Commit Graph

2010 Commits

Author SHA1 Message Date
Grant Limberg
06b487119d
More packet metrics (#1982)
* found path negotation sends that weren't accounted for

* Fix histogram so it will actually compile

* Found more places for packet metrics
2023-05-02 11:16:55 -07:00
Brenton Bostick
f73e51e94c
Brenton/curly braces (#1971)
* fix formatting

* properly adjust various lines
breakup multiple statements onto multiple lines

* insert {} around if, for, etc.
2023-05-01 11:48:16 -07:00
Grant Limberg
595e033776
Outgoing Packet Metrics (#1980)
add tx/rx labels to packet counters and add metrics for outgoing packets
2023-04-28 14:24:19 -07:00
Grant Limberg
411e54023a
adding incoming zt packet type metrics (#1976) 2023-04-26 08:49:54 -07:00
Grant Limberg
e4cb74896b
Central startup update (#1973)
* allow specifying authtoken in central startup

* set allowManagedFrom

* move redis_mem_notification to the correct place

* add node checkins metric

* wire up min/max connection pool size metrics
2023-04-25 12:44:18 -07:00
Grant Limberg
8e6e4ede6d
Add prometheus metrics for Central controllers (#1969)
* add header-only prometheus lib to ext

* rename folder

* Undo rename directory

* prometheus simpleapi included on mac & linux

* wip

* wire up some controller stats

* Get windows building with prometheus

* bsd build flags for prometheus

* Fix multiple network join from environment entrypoint.sh.release (#1961)

* _bond_m guards _bond, not _paths_m (#1965)

* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)

* Serve prom metrics from /metrics endpoint

* Add prom metrics for Central controller specific things

* reorganize metric initialization

* testing out a labled gauge on Networks

* increment error counter on throw

* Consolidate metrics definitions

Put all metric definitions into node/Metrics.hpp.  Accessed as needed
from there.

* Revert "testing out a labled gauge on Networks"

This reverts commit 499ed6d95e.

* still blows up but adding to the record for completeness right now

* Fix runtime issues with metrics

* Add metrics files to visual studio project

* Missed an "extern"

* add copyright headers to new files

* Add metrics for sent/received bytes (total)

* put /metrics endpoint behind auth

* sendto returns int on Win32

---------

Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
2023-04-21 12:12:43 -07:00
Brenton Bostick
1b59712c48
Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964) 2023-04-18 12:14:05 -07:00
Brenton Bostick
7c8d5b0afd
_bond_m guards _bond, not _paths_m (#1965) 2023-04-18 12:12:33 -07:00
Joseph Henry
ce9330e9bb
Prevent path-learning loops (#1914)
* Prevent path-learning loops

* Only allow new overwrite if not bonded
2023-03-21 13:18:21 -04:00
Adam Ierymenko
1c5897895b
1.10.4 merge into main (#1893)
* add note about forceTcpRelay

* Create a sample systemd unit for tcp proxy

* set gitattributes for rust & cargo so hashes dont conflict on Windows

* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"

This reverts commit 032dc5c108.

* Turn off autocrlf for rust source

Doesn't appear to play nice well when it comes to git and vendored cargo package hashes

* Fix #1883 (#1886)

Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.

* Don't vendor packages for zeroidc (#1885)

* Added docker environment way to join networks (#1871)

