Commit Graph

5961 Commits

Author SHA1 Message Date
Adam Ierymenko
a872cc3418
1.10.6 merge to main (#1930)
* add note about forceTcpRelay

* Create a sample systemd unit for tcp proxy

* set gitattributes for rust & cargo so hashes dont conflict on Windows

* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"

This reverts commit 032dc5c108.

* Turn off autocrlf for rust source

Doesn't appear to play nice well when it comes to git and vendored cargo package hashes

* Fix #1883 (#1886)

Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.

* Don't vendor packages for zeroidc (#1885)

* Added docker environment way to join networks (#1871)

* add StringUtils

* fix headers
use recommended headers and remove unused headers

* move extern "C"
only JNI functions need to be exported

* cleanup

* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo

* fix typo in log message

* fix typos in JNI method signatures

* fix typo

* fix ANDROID-51: fieldName is uninitialized

* fix ANDROID-35: memory leak

* fix missing DeleteLocalRef in loops

* update to use unique error codes

* add GETENV macro

* add LOG_TAG defines

* ANDROID-48: add ZT_jnicache.cpp

* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp

* add Event.fromInt

* add PeerRole.fromInt

* add ResultCode.fromInt

* fix ANDROID-36: issues with ResultCode

* add VirtualNetworkConfigOperation.fromInt

* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum

* add VirtualNetworkStatus.fromInt

* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum

* add VirtualNetworkType.fromInt

* make NodeStatus a plain data class

* fix ANDROID-52: synchronization bug with nodeMap

* Node init work: separate Node construction and init

* add Node.toString

* make PeerPhysicalPath a plain data class

* remove unused PeerPhysicalPath.fixed

* add array functions

* make Peer a plain data class

* make Version a plain data class

* fix ANDROID-42: copy/paste error

* fix ANDROID-49: VirtualNetworkConfig.equals is wrong

* reimplement VirtualNetworkConfig.equals

* reimplement VirtualNetworkConfig.compareTo

* add VirtualNetworkConfig.hashCode

* make VirtualNetworkConfig a plain data class

* remove unused VirtualNetworkConfig.enabled

* reimplement VirtualNetworkDNS.equals

* add VirtualNetworkDNS.hashCode

* make VirtualNetworkDNS a plain data class

* reimplement VirtualNetworkRoute.equals

* reimplement VirtualNetworkRoute.compareTo

* reimplement VirtualNetworkRoute.toString

* add VirtualNetworkRoute.hashCode

* make VirtualNetworkRoute a plain data class

* add isSocketAddressEmpty

* add addressPort

* add fromSocketAddressObject

* invert logic in a couple of places and return early

* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address

* fix ANDROID-38: stack corruption in onSendPacketRequested

* use GETENV macro

* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch

* use PRId64 macros

* switch statement work

* comments and logging

* Modifier 'public' is redundant for interface members

* NodeException can be made a checked Exception

* 'NodeException' does not define a 'serialVersionUID' field

* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done

* error handling, error reporting, asserts, logging

* simplify loadLibrary

* rename Node.networks -> Node.networkConfigs

* Windows file permissions fix (#1887)

* Allow macOS interfaces to use multiple IP addresses (#1879)

Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* Fix condition where full HELLOs might not be sent when necessary (#1877)

Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* 1.10.4 version bumps

* Add security policy to repo (#1889)

* [+] add e2k64 arch (#1890)

* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args

* 1.10.4 release notes

* Windows 1.10.4 Advanced Installer bump

* Revert "temp fix for ANDROID-56: crash inside newNetworkConfig from too many args"

This reverts commit dd627cd7f4.

* actual fix for ANDROID-56: crash inside newNetworkConfig
cast all arguments to varargs functions as good style

* Fix addIp being called with applied ips (#1897)

This was getting called outside of the check for existing ips
Because of the added ifdef and a brace getting moved to the
wrong place.

```
if (! n.tap()->addIp(*ip)) {
	fprintf(stderr, "ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf));
}
WinFWHelper::newICMPRule(*ip, n.config().nwid);

```

* 1.10.5 (#1905)

* 1.10.5 bump

* 1.10.5 for Windows

* 1.10.5

* Prevent path-learning loops (#1914)

* Prevent path-learning loops

* Only allow new overwrite if not bonded

* fix binding temporary ipv6 addresses on macos (#1910)

The check code wasn't running.

I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.

You can verify the old and new versions with

`ifconfig | grep temporary`

plus

`zerotier-cli info -j` -> listeningOn

* 1.10.6 (#1929)

* 1.10.5 bump

* 1.10.6

* 1.10.6 AIP for Windows.

