From f2734dc3d8acd97151a25f963fcf71fad5a84da2 Mon Sep 17 00:00:00 2001
From: thoradia <22841905+thoradia@users.noreply.github.com>
Date: Tue, 8 Sep 2020 01:34:38 +0200
Subject: [PATCH 1/6] add ports to addresses specified by the bind setting

---
 osdep/Binder.hpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp
index 660e6f0c3..a6c668f85 100644
--- a/osdep/Binder.hpp
+++ b/osdep/Binder.hpp
@@ -316,8 +316,13 @@ public:
 
 #endif
 		} else {
-			for(std::vector<InetAddress>::const_iterator i(explicitBind.begin());i!=explicitBind.end();++i)
-				localIfAddrs.insert(std::pair<InetAddress,std::string>(*i,std::string()));
+			for(std::vector<InetAddress>::const_iterator i(explicitBind.begin());i!=explicitBind.end();++i) {
+				InetAddress ip = InetAddress(*i);
+				for(int x=0;x<(int)portCount;++x) {
+					ip.setPort(ports[x]);
+					localIfAddrs.insert(std::pair<InetAddress,std::string>(ip,std::string()));
+				}
+			}
 		}
 
 		// Default to binding to wildcard if we can't enumerate addresses

From 5ece4f734aab0fe8f9c4ec635de7c1f4daa9b868 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 6 Jul 2021 13:07:44 -0700
Subject: [PATCH 2/6] fix error message

---
 controller/PostgreSQL.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/PostgreSQL.cpp b/controller/PostgreSQL.cpp
index 229f4aa88..56ae61abb 100644
--- a/controller/PostgreSQL.cpp
+++ b/controller/PostgreSQL.cpp
@@ -1231,7 +1231,7 @@ void PostgreSQL::commitThread()
 					}
 
 				} catch (std::exception &e) {
-					fprintf(stderr, "ERROR: Error updating member: %s\n", e.what());
+					fprintf(stderr, "ERROR: Error updating network: %s\n", e.what());
 				}
 			} else if (objtype == "_delete_network") {
 				fprintf(stderr, "commitThread: delete network\n");

From e67fee0264ee4ff2603c8dd3382419e4604ca289 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 6 Jul 2021 13:07:54 -0700
Subject: [PATCH 3/6] debug logging

---
 controller/EmbeddedNetworkController.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index e2eaf75b6..9190e0c15 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1477,6 +1477,8 @@ void EmbeddedNetworkController::_request(
 	json &memberTags = member["tags"];
 	json &dns = network["dns"];
 
+	fprintf(stderr, "IP Assignment Pools for Network %s: %s\n", nwids, OSUtils::jsonDump(ipAssignmentPools, 2));
+
 	if (metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_RULES_ENGINE_REV,0) <= 0) {
 		// Old versions with no rules engine support get an allow everything rule.
 		// Since rules are enforced bidirectionally, newer versions *will* still

From 10215af96dbdef77bb39780b842e3c6f15e3c4fa Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 6 Jul 2021 13:18:08 -0700
Subject: [PATCH 4/6] whoops

---
 controller/EmbeddedNetworkController.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 9190e0c15..63d2c6866 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1477,7 +1477,7 @@ void EmbeddedNetworkController::_request(
 	json &memberTags = member["tags"];
 	json &dns = network["dns"];
 
-	fprintf(stderr, "IP Assignment Pools for Network %s: %s\n", nwids, OSUtils::jsonDump(ipAssignmentPools, 2));
+	fprintf(stderr, "IP Assignment Pools for Network %s: %s\n", nwids, OSUtils::jsonDump(ipAssignmentPools, 2).c_str());
 
 	if (metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_RULES_ENGINE_REV,0) <= 0) {
 		// Old versions with no rules engine support get an allow everything rule.

