Commit Graph

155 Commits

Author SHA1 Message Date
Michał Zieliński
344a25c133 Run as nonroot user on Linux (with CAP_NET_ADMIN and CAP_NET_RAW added).
- ZT will only drop root privileges if zerotier-one user exists. It is created by
Debian postinst script - in other cases the user has to be created by administrator.
- Linux >=4.3 with ambient capabilities is required, otherwise ZT will silently
- "-U" option now also disables privileges dropping
2016-10-16 13:53:44 +02:00
Grant Limberg
e59ed3e68f Fix size of neighbor solicitation struct 2016-10-07 10:03:07 -07:00
Grant Limberg
69c5976775 fix typo in assert size 2016-10-04 17:35:52 -07:00
Adam Ierymenko
6651b8310e Merge branch 'dev' of http://10.6.6.2/zerotier/ZeroTierOne into dev 2016-09-30 13:47:40 -07:00
Adam Ierymenko
0843ed62fa Network delete fix. 2016-09-30 13:47:30 -07:00
Grant Limberg
d817039f79 Add IPv6 Neighbor Discovery code. Not yet tested. 2016-09-30 13:18:17 -07:00
Adam Ierymenko
2fc3d12fb6 Minor tweaks to member code in controller, and fix Linux build. 2016-09-29 14:48:39 -07:00
Adam Ierymenko
24fce0be86 No, definitely have to back out GitHub issue #385 (non-bisected routes) since this breaks IPv6 on OSX and probably IPv4 too if you were to encounter a 6-only situation. 2016-09-14 22:23:56 -07:00
Adam Ierymenko
8d0b2b781e Route management bug fixes. 2016-09-13 16:25:48 -07:00
Adam Ierymenko
5b6d27e659 Implement relay policy, and setting multicast limit to 0 now disables multicast on the network as would be expected. 2016-09-13 14:27:18 -07:00
Adam Ierymenko
ced8dfc639 Try a version of GitHub issue #385 (non-bifurcated default if not present) on Mac. This version adds the bifurcated routes always but also adds a device-specific non-bifurcated route. Will have to see if this still interferes with OSX route settings, since by definition device specific routes should not conflict with general routes. 2016-09-13 11:07:59 -07:00
Adam Ierymenko
34b146f28b Back out of GitHub issue #385 for now and maybe for this release. Would be nice but it is non-critical and rules are the priority. Current implementation bangs heads with OSX route assignment on WiFi join, etc. 2016-09-12 14:56:18 -07:00
Adam Ierymenko
fb46a546db Just always do route bifurcation on Linux for now... basically the old behavior. 2016-09-09 12:53:44 -07:00
Adam Ierymenko
d23ade879b Do not bifurcate if not replacing an existing route. (Still need to tie up Linux and Windows.) 2016-09-08 15:42:46 -07:00
Adam Ierymenko
b08ca49580 More controller work -- it builds! 2016-08-16 14:05:17 -07:00
Adam Ierymenko
22e44c762b More rules engine work: key/value pair matching for microsegmentation. 2016-07-28 10:58:10 -07:00
Adam Ierymenko
13100b245c Fix for running under MUSL libc (e.g. Alpine Linux) 2016-07-26 16:36:20 -07:00
Adam Ierymenko
ebe7e15475 sys/sysctl.h is required on OSX and probably other BSD 2016-07-21 19:21:51 -07:00
Adam Ierymenko
095aef5f30 Merge pull request #348 from the-maldridge/remove-sysctl
Remove explicit sys/sysctl.h includes
2016-07-21 15:16:22 -07:00
Adam Ierymenko
23391ff9da More OSX IPv6 fixes. 2016-07-12 09:22:04 -07:00
Adam Ierymenko
3f2b21ce71 Do not shadow our own route twice on Mac if there is no default route. (Fix for issue found during IPv6 default route override testing.) 2016-07-12 08:55:57 -07:00
Adam Ierymenko
912ee199ed Tiny fixes to LinuxEthernetTap 2016-07-07 16:10:36 -07:00
Michael Aldridge
1a89694980 Remove explicit sys/sysctl.h includes
Explicitly including sys/sysctl.h breaks the ability to build
against muslc.
