This version fixes a minor NAT traversal issue. In the past, NAT-t links had a timeout
but otherwise were preserved. This version makes them more ephemeral and invalidates
them on sleep/wake or changes in network configuration or environment.
This is because many NAT setups are very fragile with regard to hole punches, so the
past stickiness of links caused dead links to persist too long and break connectivity
between peers.
This is about 75% of what needs to be done to greatly improve robustness. The other 25%
involves detecting failed links or failed relays.
This version is also almost done for the Windows platform, moving us even closer to
binary release.
Not a significant release for OSS users, but this version marks a significant
increase in workitude on the Windows platform. A properly and officially
signed x64 driver is also included. x86 drivers and more Windows work including
Qt UI are coming soon.
Another release leading up to official binary releases... not much to the core,
but quite a bit of work on the UI, installation, and such.
This version will build and run on OSX 10.6 while previous versions would fail
due to a missing getifmaddrs() function.
This version contains no significant changes to the engine itself, just to
the installer, the GUI, and packaging and such. It's all stuff for prep for
the big release, which is fast approaching!
New versions will be coming fast and furious for a bit as bugs get fixed and
testing is done in prep to the first binary release.
This version fixes a problem with WAN path discovery and a possible security
issue in PacketDecoder. (see previous comments)
This version contains few changes that are visible to users building from source.
It contains an almost-complete version of the Qt-based GUI in ZeroTierUI, though
this is still a work in progress. It also contains the software update infrastructure,
which is not yet enabled by default but does basically work. Some cleanup and
dead code removal has also occurred.
The next release will probably be the first binary release with auto-update and a
full UI experience for Linux and Mac. Windows will follow later, as more work has
to be done on the Windows port.
This version fixes a recurrent gremlin in the tap driver for Mac. If you are
having this issue, you should reinstall the tap.
If you're already running ZT1, shut it down (sudo killall zerotier-one) and
then do:
sudo kextunload /Library/Application\ Support/ZeroTier/One/tap.kext
This should unload the old version. Then type 'sudo make install-mac-tap' in
the ZT1 source home directory and the new version will be installed. ZT1 will
load the module again when it next starts.
In addition to a fix, I am now distributing tap binaries and it is no longer
built in the default Makefile. This is because Apple's in the midst of some
changes that have made building it somewhat difficult.
Another note for Mavericks users:
The first time you use ZT1, you will get a popup about unsigned kernel
extensions. This will vanish once we're out of beta and have signing keys
and signed drivers.
Other changes in this version:
* Minor improvement to Utils::getSecureRandom
* Bug fixes and a small change to certificates of membership for private
networks, which now appear to be working very well!
* Stubbed out messages for auto-update, which will be done in-band via
the ZT1 protocol. Not implemented yet.
This version removes the peer DBM present in earlier releases. It is not necessary for
regular clients and has been a source of problems.
There is a long-term identity cache that can be enabled by making a directory called
"iddb.d" in the home folder and restarting ZT1. This is probably something only our
supernodes would need, since regular nodes can easily WHOIS peers they've forgotten
about.
On shutdown, the peer database is dumped to disk. It's then restored on startup.
Peers that have not been used in a while are cleaned out, so this keeps this data
set small.
A DBM may re-appear later if it's needed, but for now it was YAGNI.
Whew. This is a big one. More of a marathon than a sprint.
First, four big things:
1) This version breaks backward compatibility with all prior versions.
It's in alpha, I can do that.
2) The port has changed from 8993 to 9993 to mark this change. Probably
not necessary but why not? Also 8993/UDP turned out to be used by some
enterprise LDAP thingy, which doesn't matter much either but again why
not?
3) This version, unlike previous versions, does NOT auto-join the Earth
network. Soon there will be more than one net, and not everyone is going
to want to get dumped on a flat global LAN right out of the box. To
join Earth use the command line interface:
sudo zerotier-cli join bc8f9a8ee3000001
4) Finally, you will get a different IP on Earth. The whole cryptosystem
has changed and we're not going to bother with continuity issues in
alpha testing.
So what's changed? See the blog:
http://blog.zerotier.com/post/62991430345/alpha-zerotier-one-network-is-down-briefly
The net should be up shortly after this commit. If there are any issues,
0.5.0 will be rapidly followed by 0.5.1. :-) Otherwise the next sprint
will be finishing up support for private networks. Then it's off to the
races with BETA, then Windows. (Decided to move into beta before Windows
in all likelihood.)