* add StringUtils

* fix headers
use recommended headers and remove unused headers

* move extern "C"
only JNI functions need to be exported

* cleanup

* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo

* fix typo in log message

* fix typos in JNI method signatures

* fix typo

* fix ANDROID-51: fieldName is uninitialized

* fix ANDROID-35: memory leak

* fix missing DeleteLocalRef in loops

* update to use unique error codes

* add GETENV macro

* add LOG_TAG defines

* ANDROID-48: add ZT_jnicache.cpp

* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp

* add Event.fromInt

* add PeerRole.fromInt

* add ResultCode.fromInt

* fix ANDROID-36: issues with ResultCode

* add VirtualNetworkConfigOperation.fromInt

* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum

* add VirtualNetworkStatus.fromInt

* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum

* add VirtualNetworkType.fromInt

* make NodeStatus a plain data class

* fix ANDROID-52: synchronization bug with nodeMap

* Node init work: separate Node construction and init

* add Node.toString

* make PeerPhysicalPath a plain data class

* remove unused PeerPhysicalPath.fixed

* add array functions

* make Peer a plain data class

* make Version a plain data class

* fix ANDROID-42: copy/paste error

* fix ANDROID-49: VirtualNetworkConfig.equals is wrong

* reimplement VirtualNetworkConfig.equals

* reimplement VirtualNetworkConfig.compareTo

* add VirtualNetworkConfig.hashCode

* make VirtualNetworkConfig a plain data class

* remove unused VirtualNetworkConfig.enabled

* reimplement VirtualNetworkDNS.equals

* add VirtualNetworkDNS.hashCode

* make VirtualNetworkDNS a plain data class

* reimplement VirtualNetworkRoute.equals

* reimplement VirtualNetworkRoute.compareTo

* reimplement VirtualNetworkRoute.toString

* add VirtualNetworkRoute.hashCode

* make VirtualNetworkRoute a plain data class

* add isSocketAddressEmpty

* add addressPort

* add fromSocketAddressObject

* invert logic in a couple of places and return early

* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address

* fix ANDROID-38: stack corruption in onSendPacketRequested

* use GETENV macro

* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch

* use PRId64 macros

* switch statement work

* comments and logging

* Modifier 'public' is redundant for interface members

* NodeException can be made a checked Exception

* 'NodeException' does not define a 'serialVersionUID' field

* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done

* error handling, error reporting, asserts, logging

* simplify loadLibrary

* rename Node.networks -> Node.networkConfigs

* Windows file permissions fix (#1887)

* Allow macOS interfaces to use multiple IP addresses (#1879)

Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* Fix condition where full HELLOs might not be sent when necessary (#1877)

Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* 1.10.4 version bumps

* Add security policy to repo (#1889)

* [+] add e2k64 arch (#1890)

* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args

* 1.10.4 release notes

---------

Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
2023-03-07 16:50:34 -05:00
Monica Moniot
666fb7ea2d
eliminated duplicate paths (#1870) 2023-02-06 11:50:05 -08:00
Gleb Mazovetskiy
9c9d1650d1 Check for ARM Cryptography Extension support
ARM Cryptography Extension is optional and not all ARM CPUs support it.
For example, the CPU in Raspberry Pi 4 does not support it.

Check for `__ARM_FEATURE_CRYPTO` before attempting to use the optional
extension.

`__ARM_FEATURE_CRYPTO` is defined by both clang and gcc when the target
has the cryptography extension.

Fixes #1854.
2023-01-20 09:29:09 +01:00
Grant Limberg
0ae09577f6
Client & Central Controller updates to support additonal OIDC features (#1848)
Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different

Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
2023-01-19 15:39:15 -08:00
Brenton Bostick
a59f82093a
Fix Possible misuse of comma operator here (#1851)
Xcode warns about "Possible misuse of comma operator here".
Comma is a sequencing operator in C++ and original code does work, but
is highly non-idiomatic.
2023-01-17 12:38:10 -05:00
Joseph Henry
39f3f5b2d9 User-configurable physical MTU for individual links
This patch allows users to specify the physical layer MTU for individual links
when in multipath mode. For example:

