Commit Graph

4831 Commits

Author SHA1 Message Date
Adam Ierymenko
bbed93bcf4 * Features and Core Improvements
* Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
    * This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons.
    * Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. Most users won't want this, but it's useful for specialized use cases on hub-and-spoke networks and for low-power devices.
    * Cryptographic performance improvements on several platforms.
    * Multithreaded performance improvements throughout the code base, including the use of an inline lightweight spinlock for low-contention resources.
 * Bugs fixed
    * Disappearing routes on Mac (GitHub issue #600)
    * Route flapping and path instability in some dual-stack V4/V6 networks
    * Blacklist (in local.conf) doesn't work reliably (GitHub issue #656)
    * Connection instabilities due to unsigned integer overflows in timing comparisons (use int64_t instead of uint64_t)
    * Binaries don't run on some older or lower-end 32-bit ARM chips (build problem)
    * ARM NEON crypto code crashes (build problem)
    * Fixed some lock ordering issues revealed by "valgrind" tool
    * The "zerotier-idtool" command could not be accessed from "zerotier-one" via command line switch
    * Leaking sockets on some platforms when uPnP/NAT-PMP is enabled
    * Fixed two very rare multithreading issues that were only observed on certain systems
 * Platform-Specific Changes
    * MacOS
        * Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop). On High Sierra and newer kexts must be authorized at the console via security settings system preferences pane.
    * Windows
        * The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs across groups of machines using IT management and provisioning tools.
        * The Windows official packages are now signed with an EV certificate (with hardware key).
        * The Windows UI can now log into ZeroTier Central and join networks via the Central API.
        * The `zerotier-idtool` command should now work on Windows without ugly hacks.
        * Upgraded the installer version.
        * Made a few changes to hopefully fix sporadic "will not uninstall" problems, though we cannot duplicate these issues ourselves.
    * Linux
        * Device names are now generated deterministically based on network IDs for all newly joined networks.
    * Android
        * Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
        * IPv6 can be disabled in UI for cases where it causes problems.
2018-04-17 13:30:37 -07:00
Adam Ierymenko
8900b30b6e Windows installer tweaks and version bumps. 2018-04-17 12:47:33 -07:00
Adam Ierymenko
ae4fb799e4 More versioning 2018-04-17 12:14:59 -07:00
Adam Ierymenko
3f1d1fb3c3 'versioning' 2018-04-17 12:12:49 -07:00
Adam Ierymenko
f0a23ae0ea docs 2018-04-17 10:48:00 -07:00
Elmar S. Heeb
c14f9cc247 fix typo in documentation 2018-04-14 10:52:30 +02:00
Adam Ierymenko
e276b6463e Release notes, and shorten Linux canonical network ID derived device names a bit. 2018-04-12 10:33:06 -04:00
Adam Ierymenko
9da7967197 Merge branch 'dev' into edge 2018-04-12 09:08:48 -04:00
Adam Ierymenko
74f2b78c04 Refactor some potentially unsafe SharedPtr<> code. 2018-04-06 08:10:34 -07:00
Adam Ierymenko
2021f8cb5f Merge branch 'dev' into edge 2018-03-29 13:34:54 -07:00
Adam Ierymenko
40a9ebd078 GitHub issue #675 2018-03-29 10:44:57 -07:00
Adam Ierymenko
8c1b73b29c GitHub issue #701 2018-03-29 10:25:29 -07:00
Adam Ierymenko
6679a55693 certutil needs -f in case TrustedProvider store is not yet created 2018-03-27 19:15:14 -07:00
Adam Ierymenko
1101c1d919 Works on 32-bit too now. 2018-03-27 18:46:06 -07:00
Adam Ierymenko
fcb529b348 Take two on unattended driver installs. I think it works now.' 2018-03-27 17:53:28 -07:00
Adam Ierymenko
680b1ca208 Upgrade installer AIP versions and redo how we bundle the driver sub-installer to allow unattended driver installs (hopefully). 2018-03-27 14:19:45 -07:00
Adam Ierymenko
af74fe1711 Merge branch 'dev' into edge 2018-03-21 15:32:04 -07:00
Adam Ierymenko
494cf4049e Add specification of anchor and multicast hub address (optional) to new multicast and IPv4 enabled ad-hoc network ID format. 2018-03-21 15:31:48 -07:00
Adam Ierymenko
c908b9f67a Add anchor and multicast hub address field to new multicast enabled ad-hoc address format. 2018-03-21 15:27:26 -07:00
Adam Ierymenko
209f6d9d2d Merge branch 'dev' into edge 2018-03-19 11:18:54 -07:00
Adam Ierymenko
916077012e Make sure fopen is in binary mode on Windows. 2018-03-16 11:27:11 -07:00
Adam Ierymenko
beb170e4fb Use X64 ASM ed25519 signatures on Linux/x64, which are about 10X faster. Will matter a lot for network controllers, not so much for other things. 2018-03-13 06:51:17 -07:00
Adam Ierymenko
a59912f3af SHA512 using libcrypto (not enabled by default) 2018-03-12 16:56:47 -07:00
Adam Ierymenko
610e594a50 Speed tweaks for signatures, etc. 2018-03-12 16:16:20 -07:00
Joseph Henry
b4e2547052 Minor tweak to QNAP path getter 2018-03-12 11:23:10 -07:00
Pablo Hinojosa
a9778549f2
Warn about invalid network id instead of help 2018-03-11 03:39:13 +01:00
Adam Ierymenko
b601041b5b Merge branch 'edge' of http://10.6.6.2/zerotier/ZeroTierOne into edge 2018-03-09 07:51:43 -08:00
Adam Ierymenko
0945d6ec0d Merge branch 'dev' into edge 2018-03-09 07:50:38 -08:00
Adam Ierymenko
78d9cee416 Other fixes to IPv4 ad-hoc networks. 2018-03-09 00:10:01 -08:00
Adam Ierymenko
bbdb2aa672 Some work on IPv4 enabled ad-hoc networks. 2018-03-08 23:53:57 -08:00
Adam Ierymenko
574b24c082 docs 2018-03-08 22:41:42 -08:00
Adam Ierymenko
874a187c7f cleanup 2018-03-08 22:39:51 -08:00
Adam Ierymenko
e8fb443313 Forgot one other use in RethinkDb driver. 2018-03-08 22:34:51 -08:00
Adam Ierymenko
57b96af2c4 Fix for FileDB _networkChanged / _memberChanged problem. 2018-03-08 22:33:08 -08:00
Grant Limberg
e61d4ab67a Merge branch 'dev' into edge 2018-02-23 13:58:24 -08:00
Grant Limberg
2ee358dbfc TAP driver requires input and output buffers for calls passed into DeviceIoControl
Otherwise the driver returns STATUS_INVALID_PARAMETER and the call fails.  This should fix some Multicast issues on Windows
2018-02-23 13:42:02 -08:00
Joseph Henry
e3bb67d188 Added debug output convenience macros 2018-02-16 16:55:31 -08:00
Grant Limberg
2d289a3308 Just a little cleanup 2018-02-16 15:20:07 -08:00
Grant Limberg
bdb2cc7c85 Linux: link system libcurl when compiling with ZT_VAULT_SUPPORT=1
Requires libcurl and development headers to be installed
2018-02-16 15:08:04 -08:00
Grant Limberg
7793060723 Add HashiCorp Vault storage of ZeroTier's public & secret identity
Adds a "vault" section to local.conf.  Example local.conf:

