From 23f9baa9f22b65629f82a65e4eefc4e81a75bd8d Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Tue, 13 Apr 2021 13:18:21 -0700 Subject: [PATCH 01/15] Multiple image fixes: - Can now provide the following environment variables to populate secrets (nice for kubernetes, other situations) - ZEROTIER_API_SECRET: authtoken.secret - ZEROTIER_IDENTITY_PUBLIC: identity.public - ZEROTIER_IDENTITY_SECRET: identity.secret - Joining networks by providing them as a part of docker's "command" array should now work properly Signed-off-by: Erik Hollensbe --- Dockerfile.release | 4 +++- entrypoint.sh.release | 27 ++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/Dockerfile.release b/Dockerfile.release index 7d1fb8b1e..aa0d422cc 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -15,8 +15,10 @@ COPY --from=stage zerotier-one.deb . RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb RUN echo "${VERSION}" >/etc/zerotier-version +RUN rm -rf /var/lib/zerotier-one COPY entrypoint.sh.release /entrypoint.sh RUN chmod 755 /entrypoint.sh -CMD /entrypoint.sh +CMD [] +ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh.release b/entrypoint.sh.release index 8b7bd5e29..1683ad4c4 100644 --- a/entrypoint.sh.release +++ b/entrypoint.sh.release @@ -5,6 +5,31 @@ grepzt() { return $? } +mkztfile() { + file=$1 + mode=$2 + content=$3 + + mkdir -p /var/lib/zerotier-one + echo "$content" > "/var/lib/zerotier-one/$file" + chmod "$mode" "/var/lib/zerotier-one/$file" +} + +if [ "x$ZEROTIER_API_SECRET" != "x" ] +then + mkztfile authtoken.secret 0600 "$ZEROTIER_API_SECRET" +fi + +if [ "x$ZEROTIER_IDENTITY_PUBLIC" != "x" ] +then + mkztfile identity.public 0644 "$ZEROTIER_IDENTITY_PUBLIC" +fi + +if [ "x$ZEROTIER_IDENTITY_SECRET" != "x" ] +then + mkztfile identity.secret 0600 "$ZEROTIER_IDENTITY_SECRET" +fi + echo "starting zerotier" setsid /usr/sbin/zerotier-one & @@ -14,7 +39,7 @@ do sleep 1 done -echo "joining networks" +echo "joining networks: $@" for i in "$@" do From b70c5b94bd69d6c9a40e2a97aea9a8b30cf84da0 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 13 Apr 2021 16:59:47 -0400 Subject: [PATCH 02/15] 1.6.5 version bump --- RELEASE-NOTES.md | 6 ++++++ debian/changelog | 8 ++++++++ ext/installfiles/mac/ZeroTier One.pkgproj | 2 +- version.h | 2 +- windows/WinUI/AboutView.xaml | 2 +- zerotier-one.spec | 5 ++++- 6 files changed, 21 insertions(+), 4 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index f152d310b..5b3ccb85c 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,6 +1,12 @@ ZeroTier Release Notes ====== +# 2021-04-13 -- Version 1.6.5 + + * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects. + * Fix a printf overflow in zerotier-cli (not exploitable or a security risk) + * Windows now looks up the name of ZeroTier devices instead of relying on them having "ZeroTier" in them. + # 2021-02-15 -- Version 1.6.4 * The groundhog saw his shadow, which meant that the "connection coma" bug still wasn't gone. We think