,0xab,0x2d,0x6f,0xaf,0xc9,0x2b,0x3a,0xff,0xed,0xd6,0x30,0x3e,0xc4,0x6a,0x65,0xf2,0xbd,0x83,0x52,0xf5,0x40,0xe9,0xcc,0x0d,0x6e,0x89,0x3f,0x9a,0xa0,0xb8,0xdf,0x42,0xd2,0x2f,0x84,0xe6,0x03,0x26,0x0f,0xa8,0xe3,0xcc,0x05,0x05,0x03,0xef,0x12,0x80,0x0d,0xce,0x3e,0xb6,0x58,0x3b,0x1f,0xa8,0xad,0xc7,0x25,0xf9,0x43,0x71,0xa7,0x5c,0x9a,0xc7,0xe1,0xa3,0xb8,0x88,0xd0,0x71,0x6c,0x94,0x99,0x73,0x41,0x0b,0x1b,0x48,0x84,0x02,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x7d,0x00,0x01,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x33,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x54,0x60,0x01,0x27,0x09,0x04,0xa9,0x39,0x8f,0x68,0x27,0x09,0x06,0x26,0x07,0xf0,0xd0,0x1d,0x01,0x00,0x57,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x02,0x00,0xe0,0x01,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0xb7,0x40,0x01,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x6a,0x30,0x01,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x26,0x70,0x01,0x27,0x09};
+static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x64,0xd3,0x71,0xf0,0x58,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0xbf,0xfd,0xd5,0x32,0xf7,0x15,0x6e,0x02,0x6f,0xb9,0x01,0x0d,0xb5,0x7b,0x04,0xd8,0x3a,0xc5,0x17,0x39,0x04,0x36,0xfd,0x9d,0xc6,0x3d,0xa8,0xf3,0x8e,0x79,0xe7,0xc8,0x77,0x8d,0xcc,0x79,0xb8,0xab,0xc6,0x98,0x7c,0x9f,0x34,0x25,0x14,0xe1,0x2f,0xd7,0x97,0x11,0xec,0x34,0x4c,0x9f,0x0f,0xb4,0x85,0x0d,0x9b,0x11,0xd1,0xc2,0xce,0x00,0xc4,0x0a,0x13,0x4b,0xcb,0xc3,0xae,0x2e,0x16,0x00,0x4b,0xdc,0x90,0x5e,0x7e,0x9b,0x44,0x07,0x15,0x36,0x61,0x3c,0x64,0xaa,0xe9,0x46,0x78,0x3c,0xa7,0x18,0xc8,0xd8,0x02,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x7d,0x00,0x01,0x00,0x00,0x00,0x00,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x33,0xcc,0x08,0xf8,0xfa,0xcc,0x08,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x54,0x60,0x01,0x00,0xfc,0xcc,0x08,0x27,0x09,0x04,0x83,0xff,0x06,0x10,0x27,0x09,0x06,0x28,0x03,0xeb,0x80,0x00,0x00,0x00,0x0e,0x00,0x02,0x60,0x01,0x00,0xfc,0xcc,0x08,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x02,0x00,0xe0,0x01,0x08,0xfe,0xcc,0x08,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0xb7,0x40,0x01,0x08,0xfe,0xcc,0x08,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x6a,0x30,0x01,0x78,0x00,0xcd,0x08,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x64,0xcd,0x08,0x80,0x01,0xcd,0x08,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x26,0x70,0x01,0xfe,0x15,0xc4,0xf5,0x27,0x09};
 
 Topology::Topology(const RuntimeEnvironment *renv,void *tPtr) :
 	RR(renv),

From dcffb042ffa5b7814bb7053272119a460b58b73b Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 27 Jul 2018 13:35:20 -0700
Subject: [PATCH 24/26] Windows Advanced Installer to 1.2.12

---
 ext/installfiles/windows/ZeroTier One.aip | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ext/installfiles/windows/ZeroTier One.aip b/ext/installfiles/windows/ZeroTier One.aip
index cfa7d673c..de973bf13 100644
--- a/ext/installfiles/windows/ZeroTier One.aip	
+++ b/ext/installfiles/windows/ZeroTier One.aip	
@@ -27,10 +27,10 @@
     <ROW Property="CTRLS" Value="2"/>
     <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
     <ROW Property="Manufacturer" Value="ZeroTier, Inc."/>
-    <ROW Property="ProductCode" Value="1033:{A400C1B3-BF08-4CCE-A13A-60B98FA41CD2} " Type="16"/>
+    <ROW Property="ProductCode" Value="1033:{855E8629-580C-4BDF-8B59-B9290C7E7BA5} " Type="16"/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="ZeroTier One"/>
-    <ROW Property="ProductVersion" Value="1.2.10" Type="32"/>
+    <ROW Property="ProductVersion" Value="1.2.12" Type="32"/>
     <ROW Property="REBOOT" MultiBuildValue="DefaultBuild:ReallySuppress"/>
     <ROW Property="RUNAPPLICATION" Value="1" Type="4"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND;AI_SETUPEXEPATH;SETUPEXEDIR"/>
@@ -64,7 +64,7 @@
     <ROW Directory="x86_Dir" Directory_Parent="tapwindows_Dir" DefaultDir="x86"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="AI_CustomARPName" ComponentId="{58E98F1B-5626-4810-A5A2-AD71DCF3FC09}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
+    <ROW Component="AI_CustomARPName" ComponentId="{92D9A995-E340-41B2-98F5-F2DB3F6E8AD8}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
     <ROW Component="AI_DisableModify" ComponentId="{020DCABD-5D56-49B9-AF48-F07F0B55E590}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
     <ROW Component="AI_ExePath" ComponentId="{8E02B36C-7A19-429B-A93E-77A9261AC918}" Directory_="APPDIR" Attributes="4" KeyPath="AI_ExePath"/>
     <ROW Component="Hardcodet.Wpf.TaskbarNotification.dll" ComponentId="{BEA825AF-2555-44AF-BE40-47FFC16DCBA6}" Directory_="APPDIR" Attributes="0" KeyPath="Hardcodet.Wpf.TaskbarNotification.dll"/>
@@ -454,7 +454,7 @@
     <ROW XmlAttribute="xsischemaLocation" XmlElement="swidsoftware_identification_tag" Name="xsi:schemaLocation" Flags="14" Order="3" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd software_identification_tag.xsd"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
-    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="10"/>
+    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="12"/>
     <ROW XmlElement="swidentitlement_required_indicator" ParentElement="swidsoftware_identification_tag" Name="swid:entitlement_required_indicator" Condition="1" Order="0" Flags="14" Text="false"/>
     <ROW XmlElement="swidmajor" ParentElement="swidnumeric" Name="swid:major" Condition="1" Order="0" Flags="14" Text="1"/>
     <ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="2"/>

