* Exit if loading an invalid identity from disk
Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened. When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only. In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.
ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056
* add validation test for #2056
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* Rename zt_packet_incoming -> zt_packet
Also consolidate zt_peer_packets into a single metric with tx and rx labels. Same for ztc_tcp_data and ztc_udp_data
* Further collapse tcp & udp into metric labels for zt_data
* Fix zt_data metric description
* zt_peer_packets description fix
* Consolidate incoming/outgoing network packets to a single metric
* zt_incoming_packet_error -> zt_packet_error
* Disable peer metrics for central controllers
Can change in the future if needed, but given the traffic our controllers serve, that's going to be a *lot* of data
* Disable peer metrics for controllers pt 2
* Adding peer metrics
still need to be wired up for use
* per peer packet metrics
* Fix crash from bad instantiation of histogram
* separate alive & dead path counts
* Add peer metric update block
* add peer latency values in doPingAndKeepalive
* prevent deadlock
* peer latency histogram actually works now
* cleanup
* capture counts of packets to specific peers
---------
Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
* allow specifying authtoken in central startup
* set allowManagedFrom
* move redis_mem_notification to the correct place
* add node checkins metric
* wire up min/max connection pool size metrics
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix#1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
---------
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
ARM Cryptography Extension is optional and not all ARM CPUs support it.
For example, the CPU in Raspberry Pi 4 does not support it.
Check for `__ARM_FEATURE_CRYPTO` before attempting to use the optional
extension.
`__ARM_FEATURE_CRYPTO` is defined by both clang and gcc when the target
has the cryptography extension.
Fixes#1854.
Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different
Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
Xcode warns about "Possible misuse of comma operator here".
Comma is a sequencing operator in C++ and original code does work, but
is highly non-idiomatic.
Surface Addresses are the addresses that
the roots report back to you.
This is helpful for trouble shooting.
If you're behind NAT, the source port is different
than what zerotier is bound to.
If the list of surface address ports is larger than the list of
bound addresses, you are probably behind symmetric NAT.
Anways this can be added to later with a more simple
"easy" or "hard" nat computed message somewhere.
