Adam Ierymenko
70f37962cf
Backport AES fixes for compiler, arch, and splitting into separate files.
2020-10-20 18:50:28 -04:00
Adam Ierymenko
8d83b9b7c5
Revert change to path quality to fix IPv6 issue in beta. We will rework this in 2.x.
2020-10-14 20:41:58 -04:00
Adam Ierymenko
2c75be0d64
Do not always enable SSE4 on X64 due to old Atom chips. Enable instead only for AES-NI code which is only run if AES-NI is present, which it is not on these old chips.
2020-10-13 16:08:30 -04:00
Grant Limberg
ee04118172
null check
2020-10-13 08:24:36 -07:00
Adam Ierymenko
fe1ce885a0
Version 1.6.0 (1.5.0 is a beta!) is a significant release that incorporates a number of back-ported fixes and features from the ZeroTier 2.0 tree.
...
Major new features are:
* **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
* **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
* **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
Known issues that are not yet fixed in this beta:
* Some Mac users have reported periods of 100% CPU in kernel_task and connection instability after leaving networks that have been joined for a period of time, or needing to kill ZeroTier and restart it to finish leaving a network. This doesn't appear to affect all users and we haven't diagnosed the root cause yet.
* The service sometimes hangs on shutdown requiring a kill -9. This also does not affect all systems or users.
* AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
* Some users have reported multicast/broadcast outages on networks lasting up to 30 seconds. Still investigating.
We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
2020-10-08 18:10:13 -04:00
Adam Ierymenko
24769219b5
Merge branch 'dev'
2020-10-08 18:08:24 -04:00
Adam Ierymenko
da6fe18e17
Merge branch 'master' of github.com:zerotier/ZeroTierOne
2020-10-08 18:08:18 -04:00
Adam Ierymenko
a973a6e10e
Leave feth devices over feth10000 alone.
2020-10-08 12:04:57 -04:00
Adam Ierymenko
5bc64c4c4e
Windows build fixes and version bump in Advanced Installer.
2020-10-07 15:56:00 -07:00
Travis LaDuke
bd92990165
Update feature_request.md
2020-10-07 10:36:04 -07:00
Adam Ierymenko
e26a8be3df
Be more consistent about versioning.
2020-10-07 11:55:47 -04:00
Adam Ierymenko
3ef1c8e3fa
Use 1.5.0 for package version for centos.
2020-10-06 23:31:20 -04:00
Adam Ierymenko
0ab4b903f4
Cert and codesign tweaks, release notes.
2020-10-06 18:09:51 -04:00
Adam Ierymenko
b2ea5aa747
Version bump to 1.5.0 internally and 1.6.0-beta1 in packages.
2020-10-05 20:23:52 -04:00
Grant Limberg
c80843e496
Revert "remove redundant writes when changes come from Central"
...
This reverts commit f9396f979f
.
2020-10-05 13:32:47 -07:00
Grant Limberg
f9396f979f
remove redundant writes when changes come from Central
...
network & member changes tagged with `"fromCentral": true` will not be rewritten to the db
2020-10-05 11:03:03 -07:00
Adam Ierymenko
610d4ff016
Remove old tap kext from normal pkg as it is too old to be notarized (signature too old, not sure if we can sign again as kexts are being deprecated). It is only used on very old MacOS versions that are rolling off support.
2020-10-02 18:42:40 -04:00
Adam Ierymenko
f16421225d
Enable hardened executable mode on Mac, should be fine...
2020-10-02 18:36:24 -04:00
Adam Ierymenko
d82b3684ac
Enable RV64
2020-09-30 21:17:04 -04:00
Adam Ierymenko
d7e5a92fe6
Increase debian build parallelism.
2020-09-30 17:39:15 -07:00
Adam Ierymenko
bb45f9ca3c
Upgrade cpp-httplib
2020-09-30 15:21:58 -04:00
Adam Ierymenko
c7dcbba442
Add an AES benchmark to 1.6 (backport)
2020-09-29 18:34:58 -04:00
Adam Ierymenko
255dee7a5e
MacOS build fixes.