we found it this time. diff --git a/debian/changelog b/debian/changelog index 675480f69..52593f067 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +zerotier-one (1.6.5) unstable; urgency=medium + + * Fix path filtering bug that could cause "software laser" effect. + * Fix printf overflow in CLI (not exploitable or security related) + * Fix Windows device enumeration issue. + + -- Adam Ierymenko Tue, 13 Apr 2021 01:00:00 -0700 + zerotier-one (1.6.4) unstable; urgency=medium * REALLY fix a problem causing nodes to go into a "coma" with some network configurations. diff --git a/ext/installfiles/mac/ZeroTier One.pkgproj b/ext/installfiles/mac/ZeroTier One.pkgproj index f50bd5fa6..fcc1676c0 100755 --- a/ext/installfiles/mac/ZeroTier One.pkgproj +++ b/ext/installfiles/mac/ZeroTier One.pkgproj @@ -689,7 +689,7 @@ USE_HFS+_COMPRESSION VERSION - 1.6.4 + 1.6.5 TYPE 0 diff --git a/version.h b/version.h index f9f8ed663..d6c2612e0 100644 --- a/version.h +++ b/version.h @@ -27,7 +27,7 @@ /** * Revision */ -#define ZEROTIER_ONE_VERSION_REVISION 4 +#define ZEROTIER_ONE_VERSION_REVISION 5 /** * Build version diff --git a/windows/WinUI/AboutView.xaml b/windows/WinUI/AboutView.xaml index 63ea720fa..cbebc2c5a 100644 --- a/windows/WinUI/AboutView.xaml +++ b/windows/WinUI/AboutView.xaml @@ -19,7 +19,7 @@ - + diff --git a/zerotier-one.spec b/zerotier-one.spec index 2721002ba..cdad9b51b 100644 --- a/zerotier-one.spec +++ b/zerotier-one.spec @@ -1,5 +1,5 @@ Name: zerotier-one -Version: 1.6.4 +Version: 1.6.5 Release: 1%{?dist} Summary: ZeroTier network virtualization service @@ -152,6 +152,9 @@ esac %endif %changelog +* Tue Apr 13 2021 Adam Ierymenko - 1.6.5 +- see https://github.com/zerotier/ZeroTierOne for release notes + * Mon Feb 15 2021 Adam Ierymenko - 1.6.4 - see https://github.com/zerotier/ZeroTierOne for release notes From df0007d532de13836f6ad05ae737c47cca9e7a7a Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 14 Apr 2021 12:25:35 -0400 Subject: [PATCH 03/15] Update hard-coded default planet to latest. --- node/Topology.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/node/Topology.cpp b/node/Topology.cpp index 9402ad2a2..68cdb2a23 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -22,8 +22,8 @@ namespace ZeroTier { -#define ZT_DEFAULT_WORLD_LENGTH 674 -static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x6c,0xf9,0x10,0xd4,0x79,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x3e,0x3a,0xe9,0xeb,0x4e,0x78,0x27,0xb8,0xeb,0x78,0xe7,0x0f,0x64,0xa0,0x14,0xce,0x3d,0x30,0x21,0x96,0x23,0x9d,0x07,0x85,0xa4,0x0b,0xc6,0xf3,0x03,0x48,0x12,0x66,0x09,0x2a,0x6f,0xa1,0x5b,0x55,0x71,0x43,0xe7,0x2d,0xb3,0xfc,0xfc,0x8e,0x6f,0xe5,0xbb,0x5d,0x80,0x76,0x28,0x8d,0x32,0x87,0x24,0x3e,0x59,0x32,0x3d,0x9f,0xd1,0x00,0x54,0xd4,0xa2,0x90,0x0d,0xfc,0x3a,0xc9,0x5e,0xd8,0x6b,0x11,0x24,0xf9,0x70,0x8b,0x6e,0xd9,0x09,0xec,0xce,0x59,0x06,0xa6,0x73,0xf4,0x46,0x34,0x45,0xcd,0x57,0x44,0x04,0x3a,0x46,0xf1,0xbf,0x30,0x00,0x76,0xe6,0x6