{
  "settings":
  {
    "defaultBondingPolicy": "custom-balance-xor",
    "policies":
    {
      "custom-balance-xor":
      {
        "basePolicy": "balance-xor",
        "failoverInterval": 5000,
        "links": {
          "weird_5g_link": { "mtu": 1300 },
          "enp5s0": { "mtu": 1400  }
        }
      }
    }
  }
}
2023-01-12 07:12:19 +01:00
Brenton Bostick
d31f238be0
fix typos (#1843) 2023-01-11 19:42:30 +01:00
Joseph Henry
91bae4b1a8 Add missing default initialization of _lowBandwidthMode 2022-12-22 10:08:02 -08:00
Joseph Henry
4100615cd6 Merge branch 'dev' into dev-low-bandwidth 2022-12-05 13:26:57 -08:00
Joseph Henry
e27c3edaba Merge branch 'dev' into dev-low-bandwidth 2022-12-05 13:23:04 -08:00
Joseph Henry
3c9ea2b667
Add low-bandwidth mode 2022-12-05 13:21:05 -08:00
Brenton Bostick
5b5f9a069a fix typos 2022-12-05 11:29:21 -05:00
Brenton Bostick
4d50ed0b9d Fix several warning: format specifies type 'XXX' but the argument has type 'YYY'
Use %z for printing size_t and PRId64 etc. macros for printing
platform-specific widths, and remove now-redundant casts
2022-12-01 08:42:06 -05:00
Brenton Bostick
3b8c33d49a fix typos in code 2022-11-28 09:23:58 -05:00
Brenton Bostick
f74a594e98 fix typos in comments and strings 2022-11-28 09:23:45 -05:00
Joseph Henry
b02a41751c
Fix unresponsiveness when moving flows in balance-aware (See #1764) 2022-11-02 08:46:11 -07:00
Joseph Henry
3b11915eab Merge remote-tracking branch 'origin/expose-surface-addresses' into dev 2022-10-25 13:55:21 -07:00
travis laduke
82c799b9d1 Expose surface addresses in info json
Surface Addresses are the addresses that
the roots report back to you.

This is helpful for trouble shooting.

If you're behind NAT, the source port is different
than what zerotier is bound to.
If the list of surface address ports is larger than the list of
bound addresses, you are probably behind symmetric NAT.