---------

Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
2023-03-23 13:38:53 -04:00
Adam Ierymenko
1c5897895b
1.10.4 merge into main (#1893)
* add note about forceTcpRelay

* Create a sample systemd unit for tcp proxy

* set gitattributes for rust & cargo so hashes dont conflict on Windows

* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"

This reverts commit 032dc5c108.

* Turn off autocrlf for rust source

Doesn't appear to play nice well when it comes to git and vendored cargo package hashes

* Fix #1883 (#1886)

Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.

* Don't vendor packages for zeroidc (#1885)

* Added docker environment way to join networks (#1871)

* add StringUtils

* fix headers
use recommended headers and remove unused headers

* move extern "C"
only JNI functions need to be exported

* cleanup

* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo

* fix typo in log message

* fix typos in JNI method signatures

* fix typo

* fix ANDROID-51: fieldName is uninitialized

* fix ANDROID-35: memory leak

* fix missing DeleteLocalRef in loops

* update to use unique error codes

* add GETENV macro

* add LOG_TAG defines

* ANDROID-48: add ZT_jnicache.cpp

* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp

* add Event.fromInt

* add PeerRole.fromInt

* add ResultCode.fromInt

* fix ANDROID-36: issues with ResultCode

* add VirtualNetworkConfigOperation.fromInt

* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum

* add VirtualNetworkStatus.fromInt

* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum

* add VirtualNetworkType.fromInt

* make NodeStatus a plain data class

* fix ANDROID-52: synchronization bug with nodeMap

* Node init work: separate Node construction and init

* add Node.toString

* make PeerPhysicalPath a plain data class

* remove unused PeerPhysicalPath.fixed

* add array functions

* make Peer a plain data class

* make Version a plain data class

* fix ANDROID-42: copy/paste error

* fix ANDROID-49: VirtualNetworkConfig.equals is wrong

* reimplement VirtualNetworkConfig.equals

* reimplement VirtualNetworkConfig.compareTo

* add VirtualNetworkConfig.hashCode

* make VirtualNetworkConfig a plain data class

* remove unused VirtualNetworkConfig.enabled

* reimplement VirtualNetworkDNS.equals

* add VirtualNetworkDNS.hashCode

* make VirtualNetworkDNS a plain data class

* reimplement VirtualNetworkRoute.equals

* reimplement VirtualNetworkRoute.compareTo

* reimplement VirtualNetworkRoute.toString

* add VirtualNetworkRoute.hashCode

* make VirtualNetworkRoute a plain data class

* add isSocketAddressEmpty

* add addressPort

* add fromSocketAddressObject

* invert logic in a couple of places and return early

* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address

* fix ANDROID-38: stack corruption in onSendPacketRequested

* use GETENV macro

* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch

* use PRId64 macros

* switch statement work

* comments and logging

* Modifier 'public' is redundant for interface members

* NodeException can be made a checked Exception

* 'NodeException' does not define a 'serialVersionUID' field

* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done

* error handling, error reporting, asserts, logging

* simplify loadLibrary

* rename Node.networks -> Node.networkConfigs

* Windows file permissions fix (#1887)

* Allow macOS interfaces to use multiple IP addresses (#1879)

Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* Fix condition where full HELLOs might not be sent when necessary (#1877)

Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>

* 1.10.4 version bumps

* Add security policy to repo (#1889)

* [+] add e2k64 arch (#1890)

* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args

* 1.10.4 release notes

---------

Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
2023-03-07 16:50:34 -05:00
Grant Limberg
dea47f601d
more info on exception 2023-02-22 16:13:05 -08:00
Adam Ierymenko
dc762196dc
1.10.3 (#1875)
Version bumps and other release stuff to ship 1.10.3
2023-02-15 14:04:42 -05:00
Adam Ierymenko
0a900dc275
Add date to release notes
Add date
2023-02-15 14:04:02 -05:00
Joseph Henry
6f58510431
Update release notes (#1874) 2023-02-15 14:03:13 -05:00
Monica Moniot
666fb7ea2d
eliminated duplicate paths (#1870) 2023-02-06 11:50:05 -08:00
dependabot[bot]
f0778860e5
Bump tokio from 1.24.1 to 1.24.2 in /zeroidc (#1869)
* Bump tokio from 1.24.1 to 1.24.2 in /zeroidc

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.24.1 to 1.24.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/commits)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* vendor tokio update

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
2023-02-06 10:52:52 -08:00
dependabot[bot]
6aea546d6f
Bump bumpalo from 3.10.0 to 3.12.0 in /zeroidc (#1857)
* Bump bumpalo from 3.10.0 to 3.12.0 in /zeroidc

Bumps [bumpalo](https://github.com/fitzgen/bumpalo) from 3.10.0 to 3.12.0.
- [Release notes](https://github.com/fitzgen/bumpalo/releases)
- [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fitzgen/bumpalo/compare/3.10.0...3.12.0)