f,0xab,0x33,0xe2,0x85,0x49,0xa6,0x2e,0xe2,0x06,0x4d,0x18,0x43,0x27,0x3c,0x2c,0x30,0x0b,0xa4,0x5c,0x3f,0x20,0xbe,0xf0,0x2d,0xba,0xd2,0x25,0x72,0x3b,0xb5,0x9a,0x9b,0xb4,0xb1,0x35,0x35,0x73,0x09,0x61,0xae,0xec,0xf5,0xa1,0x63,0xac,0xe4,0x77,0xcc,0xeb,0x07,0x27,0x02,0x5b,0x99,0xac,0x14,0xa5,0x16,0x6a,0x09,0xa3,0x00,0x04,0x04,0xb9,0xb4,0x0d,0x52,0x27,0x09,0x06,0x2a,0x02,0x6e,0xa0,0xc8,0x15,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x27,0x09,0x04,0xb9,0xb4,0x0d,0x52,0x01,0xbb,0x06,0x2a,0x02,0x6e,0xa0,0xc8,0x15,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xbb,0xde,0x89,0x50,0xa8,0xb2,0x00,0x1b,0x3a,0xda,0x82,0x51,0xb9,0x1b,0x6b,0x6f,0xa6,0x53,0x5b,0x8c,0x7e,0x24,0x60,0x91,0x8f,0x4f,0x72,0x9a,0xbd,0xec,0x97,0xd3,0xc7,0xf3,0x79,0x68,0x68,0xfb,0x02,0xf0,0xde,0x0b,0x0e,0xe5,0x54,0xb2,0xd5,0x9f,0xc3,0x52,0x47,0x43,0xee,0xbf,0xcf,0x53,0x15,0xe7,0x90,0xed,0x6d,0x92,0xdb,0x5b,0xd1,0x0c,0x28,0xc0,0x9b,0x40,0xef,0x00,0x04,0x04,0xcf,0xf6,0x49,0xf5,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x90,0x02,0x05,0xcb,0x0e,0xc4,0x7a,0xff,0xfe,0x8f,0x69,0xd9,0x27,0x09,0x04,0xcf,0xf6,0x49,0xf5,0x01,0xbb,0x06,0x20,0x01,0x19,0xf0,0x90,0x02,0x05,0xcb,0x0e,0xc4,0x7a,0xff,0xfe,0x8f,0x69,0xd9,0x01,0xbb,0x34,0xe0,0xa5,0xe1,0x74,0x00,0x93,0xef,0xb5,0x09,0x34,0x78,0x8f,0x85,0x6d,0x5c,0xfb,0x9c,0xa5,0xbe,0x88,0xe8,0x5b,0x40,0x96,0x55,0x86,0xb7,0x5b,0xef,0xac,0x90,0x0d,0xf7,0x73,0x52,0xc1,0x45,0xa1,0xba,0x70,0x07,0x56,0x9d,0x37,0xc7,0x7b,0xfe,0x52,0xc0,0x99,0x9f,0x3b,0xdc,0x67,0xa4,0x7a,0x4a,0x60,0x00,0xb7,0x20,0xa8,0x83,0xce,0x47,0xaa,0x2f,0xb7,0xf8,0x00,0x04,0x04,0x93,0x4b,0x5c,0x02,0x27,0x09,0x06,0x26,0x04,0x13,0x80,0x30,0x00,0x71,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x27,0x09,0x04,0x93,0x4b,0x5c,0x02,0x01,0xbb,0x06,0x26,0x04,0x13,0x80,0x30,0x00,0x71,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x01,0xbb,0x99,0x2f,0xcf,0x1d,0xb7,0x00,0x20,0x6e,0xd5,0x93,0x50,0xb3,0x19,0x16,0xf7,0x49,0xa1,0xf8,0x5d,0xff,0xb3,0xa8,0x78,0x7d,0xcb,0xf8,0x3b,0x8c,0x6e,0x94,0x48,0xd4,0xe3,0xea,0x0e,0x33,0x69,0x30,0x1b,0xe7,0x16,0xc3,0x60,0x93,0x44,0xa9,0xd1,0x53,0x38,0x50,0xfb,0x44,0x60,0xc5,0x0a,0xf4,0x33,0x22,0xbc,0xfc,0x8e,0x13,0xd3,0x30,0x1a,0x1f,0x10,0x03,0xce,0xb6,0x00,0x04,0x04,0xc3,0xb5,0xad,0x9f,0x27,0x09,0x06,0x2a,0x02,0x6e,0xa0,0xc0,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x27,0x09,0x04,0xc3,0xb5,0xad,0x9f,0x01,0xbb,0x06,0x2a,0x02,0x6e,0xa0,0xc0,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xbb}; +#define ZT_DEFAULT_WORLD_LENGTH 570 +static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x78,0xcc,0x8e,0xf8,0xcb,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x31,0xdc,0x40,0xa9,0xc7,0xb5,0xd2,0xf9,0x8e,0xd9,0x7b,0xf6,0x41,0x27,0x29,0x02,0xb6,0xb3,0x34,0x6f,0x56,0x16,0x11,0x45,0x82,0x44,0x55,0x85,0x78,0x79,0xb9,0x30,0xcb,0x01,0x51,0x15,0x49,0xf3,0x38,0x24,0xd8,0xd4,0x78,0x7d,0x77,0x23,0xda,0xc3,0x51,0x50,0x0b,0xe7,0xdf,0x5b,0x8f,0x72,0xdd,0x25,0x81,0xa5,0x0b,0x4a,0x36,0x01,0x46,0x85