Anways this can be added to later with a more simple
"easy" or "hard" nat computed message somewhere.
2022-10-25 11:25:21 -07:00
Joseph Henry
e1f60e3f83
Behavioral changes to multipath balance modes (See: #1745 and #1753) 2022-10-09 23:07:16 -07:00
Adam Ierymenko
86a436e9bf Small string fix. 2022-10-06 16:53:35 -04:00
Joseph Henry
bc521504ca
Improved multipath link monitoring 2022-09-20 14:27:34 -07:00
Joseph Henry
0797adf223
Improve output of bond list command 2022-09-16 13:43:34 -07:00
Joseph Henry
85698860ae Merge branch 'dev-1734-policy-defaults' of https://github.com/grapexy/ZeroTierOne into grapexy-dev-1734-policy-defaults 2022-09-15 16:05:21 -07:00
Joseph Henry
50e131a4ff
Partial fix for discrepancy between docs and implementation 2022-09-15 15:56:23 -07:00
grapexy
b733bb8ead Fix sanity checks overwriting custom policy parameters 2022-09-16 00:18:05 +04:00
Joseph Henry
e18d206248
Add warm spare feature for balance modes 2022-09-14 10:09:29 -07:00
Joseph Henry
66b70a8043
Prevent re-armoring of packets when in multipath broadcast mode 2022-09-07 15:03:02 -07:00
Joseph Henry
1d1843bf3b
Forget links if QoS verbs fail to arrive 2022-09-07 09:08:13 -07:00
Joseph Henry
0e23ba8f1a
Add logic short-circuit to avoid unnecessary bond rebuild logic when appropriate 2022-09-01 15:16:21 -07:00
Joseph Henry
b6074da498
Fix nonsensical equality comparison which may prevent certain links from being regarded as preferred in multipath scenarios 2022-08-29 16:03:48 -07:00
Anders Jenbo
7e92d478a1
Add missing <algorithm> include (#1709)
This is required for building under VS2017
2022-08-29 10:39:04 -07:00
Joseph Henry
ff670d044a
Fix integer format specifier compiler warnings 2022-08-09 21:19:16 -07:00
Joseph Henry
7ed5bde426
Fix for ab-mode link failure, QoS metrics (WIP) 2022-06-08 10:01:54 -07:00
Adam Ierymenko
e672dc8094
Set version to correct 1.10.0. 2022-06-06 16:18:50 -04:00
Joseph Henry
1a400d33fd
Fix link creation bug in active-backup mode 2022-05-18 10:04:53 -07:00
Joseph Henry
c34325fee7
Fix attribute placement for debugging functions (#1587) 2022-05-06 17:25:15 -07:00
Joseph Henry
db8443ef7d
Remove attributes causing build failures on various platforms (#1587) 2022-05-06 15:19:59 -07:00
Joseph Henry
6c85f8c7a7
Safely handle disappearing bonded interfaces (See issue #1587) 2022-05-06 14:59:34 -07:00
David Baird
eea93d2607
Fix SEGV caused by format string on 32-bit platforms / armv7l, reported in #1587 (#1658)
Looks great. Thanks for this!
2022-05-06 09:11:47 -07:00
Joseph Henry
e9f8ecbf7e
Properly initialize active-backup path index as partial fix for #1587 2022-05-04 09:51:48 -07:00
Adam Ierymenko
166c7978ee ALMOST compiles for ARM64 Windows, only remaining barrier is ring in zeroidc. 2022-04-27 12:19:42 -04:00
Joseph Henry
66236e91a2
Style fix 2022-04-26 08:26:45 -07:00
Adam Ierymenko
76bce44280
Build fix. 2022-04-19 21:30:36 -04:00
Adam Ierymenko
ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9. 2022-04-19 21:29:11 -04:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
fe0068da52
A bit more auth cleanup in the local node. 2022-04-19 16:34:46 -04:00
Adam Ierymenko
cd70fefc5e
Clean up some credential push stuff. 2022-04-19 16:06:53 -04:00
Adam Ierymenko
877f86a896
build fix 2022-04-19 12:44:18 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Adam Ierymenko
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes. 2022-04-19 10:37:58 -04:00
Joseph Henry
7e4da53c0b
Check reference to failover path before use in active-backup scenario 2022-04-17 21:03:57 -07:00
Adam Ierymenko
fe376f6a1e
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2022-04-15 14:23:40 -04:00
Adam Ierymenko
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine. 2022-04-15 14:23:26 -04:00
Joseph Henry
99df637aae
Improve relationship between QOS timers and bucket sizes 2022-04-15 09:55:00 -07:00
Adam Ierymenko
a7dcfa18a2
Oops forgot last part of that fix for MAC errors. 2022-04-14 20:13:57 -04:00
Adam Ierymenko
4389b9feff
Likely fix for invalid MAC problem. 2022-04-14 20:10:20 -04:00
Joseph Henry
6f4a69703b
Fix ZT_SSO_SUPPORTED flag behavior. Allow disabling for embedded targets. 2022-03-31 21:45:38 -07:00
Adam Ierymenko
68c9398f71
Merge branch 'master' into dev 2022-03-10 15:48:47 -05:00
Adam Ierymenko
34a64f30de
Bump the peer cache serialization version due to path changes, will cause peers to be re-learned. Technically the peer cache is optional anyway so it's not going to break anything and should guard against weird issues due to path learning changes on restart. 2022-03-09 09:13:26 -05:00
Joseph Henry
3ead6b67cd
Dynamically scale bonded link monitor frequency according to aliveness 2022-03-02 14:58:31 -08:00
Joseph Henry
8148c658cf
Remove bonds for peers that have fully expired. Remove notion of bond health 2022-03-02 09:55:23 -08:00
Joseph Henry
1cf8a1f493
More accurate accounting of bond layer overhead traffic 2022-02-25 15:04:48 -08:00
Joseph Henry
bc2c4cf80a Merge branch 'dev' of https://github.com/zerotier/zerotierone into dev 2022-02-25 11:39:21 -08:00
Joseph Henry
9933d83cf8
Merge pull request #1564 from zerotier/dev-whoami
Proactively seek, and distribute external surface addresses

This patch introduces a new "self-awareness" behavior which proactively queries peers for external surface addresses and distributes them via PUSH_DIRECT_PATHS. This has the effect of making ZT more responsive to interface changes.

Current behavior:

Previously, this type of information was only mediated via RENDEZVOUS and was only triggered when the client detected that it no longer had a single alive path to a peer. While PUSH_DIRECT_PATHS would correctly (and often) send local addresses, this was not the case for external addresses collected from response HELLOs. This would lead to situations where only one physical address would be distributed to peers. Additionally, if a new physical interface were to be made available to the client, the client would correctly bind to it but never seek information about its external mapping from a peer, and thus the new physical interface would remain unavailable for other peers to learn about until all paths on the previous interface have expired which can take a couple of minutes. In traditional usage of ZT this is not usually a problem, but it becomes a problem in the following scenarios:

    Network interfaces go up and down while ZT is running (e.g. switching to LTE or WiFi from a wired connection)
    Network interfaces are added or removed in multipath setups

Proposed behavior:

I propose that normal full HELLOs are sent not only on the first interface in use, but all interfaces. This causes planets to respond with a HELLO containing the surface address for each interface. We then collect each address using SelfAwareness::whoami() and distribute them via the normal PUSH_DIRECT_PATHS mechanism.
2022-02-25 11:30:45 -08:00
Joseph Henry
1918c29fd7
Change ECHO divisor from 20 to 6 2022-02-25 11:29:07 -08:00
Joseph Henry
618202d426
Increase min failover to 500 ms and probe period to 1/3rd of failover 2022-02-25 10:52:39 -08:00
Joseph Henry
d1335dca11
Change ECHO rate-limit divsor from 16 to 20 2022-02-21 16:22:33 -08:00
Joseph Henry
5e13b42abc
Rate gate ECHO per Path instead of per Peer 2022-02-21 14:37:39 -08:00
Joseph Henry
96aa1c30a6
Proactively seek, enumerate, and distribute external surface addresses 2022-02-17 15:39:17 -08:00
Joseph Henry
1b0c183913
Force non-leaf peers into local active-backup bond when multipath is enabled 2022-02-17 15:16:33 -08:00
Joseph Henry
40269c2a97
Comment out debug traces 2022-02-16 20:39:18 -08:00
Adam Ierymenko
3c85a7f074
Rev roots. 2022-02-15 09:13:58 -05:00
Joseph Henry
f9c84c8c52
Remove stray debug trace 2022-02-08 15:32:25 -08:00
Grant Limberg
aa97aabb4e
for now, only enable sso on certain platforms
mac, windows, linux x86/x86_64/aarch64
2022-02-01 11:07:37 -08:00
Joseph Henry
4190318c85
Fix typo in constant name 2022-01-28 10:41:21 -08:00
Joseph Henry
2f554fd6f8
Merge pull request #1552 from Shawn8410/master
FIX: fix wrong flag usage of rateGateCredentialsReceived
2022-01-28 10:12:16 -08:00
Shawn
ae93cccde6 FIX: fix wrong flag usage of rateGateCredentialsReceived 2022-01-27 11:59:21 +08:00
Joseph Henry
46e955e3a1
Split bond logs into two categories to reduce logging size 2022-01-26 15:14:02 -08:00
Joseph Henry
2850f131e2
Fix code style 2022-01-25 18:03:36 -08:00
Grant Limberg
d719137565
temp workaround for oidc auth dropping issue
Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED.  This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
2022-01-20 09:44:56 -08:00
Grant Limberg
dceba1f2f1
Merge branch 'dev' into zeroidc 2022-01-05 08:35:15 -08:00
Grant Limberg
73878fbdc4
Merge pull request #1531 from StephenCWills/mingw32-disable-salsasse
Disable Salsa20 SSE on MinGW 32-bit compiler
2022-01-04 17:42:40 -08:00
staphen
87d17088cc
Disable Salsa20 SSE on MinGW 32-bit compiler 2022-01-04 20:39:08 -05:00
Grant Limberg
cc6c48fca8
Merge pull request #1525 from StephenCWills/lowercase-windows-headers
Use lowercase when including Windows headers
2022-01-04 17:11:51 -08:00
staphen
1c956494a4
Use lowercase when including Windows headers 2021-12-29 16:29:08 -05:00
Grant Limberg
eee31605b1
Merge branch 'dev' into zeroidc 2021-12-15 14:17:26 -08:00
Andrej Binder
aeec7dae36 Prevent arithmetic error on interface change. 2021-12-15 22:22:02 +01:00
Adam Ierymenko
fa58909d44
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-12-15 12:32:41 -05:00
Adam Ierymenko
06ed114fb6
Release notes and GitHub issue #1512 2021-12-15 12:32:28 -05:00
Joseph Henry
bdef9d3bd7
Fix situation where too many ECHOs are sent to multipath peer 2021-12-14 21:20:58 -08:00
Joseph Henry
b154b7296c
Improve multipath logging output 2021-12-14 21:13:19 -08:00