---
updated-dependencies:
- dependency-name: bumpalo
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* vendor bumpalo update to fix dependabot

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
2023-01-30 09:03:01 -08:00
Joseph Henry
e0a3291235
Fix setMtu() on Linux. Add error checking (#1860)
* Fix setMtu() on Linux. Add error checking

* Slightly tweak ioctl MTU error message
2023-01-26 10:26:12 -08:00
Joseph Henry
b88d7091c8
Simplify dump command. Fix bond list command 2023-01-20 13:54:04 -08:00
zwf
15cfa3bf62
exclude static route with via ip in route helper (#1791)
When adding Routes to zerotier's Managed Routes, the helper will
add a route rule to the device that does not have a via ip,
so that the address of the Destination segment cannot be routed
correctly within the container.
Here, based on the contents of the routes key in
`zerotier-cli -j listnetworks`,
by determining whether the via key has an ip address,
if it is not null, helper will no longer add route rules.
2023-01-20 11:57:13 -08:00
Gleb Mazovetskiy
9c9d1650d1 Check for ARM Cryptography Extension support
ARM Cryptography Extension is optional and not all ARM CPUs support it.
For example, the CPU in Raspberry Pi 4 does not support it.

Check for `__ARM_FEATURE_CRYPTO` before attempting to use the optional
extension.

`__ARM_FEATURE_CRYPTO` is defined by both clang and gcc when the target
has the cryptography extension.

Fixes #1854.
2023-01-20 09:29:09 +01:00
Grant Limberg
0ae09577f6
Client & Central Controller updates to support additonal OIDC features (#1848)
Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different

Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
2023-01-19 15:39:15 -08:00
Brenton Bostick
a59f82093a
Fix Possible misuse of comma operator here (#1851)
Xcode warns about "Possible misuse of comma operator here".
Comma is a sequencing operator in C++ and original code does work, but
is highly non-idiomatic.
2023-01-17 12:38:10 -05:00
Brenton Bostick
be95b56c10
fix typos (#1846) 2023-01-13 10:14:57 -05:00
Sean OMeara
ea0f7dde95 removing pull_request builds from workflow 2023-01-13 14:15:02 +01:00
Grant Limberg
a59626c971
Bump zeroidc dependencies (#1847)
openidconnect -> 2.5
base64 -> 0.21
url -> 2.3
bytes -> 1.3
2023-01-12 13:24:58 -08:00
Sean OMeara
67a7534c21
cargo update tokio >= 1.24 (#1842) 2023-01-12 12:41:29 -08:00
Joseph Henry
39f3f5b2d9 User-configurable physical MTU for individual links
This patch allows users to specify the physical layer MTU for individual links
when in multipath mode. For example:

{
  "settings":
  {
    "defaultBondingPolicy": "custom-balance-xor",
    "policies":
    {
      "custom-balance-xor":
      {
        "basePolicy": "balance-xor",
        "failoverInterval": 5000,
        "links": {
          "weird_5g_link": { "mtu": 1300 },
          "enp5s0": { "mtu": 1400  }
        }
      }
    }
  }
}
2023-01-12 07:12:19 +01:00
Joseph Henry
eccc31a4b9 Add forced TCP relay mode
This patch implements a "TUNNELED" status indicator and "forceTcpRelay" setting for custom relays via local.conf.

For example:

{
  "settings":
  {
    "tcpFallbackRelay": "6.79.53.215/443",
    "forceTcpRelay":true
  }
}
2023-01-12 07:12:19 +01:00
Brenton Bostick
d31f238be0
fix typos (#1843) 2023-01-11 19:42:30 +01:00
Sean OMeara
27c26a77a2 running build workflow on pull_requests 2023-01-07 21:28:12 +01:00
Adam Ierymenko
ab503902c8
Merge pull request #1825 from zerotier/windows-allow-ping
enable ICMPv4 in windows firewall
2023-01-04 11:49:26 -05:00
Adam Ierymenko
ed53b62f1b
Merge pull request #1827 from zerotier/default-route-mac2
Prevent shadowing VM routes as default route (macOS)
2023-01-04 11:48:54 -05:00
Adam Ierymenko
ad5ba54cd4
Merge pull request #1820 from zerotier/dev-low-bandwidth
Low Bandwidth Mode (for IoT)
2023-01-04 11:48:15 -05:00
travis laduke
a6742b7f82 Prevent shadowing VM routes as default route (macOS)
If you have a VM host like parallels, sometimes you get these link-local
default routes:

```
netstat -nrfinet | grep "default\|\/1"
0/1                10.2.0.12          UGScg        feth4823
default            192.168.82.1       UGScg             en1
0/1                192.168.82.1       UGScIg            en1
default            link#22            UCSIg       bridge101      !
128.0/1            10.2.0.12          UGSc         feth4823
128.0/1            192.168.82.1       UGScI             en1
```

(the link#22 one)

The _getRTEs function inclused these routes in the list it makes as like:

device: bridge101, target: 0.0.0.0/0

If it happens to be first in the list, bridge101 gets
selected as the default route.