2020-09-25 14:32:53 -04:00
Adam Ierymenko
c86418934c
PATH_MAX is not defined on some Linux systems.
2020-09-23 22:06:22 -04:00
Adam Ierymenko
70efa5f606
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev
2020-09-23 21:59:14 -04:00
Adam Ierymenko
69b2fcd5af
Get rid of obsolete musl libc fix.
2020-09-23 21:58:51 -04:00
Adam Ierymenko
1f93099e1a
Get rid of obsolete musl libc fix.
2020-09-23 21:58:28 -04:00
Joseph Henry
b3331c5ec2
Fix buffer overflow in windows tap driver
2020-09-23 15:31:20 -07:00
Grant Limberg
ff23d3051f
self hosted controller JSON format fix for DNS
2020-09-23 12:16:23 -07:00
Grant Limberg
7d8cfb1fee
more magic incantations to make crypto extensions work on Android/ARM64
2020-09-22 10:28:31 -07:00
Grant Limberg
8131680735
AES-NI enabled for Android ARM64
2020-09-22 08:04:16 -07:00
Grant Limberg
9e6dba9066
Enable AES-NI on Android X86-64
...
Need to find the magic incantation to enable it on ARM64 still
2020-09-21 18:05:25 -07:00
Grant Limberg
0f2887265c
AES-NI/NEON detection for iOS
...
Requires 64-bit CPU
2020-09-21 13:18:05 -07:00
Adam Ierymenko
1ff45020e2
Prefer IPv6 if all else is equal.
2020-09-18 16:27:41 -04:00
Grant Limberg
45c5abe05b
add Allow DNS settings to win UI
2020-09-18 10:12:11 -07:00
Grant Limberg
e7dafb3ae6
allow DNS field for mac UI
2020-09-18 09:30:43 -07:00
Adam Ierymenko
04f6140da6
AES builds and works now on ARM64.
2020-09-16 22:47:13 +00:00
Grant Limberg
afcbc6dd9f
clean up some error output
2020-09-16 10:54:14 -07:00
Grant Limberg
4da9bed4fa
add 'dump' to cli help
2020-09-16 10:52:23 -07:00
Grant Limberg
221e4ecb12
Add "documentation" networks as IP_SCOPE_PRIVATE
...
https://en.wikipedia.org/wiki/Reserved_IP_addresses
2020-09-16 10:24:36 -07:00
Grant Limberg
1883a8c9ee
Set 198.18.0.0/15 to IP_SCOPE_PRIVATE
2020-09-16 10:15:42 -07:00
Grant Limberg
83d92858c1
Merge branch 'dump' into dev
2020-09-16 10:04:01 -07:00
Grant Limberg
cff3152985
windows create dump file on desktop
2020-09-16 10:03:03 -07:00
Grant Limberg
5090e95003
dump basics to stdout on other platforms
2020-09-15 16:50:55 -07:00
Grant Limberg
927aeb15f6
macos output dump to file if possible
...
if not, write to stdout
2020-09-15 16:50:00 -07:00
Grant Limberg
361ca1e8b4
add link to CoreServices framework
2020-09-15 16:49:19 -07:00
Adam Ierymenko
9adf656db5
Merge branch 'dev' of http://git.int.zerotier.com/zerotier/ZeroTierOne into dev
2020-09-14 20:44:46 -04:00
Adam Ierymenko
7219ca0c0f
AES works! Only with this or newer nodes. Uses salsa with older ones as usual.
2020-09-14 20:44:21 -04:00
Grant Limberg
3a75950ff4
Merge branch 'dump' into dev
2020-09-14 15:25:34 -07:00
Joseph Henry
fa86b8bae0
Change ZT_MULTIPATH_FLOW_EXPIRATION_INTERVAL from 30 seconds to 5 minutes
2020-09-14 15:22:06 -07:00