Changes:
* It now builds and runs on Windows with Visual Studio 2012. Windows is
not ready for prime time yet though for several reasons, so no Windows
release yet. If you're brave you can try to DIY, but the driver is
not signed yet either. Windows is a work in progress still.
* Networks now pull their ethernet type whitelist from the netconf master
instead of having it hard-coded. (Prep for network mgmt.)
* Netconf master now sends name and description of networks so this can
be used to set Windows network display names.
* A couple minor bug fixes here and there, nothing major.
* No protocol changes that break compatibility.
In addition to a lot of Windows port work that isn't finished yet (and doesn't
affect the *nix platforms at all), this version contains quite a bit of multicast
cleanup and code simplification.
I also pulled rate limits for now, as it seems to be causing problems. More testing
on the testnet is going to be needed.
This version fixes problems with locating the 'ip' command on Gentoo
and possibly other Linux systems, and a problem that could cause a
crash if EthernetTap was unable to locate one of the commands it
invokes to configure IP information on tap devices.
The code also now builds on Windows. It doesn't run yet, but it's a
step. Windows port is in full swing.
Version 0.4.2 is largely a cleanup release. Changes are minor:
* Programatically replace libcrypto's random number generator with our
own (using /dev/urandom or Windows CAPI) since libcrypto's RNG likes
to use uninitialized memory as one of its entropy sources. This causes
massive floods of valgrind (debugger) errors during memory error
profiling analysis.
* Clean up some other code to eliminate valgrind errors.
Valgrind now runs on Linux with only one error. This error is in
EthernetTap and is a false positive.
This version adds a draft of the multicast rate limiting architecture. A
few minor bugs are also fixed. The Linux version builds in debug mode for
now.
In keeping with the wild west alpha phase of this software, this version is
a major departure from 0.3.0 and an upgrade is required.
The protocol hasn't changed much, but the system of network membership, network
IDs, and network configuration bootstrapping has changed dramatically.
The mechanism for network autoconfiguration is now in-band, via the ZeroTier
protocol itself, rather than using an HTTP API. This simplifies the code and
allows us to use a consistent system of encryption and authentication.
To accomodate this change, network IDs now contain in their most significant
40 bits the ZeroTier address of a node responsible for overseeing the addressing
of participating network members. The remaining bits are free, so each network
controller (netconf node) can control up to 2^24 networks. The code for the
netconf service is in /netconf-service, but for ordinary users there's not much
need to look at it or use it. It's just there to be open source.
The system for network membership tracking is also revamped. For open networks
like Earth this doesn't matter, but for closed networks membership is now driven
by something called a membership certificate that is signed by the controlling
node in the network. There's still work to be done here, so private network
support isn't fully baked yet. But public open networks work fine.
Nodes still join "Earth" by default. The ID for Earth has changed from 1 to
6c92786fee000001 (hex). This means that old 0.3.0 clients and older will not
be able to communicate with 0.4.0 as their network IDs will not match.
The new certificate-based network membership system scales better than the old
HTTP API system and will support some pretty amazing features. Stay tuned!
For now just update and relaunch. You should get the same IPv4 address you
had before.
The second big change is zerotier-cli. Try running it as root (or after
copying the auth file to the path it tells you about when you first run it)
with 'help' as a command.
This version is not compatible with versions prior to 0.3.0, so
'git pull' and restart if you are following the alpha.
Changes from 0.2.5:
- All multicast frames are now signed by the original sender. This
will permit very efficient and fault tolerant rate limitation
across networks, and imposes a kind of "hash cash" cost on those
who wish to flood the network by forcing them to keep regenerating
new identities.
- Simplified peer last unicast / last multicast accounting.
- Improvements to multicast propagation algorithm to achieve better
coverage with less redundant messages.
- The bloated Switch class went on a diet, having packet decoding
broken out into PacketDecoder and multicast propagation algorithm
broken out into Multicaster.
- Multicaster is implemented as a template mockable class to permit
future simulations of huge scale multicast using the actual code
instead of mockups in another language.
- Introduced a faster non-cryptographic random source for things
like multicast propagation and address choosing.
- Some code cleanup, removal of outdated comments, etc.