Then Full Tunnel Mode doesn't work.

The other routes in the list are like:
device: en1 target: 192.168.1.0/24 via:  metric: 0 ifscope: 0
device: en1 target: 192.168.1.1/32 via:  metric: 0 ifscope: 0

We only need the device name from this, so either one will work.
2022-12-23 16:18:00 -08:00
Joseph Henry
91bae4b1a8 Add missing default initialization of _lowBandwidthMode 2022-12-22 10:08:02 -08:00
travis laduke
4959d8079b enable ICMP in windows firewall 2022-12-21 15:38:46 -08:00
Sean OMeara
a558bd9312
cache cago on github actions (#1819) 2022-12-14 19:10:08 +01:00
Sean OMeara
3e41163bbe
fixing windows github builds (#1818) 2022-12-14 11:52:30 +01:00
Sean OMeara
10170b41c3 Revert "Improve default route on macOS (#1680)"
This reverts commit 117d7194af.
2022-12-13 18:32:07 +01:00
Sean OMeara
e0e91e8397 disabling windows builds 2022-12-13 17:20:52 +01:00
Sean OMeara
d2de0292cc
mac and windows github builds (#1817) 2022-12-13 16:49:08 +01:00
Sean OMeara
0210ba9c13 enabling mac and windows github builds 2022-12-13 16:16:17 +01:00
Travis LaDuke
117d7194af
Improve default route on macOS (#1680)
re: issue #1088
and probably: https://discuss.zerotier.com/t/default-route-issue-osx-monterey-m1/6974

// current zerotier.
// allow default adds two sets of routes.
```
netstat -rnfinet | grep "/1\|default" | sort
0/1                10.2.0.2           UGScg        feth4823
0/1                192.168.82.1       UGScIg            en7
128.0/1            10.2.0.2           UGSc         feth4823
128.0/1            192.168.82.1       UGScI             en7
default            192.168.82.1       UGScg             en7
```

Then, something chaotic happens eventually, and networking stops working.

// after patch
```
netstat -rnfinet | grep "/1\|default" | sort
0/1                10.2.0.2           UGScg        feth4823
128.0/1            10.2.0.2           UGSc         feth4823
default            192.168.82.1       UGScg             en7
```

After the change, I can still:
- use default route
- route to other subnets

I tested on high sierra through monterey
and on freebsd13.1
2022-12-13 11:52:21 +01:00
Sean OMeara
7587ef5136
basic builds on github (#1815)
Initial Github Actions build
2022-12-12 09:44:31 +01:00
Joseph Henry
087a797257
Merge pull request #1808 from zerotier/dev-tcp-proxy
Dig tcp-proxy out of the git history
2022-12-07 09:40:42 -08:00
Grant Limberg
a02f42188c
Merge pull request #1811 from zerotier/cleanup/typos
Cleanup/typos
2022-12-07 08:33:12 -08:00
Brenton Bostick
98e0bf22d3 fix actual typo in config key code 2022-12-07 10:23:11 -05:00
Brenton Bostick
1e2ff042b4 fix typos in docs, comments, and strings 2022-12-07 10:17:53 -05:00
travis laduke
b8eb9196e8 update tcp-relay README 2022-12-06 11:49:12 -08:00
travis laduke
db1df58955 resurrect tcp proxy 2022-12-06 11:49:12 -08:00
Brenton Bostick
2f5dc10399
Fix syntax error (#1806)
Similar previous fix:
668ab8b85c
2022-12-05 13:33:00 -08:00
Joseph Henry
4100615cd6 Merge branch 'dev' into dev-low-bandwidth 2022-12-05 13:26:57 -08:00
Joseph Henry
e27c3edaba Merge branch 'dev' into dev-low-bandwidth 2022-12-05 13:23:04 -08:00
Joseph Henry
3c9ea2b667
Add low-bandwidth mode 2022-12-05 13:21:05 -08:00
Grant Limberg
065f42af1d
Merge pull request #1807 from zerotier/cleanup/typos
fix typos
2022-12-05 08:34:53 -08:00
Grant Limberg
1d503f45ad
Merge pull request #1805 from zerotier/update/bad-file-descriptor
Update/bad file descriptor
2022-12-05 08:33:12 -08:00
Brenton Bostick
5b5f9a069a fix typos 2022-12-05 11:29:21 -05:00