From e75a093a8cd004856788032a3eb977c98359e9a6 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 27 Jul 2018 14:14:09 -0700
Subject: [PATCH 25/26] 2018-07-27 -- Version 1.2.12

 * Fixed a bug that caused exits to take a long time on Mac due to huge numbers of redundant attempts to delete managed routes.
 * Fixed a socket limit problem on Windows that caused the ZeroTier service to run out of sockets, causing the UI and CLI to be unable to access the API.
 * Fixed a threading bug in the ZeroTier Core, albeit one that never manifested on the regular ZeroTier One service/client.
 * Fixed a bug that could cause the service to crash if an authorized local client accessed an invalid URL via the control API. (Not exploitable since you needed admin access anyway.)
---
 RELEASE-NOTES.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 54dd1375d..2464f8f70 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,6 +1,13 @@
 ZeroTier Release Notes
 ======
 
+# 2018-07-27 -- Version 1.2.12
+
+ * Fixed a bug that caused exits to take a long time on Mac due to huge numbers of redundant attempts to delete managed routes.
+ * Fixed a socket limit problem on Windows that caused the ZeroTier service to run out of sockets, causing the UI and CLI to be unable to access the API.
+ * Fixed a threading bug in the ZeroTier Core, albeit one that never manifested on the regular ZeroTier One service/client.
+ * Fixed a bug that could cause the service to crash if an authorized local client accessed an invalid URL via the control API. (Not exploitable since you needed admin access anyway.)
+
 # 2018-05-08 -- Version 1.2.10
 
  * Fix bug loading `moons.d/` files for federated root operation.

From e01c0adff28602d48ad6f0d618bee072ec7843da Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Wed, 1 Aug 2018 17:17:04 -0700
Subject: [PATCH 26/26] Added ifdef checks to omit some ManagedRoute code in
 SDK builds

---
 osdep/ManagedRoute.cpp | 8 +++++++-
 service/OneService.cpp | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp
index 324fada0a..453d810a4 100644
--- a/osdep/ManagedRoute.cpp
+++ b/osdep/ManagedRoute.cpp
@@ -46,7 +46,9 @@
 #include <sys/wait.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#ifndef ZT_SDK
 #include <net/route.h>
+#endif
 #include <net/if.h>
 #ifdef __BSD__
 #include <net/if_dl.h>
@@ -109,6 +111,7 @@ struct _RTE
 #ifdef __BSD__ // ------------------------------------------------------------
 #define ZT_ROUTING_SUPPORT_FOUND 1
 
+#ifndef ZT_SDK
 static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains)
 {
 	std::vector<_RTE> rtes;
@@ -243,6 +246,7 @@ static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains)
 
 	return rtes;
 }
+#endif
 
 static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *ifscope,const char *localInterface)
 {
@@ -409,6 +413,7 @@ static bool _winHasRoute(const NET_LUID &interfaceLuid, const NET_IFINDEX &inter
  * Linux default route override implies asymmetric routes, which then
  * trigger Linux's "martian packet" filter. */
 
+#ifndef ZT_SDK
 bool ManagedRoute::sync()
 {
 #ifdef __WINDOWS__
@@ -519,6 +524,7 @@ bool ManagedRoute::sync()
 
 	return true;
 }
+#endif
 
 void ManagedRoute::remove()
 {
@@ -562,4 +568,4 @@ void ManagedRoute::remove()
 	_applied.clear();
 }
 
-} // namespace ZeroTier
+} // namespace ZeroTier
\ No newline at end of file
diff --git a/service/OneService.cpp b/service/OneService.cpp
index 389cdc91d..a34db4b44 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1646,7 +1646,7 @@ public:
 				}
 				if (haveRoute)
 					continue;
-
+#ifndef ZT_SDK
 				// If we've already applied this route, just sync it and continue
 				for(std::list< SharedPtr<ManagedRoute> >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();++mr) {
 					if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (tapdev == (*mr)->device()) ) ) {
@@ -1662,6 +1662,7 @@ public:
 				n.managedRoutes.push_back(SharedPtr<ManagedRoute>(new ManagedRoute(*target,*via,tapdev)));
 				if (!n.managedRoutes.back()->sync())
 					n.managedRoutes.pop_back();
+#endif
 			}
 		}
 	}