,0x95,0xbe,0x4d,0x5e,0xe6,0x3b,0x46,0xc2,0x9b,0x15,0x3c,0x43,0x8a,0x30,0xe0,0xa2,0xbf,0xba,0x1a,0x57,0xfc,0x98,0x7b,0x42,0x71,0xde,0x9c,0x53,0x6c,0x00,0x04,0x61,0xd2,0x94,0xb9,0xcb,0x00,0xe6,0x53,0xef,0x7a,0xd9,0x25,0x59,0x52,0xb7,0xc9,0xfc,0xa1,0x68,0x6d,0x3b,0x17,0xc6,0x10,0xb0,0x4e,0x6b,0x6c,0x82,0xd2,0xd3,0x7c,0xd3,0xa6,0xef,0xb2,0x56,0x3d,0x57,0x7f,0x81,0x22,0x24,0x37,0x62,0x02,0x09,0xe9,0x23,0x48,0xad,0x33,0x7b,0xd1,0x91,0xac,0x00,0xb7,0x49,0x2c,0xfd,0x55,0xce,0x0f,0xa0,0x36,0xd8,0xc5,0x62,0x83,0x00,0x02,0x04,0x32,0x07,0x49,0x22,0x27,0x09,0x06,0x20,0x01,0x49,0xf0,0xd0,0x02,0x00,0x06,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x77,0x8c,0xde,0x71,0x90,0x00,0x3f,0x66,0x81,0xa9,0x9e,0x5a,0xd1,0x89,0x5e,0x9f,0xba,0x33,0xe6,0x21,0x2d,0x44,0x54,0xe1,0x68,0xbc,0xec,0x71,0x12,0x10,0x1b,0xf0,0x00,0x95,0x6e,0xd8,0xe9,0x2e,0x42,0x89,0x2c,0xb6,0xf2,0xec,0x41,0x08,0x81,0xa8,0x4a,0xb1,0x9d,0xa5,0x0e,0x12,0x87,0xba,0x3d,0x92,0x6c,0x3a,0x1f,0x75,0x5c,0xcc,0xf2,0x99,0xa1,0x20,0x70,0x55,0x00,0x02,0x04,0x67,0xc3,0x67,0x42,0x27,0x09,0x06,0x26,0x05,0x98,0x80,0x04,0x00,0x00,0xc3,0x02,0x54,0xf2,0xbc,0xa1,0xf7,0x00,0x19,0x27,0x09,0x62,0xf8,0x65,0xae,0x71,0x00,0xe2,0x07,0x6c,0x57,0xde,0x87,0x0e,0x62,0x88,0xd7,0xd5,0xe7,0x40,0x44,0x08,0xb1,0x54,0x5e,0xfc,0xa3,0x7d,0x67,0xf7,0x7b,0x87,0xe9,0xe5,0x41,0x68,0xc2,0x5d,0x3e,0xf1,0xa9,0xab,0xf2,0x90,0x5e,0xa5,0xe7,0x85,0xc0,0x1d,0xff,0x23,0x88,0x7a,0xd4,0x23,0x2d,0x95,0xc7,0xa8,0xfd,0x2c,0x27,0x11,0x1a,0x72,0xbd,0x15,0x93,0x22,0xdc,0x00,0x02,0x04,0x32,0x07,0xfc,0x8a,0x27,0x09,0x06,0x20,0x01,0x49,0xf0,0xd0,0xdb,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x99,0x2f,0xcf,0x1d,0xb7,0x00,0x20,0x6e,0xd5,0x93,0x50,0xb3,0x19,0x16,0xf7,0x49,0xa1,0xf8,0x5d,0xff,0xb3,0xa8,0x78,0x7d,0xcb,0xf8,0x3b,0x8c,0x6e,0x94,0x48,0xd4,0xe3,0xea,0x0e,0x33,0x69,0x30,0x1b,0xe7,0x16,0xc3,0x60,0x93,0x44,0xa9,0xd1,0x53,0x38,0x50,0xfb,0x44,0x60,0xc5,0x0a,0xf4,0x33,0x22,0xbc,0xfc,0x8e,0x13,0xd3,0x30,0x1a,0x1f,0x10,0x03,0xce,0xb6,0x00,0x02,0x04,0xc3,0xb5,0xad,0x9f,0x27,0x09,0x06,0x2a,0x02,0x6e,0xa0,0xc0,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x27,0x09}; Topology::Topology(const RuntimeEnvironment *renv,void *tPtr) : RR(renv), From ee0e306685a9b38b36396c5348ef3de2e525fea1 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 20 Apr 2021 14:56:33 -0400 Subject: [PATCH 04/15] Windows version bump. --- ext/installfiles/windows/ZeroTier One.aip | 32 +++++++++++++---------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/ext/installfiles/windows/ZeroTier One.aip b/ext/installfiles/windows/ZeroTier One.aip index 5f76f4e5c..ba7873e24 100644 --- a/ext/installfiles/windows/ZeroTier One.aip +++ b/ext/installfiles/windows/ZeroTier One.aip @@ -17,7 +17,6 @@ - @@ -26,10 +25,10 @@ - + - + @@ -62,8 +61,8 @@ - - + + @@ -110,6 +109,9 @@ + + + @@ -319,9 +321,6 @@ - - - @@ -337,6 +336,9 @@ + + + @@ -359,7 +361,6 @@ - @@ -379,7 +380,7 @@ - + @@ -388,6 +389,7 @@ + @@ -420,21 +422,23 @@ + - + + - - + + @@ -479,7 +483,7 @@ - + From 31ffe4403c277e7c3ae446bb875514f691cab8d8 Mon Sep 17 00:00:00 2001 From: "Robert.Schreib" Date: Wed, 21 Apr 2021 12:02:31 +0200 Subject: [PATCH 06/15] Check if DNS servers need to be Applied on macOS --- osdep/MacDNSHelper.mm | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/osdep/MacDNSHelper.mm b/osdep/MacDNSHelper.mm index c50de7915..89384ba28 100644 --- a/osdep/MacDNSHelper.mm +++ b/osdep/MacDNSHelper.mm @@ -39,18 +39,22 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector Date: Wed, 21 Apr 2021 12:30:51 +0100 Subject: [PATCH 07/15] Reorder Linux TAP link sequence This corrects the flow for bringing up a TAP device under Linux. Closes #1314 --- osdep/LinuxEthernetTap.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/osdep/LinuxEthernetTap.cpp b/osdep/LinuxEthernetTap.cpp index a2a942dcc..f97f67c2d 100644 --- a/osdep/LinuxEthernetTap.cpp +++ b/osdep/LinuxEthernetTap.cpp @@ -207,12 +207,6 @@ LinuxEthernetTap::LinuxEthernetTap( printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); return; } - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) { - ::close(sock); - printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); - return; - } // Some kernel versions seem to require you to yield while the device comes up // before they will accept MTU and MAC. For others it doesn't matter, but is @@ -235,6 +229,13 @@ LinuxEthernetTap::LinuxEthernetTap( return; } + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) { + ::close(sock); + printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); + return; + } + fcntl(_fd,F_SETFL,O_NONBLOCK); ::close(sock); From 4e8640b380cf407cbf442f8d37759339e345ace0 Mon Sep 17 00:00:00 2001 From: "Robert.Schreib" Date: Wed, 21 Apr 2021 13:49:55 +0200 Subject: [PATCH 08/15] Handle case where no old DNS servers exist --- osdep/MacDNSHelper.mm | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/osdep/MacDNSHelper.mm b/osdep/MacDNSHelper.mm index 89384ba28..38e74dc3f 100644 --- a/osdep/MacDNSHelper.mm +++ b/osdep/MacDNSHelper.mm @@ -40,9 +40,13 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector 0) { + oldDNSServers = SCDynamicStoreCopyValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i)); + dnsServersChanged = !CFEqual(oldDNSServers,dict); + } + if (dnsServersChanged) { bool ret = TRUE; if (j <= 0) { ret &= SCDynamicStoreAddValue(ds, key, dict); @@ -53,8 +57,9 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector Date: Wed, 21 Apr 2021 20:45:17 +0100 Subject: [PATCH 09/15] Revert "Reorder Linux TAP link sequence" This reverts commit 9374e45449ffe5c377e4cb2a346129ec598eeea9. --- osdep/LinuxEthernetTap.cpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/osdep/LinuxEthernetTap.cpp b/osdep/LinuxEthernetTap.cpp index f97f67c2d..a2a942dcc 100644 --- a/osdep/LinuxEthernetTap.cpp +++ b/osdep/LinuxEthernetTap.cpp @@ -207,6 +207,12 @@ LinuxEthernetTap::LinuxEthernetTap( printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); return; } + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) { + ::close(sock); + printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); + return; + } // Some kernel versions seem to require you to yield while the device comes up // before they will accept MTU and MAC. For others it doesn't matter, but is @@ -229,13 +235,6 @@ LinuxEthernetTap::LinuxEthernetTap( return; } - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) { - ::close(sock); - printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); - return; - } - fcntl(_fd,F_SETFL,O_NONBLOCK); ::close(sock); From bac57e355d1bb468aea812ef6f46315332e54b16 Mon Sep 17 00:00:00 2001 From: Jonathon Fernyhough Date: Wed, 21 Apr 2021 20:46:13 +0100 Subject: [PATCH 10/15] Set MAC address before bringing up Linux TAP link This corrects the flow for bringing up a TAP device under Linux by setting the device MAC address prior to bringing up the device. Closes #1314 --- osdep/LinuxEthernetTap.cpp | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/osdep/LinuxEthernetTap.cpp b/osdep/LinuxEthernetTap.cpp index a2a942dcc..17f2b0df9 100644 --- a/osdep/LinuxEthernetTap.cpp +++ b/osdep/LinuxEthernetTap.cpp @@ -207,6 +207,15 @@ LinuxEthernetTap::LinuxEthernetTap( printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n"); return; } + + ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER; + _mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6); + if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) { + ::close(sock); + printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n"); + return; + } + ifr.ifr_flags |= IFF_UP; if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) { ::close(sock); @@ -220,14 +229,6 @@ LinuxEthernetTap::LinuxEthernetTap( // main ZeroTier loop. usleep(500000); - ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER; - _mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6); - if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) { - ::close(sock); - printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n"); - return; - } - ifr.ifr_ifru.ifru_mtu = (int)_mtu; if (ioctl(sock,SIOCSIFMTU,(void *)&ifr) < 0) { ::close(sock); From 54680a6edcba5e9e04169f3dbe31139a642340ee Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 21 Apr 2021 18:54:11 -0400 Subject: [PATCH 11/15] Revert "Update zttap300.inf" This reverts commit 3af693af34256de45591898346721cf6ffe85391. --- ext/bin/tap-windows-ndis6/x86/zttap300.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/bin/tap-windows-ndis6/x86/zttap300.inf b/ext/bin/tap-windows-ndis6/x86/zttap300.inf index 76ba896e3..a562e9d64 100644 --- a/ext/bin/tap-windows-ndis6/x86/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x86/zttap300.inf @@ -67,7 +67,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" From 4a7c156bf864d46464ba3d73a0555f10c091c216 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 21 Apr 2021 18:54:27 -0400 Subject: [PATCH 12/15] Revert "Removed language from comments" This reverts commit 0a18e66a83580555e08f1bd4c1807a1dac3bf628. --- ext/bin/tap-windows-ndis6/x64/zttap300.