{
  "config": {
    "vault": {
      "vaultURL": "https://some.vault.host:8200",
      "vaultToken": "my-super-secret-vault-token",
      "vaultPath": "secure/place/to/put/identity"
    }
}

Additionally, the following environment variables can be set.  Environment variables override local.conf:

VAULT_ADDR
VAULT_TOKEN
VAULT_PATH

Identities will be placed in the keys "public" and "secret" under the user specified path.  If no path is specified, they will be placed in the token specific cubbyhole.

If identity.public and identity.secret exist on disk and vault is configured, they will be automatically added to Vault and removed from disk.

TODO:
 *  Decide behavior for if Vault cannot be reached.
 *  Add libcurl as a dependency in Linux & Mac builds
 *  Add libcurl as a requirement for linux packages
2018-02-16 14:30:27 -08:00
Grant Limberg
84302ae9c7 Add CURL libs to VC project 2018-02-16 14:21:38 -08:00
Grant Limberg
cd801b96fa libcurl binaries for Windows 2018-02-16 10:31:37 -08:00
Grant Limberg
5ff0653f9e Hooks into StateGet and StatePut for grabbing identity.secret from Vault 2018-02-16 10:18:10 -08:00
Grant Limberg
9574d635c1 Add Vault configuration option parsing to local.conf
{
   "settings": {
       ...
      "valut": {
         "vaultURL": "...",
         "vaultKey": "...",
         "vaultPath": "..."
      }
   }
}
2018-02-16 10:18:10 -08:00
Grant Limberg
1bec8ddce4 Better error messages when the ZeroTier service can't be contacted
Fixes #681
2018-02-13 16:41:21 -08:00
Grant Limberg
f9b07c63db Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev 2018-02-12 09:30:12 -08:00
Grant Limberg
8828fc7520 some JNI error checking 2018-02-12 09:29:44 -08:00
Adam Ierymenko
978d8fcd4a Merge branch 'dev' of http://10.187.63.16/zerotier/ZeroTierOne into dev 2018-02-09 06:35:09 +00:00
Adam Ierymenko
51aadcf901 A few fixes dicatated by valgrind. 2018-02-09 06:35:01 +00:00
Joseph Henry
db952a050a Added platform checks for Windows in OneService 2018-02-08 14:15:32 -08:00