2016-07-06 02:38:23 -05:00
Adam Ierymenko
32d9850263 More new CLI work. 2016-06-23 12:37:15 -07:00
Adam Ierymenko
e2ca239be0 Comment cleanup. 2016-06-21 14:38:15 -07:00
Adam Ierymenko
4f237687ce Route management now works on Windows, including default route override! 1.1.6 very close! 2016-06-21 13:54:03 -07:00
Adam Ierymenko
82473c85e0 Default route override and route management in general now works in Linux. 2016-06-21 12:32:58 -07:00
Adam Ierymenko
51ced0cf41 GitHub issue #338 2016-06-21 09:41:55 -07:00
Adam Ierymenko
6c4a444f29 GitHub issue #339 2016-06-21 09:40:53 -07:00
Adam Ierymenko
b2d048aa0e Make Dictionary templatable so it can be used where we want a higher capacity. 2016-06-21 07:32:58 -07:00
Adam Ierymenko
3ee15e65aa Tying up default route and route mgmt loose ends. It now periodically updates shadow routes so hopefully your link will stay up as you move around. 2016-06-17 13:14:48 -07:00
Adam Ierymenko
1bf1c38b30 Default route population works on Mac! 2016-06-16 18:23:33 -07:00
Adam Ierymenko
37afa876a7 Linux bug fixes, small controller fix. 2016-06-17 00:21:58 +00:00
Adam Ierymenko
2113c21fdc devicemap now works again in OSXEthernetTap 2016-06-16 14:09:09 -07:00
Adam Ierymenko
f41ea24e97 Build fixes. 2016-06-16 00:11:46 +00:00
Adam Ierymenko
3c655a4b84 Default route ready to test on Mac. 2016-06-15 15:46:57 -07:00
Adam Ierymenko
b90e66f7c7 ManagedRoute, which applies C++ RAII to injected routes. Move RoutingTable to attic. 2016-06-15 15:02:40 -07:00
Adam Ierymenko
4446dbde5e Big refactor in service code to prep for plumbing through route management. 2016-06-14 10:09:26 -07:00
Adam Ierymenko
536feb632c Support yet another old version of http-parser for CentOS/EPEL. 2016-06-08 15:09:09 -07:00
Adam Ierymenko
7e68791bee Fix include for system json-parser. 2016-06-08 12:57:22 -07:00
Adam Ierymenko
4da9d4e53a Fix build against Debian version of libhttp-parser -- its old but it will work. 2016-06-08 12:49:07 -07:00
Adam Ierymenko
0ca764968a Remove warnings, more Debian stuff, remove obsolete ui/ stuff. 2016-06-08 11:21:01 -07:00
Adam Ierymenko
c278f05181 RoutingTable build fixes. 2016-04-06 17:29:38 -07:00
Adam Ierymenko
61a9c27af0 Consolidate routing table code. 2016-04-06 17:14:05 -07:00
Adam Ierymenko
e9b2613d5f Put routing table code back in osdep/ 2016-04-06 16:57:37 -07:00
Adam Ierymenko
24469a7f43 . 2016-04-06 16:47:11 -07:00
Adam Ierymenko
504738b183 Binder for Windows, and use Binder to get local interface addresses to advertise. 2016-04-05 15:53:19 -07:00
Adam Ierymenko
32cd2a02c9 OneService now binds all ports to specific local interfaces instead of wildcard and rebinds on changes. (default route) 2016-04-05 15:44:08 -07:00
Adam Ierymenko
4a109658ab More refactoring and prep for explicit interface bindings (for default route support). 2016-04-05 11:59:46 -07:00
Adam Ierymenko
d8b89b0c86 Fix Cluster to send from a designated endpoint address instead of wildcard. 2016-04-05 10:47:13 -07:00