From 73ddea88646600171c81952d3f732179600d52ee Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 6 Jul 2021 14:15:01 -0700
Subject: [PATCH 5/6] use network ID, not  controller ID for looking up network
 data

---
 controller/PostgreSQL.cpp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/controller/PostgreSQL.cpp b/controller/PostgreSQL.cpp
index 56ae61abb..0fc3f40d7 100644
--- a/controller/PostgreSQL.cpp
+++ b/controller/PostgreSQL.cpp
@@ -502,7 +502,7 @@ void PostgreSQL::initializeNetworks()
 			config["routes"] = json::array();
 
 
-			pqxx::result r2 = w.exec_params("SELECT host(ip_range_start), host(ip_range_end) FROM ztc_network_assignment_pool WHERE network_id = $1", _myAddressStr);
+			pqxx::result r2 = w.exec_params("SELECT host(ip_range_start), host(ip_range_end) FROM ztc_network_assignment_pool WHERE network_id = $1", nwid);
 			
 			for (auto row2 = r2.begin(); row2 != r2.end(); row2++) {
 				json ip;
@@ -512,24 +512,27 @@ void PostgreSQL::initializeNetworks()
 				config["ipAssignmentPools"].push_back(ip);
 			}
 
-			r2 = w.exec_params("SELECT host(address), bits, host(via) FROM ztc_network_route WHERE network_id = $1", _myAddressStr);
+
+
+			r2 = w.exec_params("SELECT host(address), bits, host(via) FROM ztc_network_route WHERE network_id = $1", nwid);
 
 			for (auto row2 = r2.begin(); row2 != r2.end(); row2++) {
 				std::string addr = row2[0].as<std::string>();
 				std::string bits = row2[1].as<std::string>();
-				std::string via = row2[2].as<std::string>();
+
 				json route;
 				route["target"] = addr + "/" + bits;
 
-				if (via == "NULL") {
+				if (row[2].is_null()) {
 					route["via"] = nullptr;
 				} else {
-					route["via"] = via;
+					route["via"] = row[2].as<std::string>();
 				}
+				
 				config["routes"].push_back(route);
 			}
 
-			r2 = w.exec_params("SELECT domain, servers FROM ztc_network_dns WHERE network_id = $1", _myAddressStr);
+			r2 = w.exec_params("SELECT domain, servers FROM ztc_network_dns WHERE network_id = $1", nwid);
 			
 			if (r2.size() > 1) {
 				fprintf(stderr, "ERROR: invalid number of DNS configurations for network %s.  Must be 0 or 1\n", nwid.c_str());

From 0ed9db05d2af718014f4a6c6098ef0017d8816c7 Mon Sep 17 00:00:00 2001
From: Joseph Henry <joseph.henry@zerotier.com>
Date: Tue, 20 Jul 2021 19:06:47 -0700
Subject: [PATCH 6/6] Restore original ECHO rate limiting (changed for
 multipath)

---
 node/Peer.hpp | 30 +++++-------------------------
 1 file changed, 5 insertions(+), 25 deletions(-)

diff --git a/node/Peer.hpp b/node/Peer.hpp
index a064bf697..9d012cdbe 100644
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@@ -419,35 +419,15 @@ public:
 	}
 
 	/**
-	 * Rate limit gate for inbound ECHO requests. This rate limiter works
-	 * by draining a certain number of requests per unit time. Each peer may
-	 * theoretically receive up to ZT_ECHO_CUTOFF_LIMIT requests per second.
+	 * Rate limit gate for inbound ECHO requests
 	 */
 	inline bool rateGateEchoRequest(const int64_t now)
 	{
-		/*
-		// TODO: Rethink this
-		if (_canUseMultipath) {
-			_echoRequestCutoffCount++;
-			int numToDrain = (now - _lastEchoCheck) / ZT_ECHO_DRAINAGE_DIVISOR;
-			_lastEchoCheck = now;
-			fprintf(stderr, "ZT_ECHO_CUTOFF_LIMIT=%d, (now - _lastEchoCheck)=%d, numToDrain=%d, ZT_ECHO_DRAINAGE_DIVISOR=%d\n", ZT_ECHO_CUTOFF_LIMIT, (now - _lastEchoCheck), numToDrain, ZT_ECHO_DRAINAGE_DIVISOR);
-			if (_echoRequestCutoffCount > numToDrain) {
-				_echoRequestCutoffCount-=numToDrain;
-			}
-			else {
-				_echoRequestCutoffCount = 0;
-			}
-			return (_echoRequestCutoffCount < ZT_ECHO_CUTOFF_LIMIT);
-		} else {
-			if ((now - _lastEchoRequestReceived) >= (ZT_PEER_GENERAL_RATE_LIMIT)) {
-				_lastEchoRequestReceived = now;
-				return true;
-			}
-			return false;
+		if ((now - _lastEchoRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+			_lastEchoRequestReceived = now;
+			return true;
 		}
-		*/
-		return true;
+		return false;
 	}
 
 	/**