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/bin/tap-windows-ndis6/x64/zttap300.inf b/ext/bin/tap-windows-ndis6/x64/zttap300.inf index 944492ca6..e05038dae 100644 --- a/ext/bin/tap-windows-ndis6/x64/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x64/zttap300.inf @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" From 50703534b16bc66e6df2c0eb13e8bbbe63951904 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 21 Apr 2021 18:54:43 -0400 Subject: [PATCH 13/15] Revert "Removed language from comments" This reverts commit 57a225cb390265d27bd67cae91f190ba33969fb8. --- ext/bin/tap-windows-ndis6/x64.old/zttap300.inf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf b/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf index dbc492b5f..453797b38 100644 --- a/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf @@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557 [Strings] DeviceDescription = "ZeroTier One Virtual Port" -Provider = "ZeroTier Networks LLC" +Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat. ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back! [Manufacturer] @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" From ed8fe8990b0bfbf07ba38d6b3a510c57978215cc Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 21 Apr 2021 18:54:59 -0400 Subject: [PATCH 14/15] Revert "Removed language from comments" This reverts commit 1bd19239648ce30e1bfdf2ec16c0dcad79650557. --- ext/bin/tap-windows-ndis6/x86.old/zttap300.inf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf b/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf index dbc492b5f..453797b38 100644 --- a/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf @@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557 [Strings] DeviceDescription = "ZeroTier One Virtual Port" -Provider = "ZeroTier Networks LLC" +Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat. ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back! [Manufacturer] @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" From d2974f2e601e27a577de46d2b916a093a1b2fb01 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 28 Apr 2021 16:16:02 -0400 Subject: [PATCH 15/15] Do not inherit open file descriptors on fork() in MacEthernetTapAgent --- osdep/MacEthernetTapAgent.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/osdep/MacEthernetTapAgent.c b/osdep/MacEthernetTapAgent.c index 3a44eadd2..cb37c78b1 100644 --- a/osdep/MacEthernetTapAgent.c +++ b/osdep/MacEthernetTapAgent.c @@ -64,6 +64,7 @@ #include #include #include +#include #include #include #include @@ -181,6 +182,14 @@ static void die() run("/sbin/ifconfig",s_peerDeviceName,"destroy",(char *)0); } +static inline void close_inherited_fds() +{ + struct rlimit lim; + getrlimit(RLIMIT_NOFILE, &lim); + for (int i=3,j=(int)lim.rlim_cur;i