Commit Graph

6257 Commits

Author SHA1 Message Date
Joseph Henry
82a9122fc3
Update validate-1m-linux.sh 2023-08-10 09:58:47 -07:00
Joseph Henry
0e9e7f2ebc
Merge pull request #2086 from zerotier/tl-2082
Don't skip hellos when there are no paths available
2023-08-09 11:49:42 -07:00
travisladuke
14671009f8 Don't skip hellos when there are no paths available
working on #2082
2023-08-09 09:35:12 -07:00
Grant Limberg
802c9907a1
limit to hooks with hook_type = NETWORK_JOIN enabled 2023-08-08 13:14:55 -07:00
Grant Limberg
88b96265d7
look up hook URLs dynamically 2023-08-07 16:42:23 -07:00
travisladuke
0bc10923a1 Test that starting zerotier before internet works 2023-08-07 13:25:15 -07:00
Grant Limberg
0dc92c2d7b
update openidconnect rust lib 2023-08-07 10:41:19 -07:00
Grant Limberg
04a3206e53
fix rust cache in github actions 2023-08-04 15:38:49 -07:00
Grant Limberg
98360d94a5
attempt at fixing the windows build 2023-08-04 15:28:52 -07:00
Grant Limberg
a9c8307d97
should only run this if smee is configured 2023-08-04 15:14:40 -07:00
Grant Limberg
581489f67b
this should theoretically send the new member notification 2023-08-04 15:02:37 -07:00
Grant Limberg
5e89d5a03f
fix a typo 2023-08-04 15:02:30 -07:00
Grant Limberg
d71d051c53
instantiate smee client 2023-08-04 14:31:35 -07:00
Grant Limberg
d2aeff6752
another mac fix 2023-08-04 14:04:20 -07:00
Grant Limberg
36be14de06
fix zeroidc include path 2023-08-04 13:31:24 -07:00
Grant Limberg
f9af9a15f2
rusftormat zeroidc 2023-08-04 13:09:14 -07:00
Grant Limberg
4674bb5c8b
add smee client 2023-08-04 13:08:41 -07:00
Grant Limberg
a6b764bf7c
move zeroidc to rustybits folder 2023-08-03 14:57:00 -07:00
Kenny MacDermid
c6f07ee19f
Disable executable stacks on assembly objects (#2071)
Add `--noexecstack` to the assembler flags so the resulting binary
will link with a non-executable stack.

Fixes zerotier/ZeroTierOne#1179

Co-authored-by: Joseph Henry <joseph.henry@zerotier.com>
2023-08-02 15:12:49 -07:00
Brenton Bostick
e36127283c
Fix typos (#2075) 2023-08-01 08:53:55 -07:00
Joseph Henry
230ae6bd16 Fix reporting of secondaryPort and tertiaryPort See: #2039 2023-07-31 20:44:16 -07:00
travisladuke
5b5ef07350 Add search domain to macos dns configuration
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:

```
ping server1                                                                                                                                                                                    ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
2023-07-31 12:37:59 -07:00
travisladuke
fb6af1971b Fix network DNS on macOS
It stopped working for ipv4 only networks in Monterey.
See #1696

We add some config like so to System Configuration

```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
  Addresses : <array> {
    0 : 10.2.1.36
  }
  InterfaceName : feth4823
  Router : 10.2.1.36
  ServerAddress : 127.0.0.1
}

```
2023-07-27 14:26:36 -07:00
lison
41f9bdc5db
Update build.sh (#2068)
fix mkwork compilation errors
2023-07-27 12:43:31 -04:00
Grant Limberg
12e64aa191
fix docker tag for controllers (#2066) 2023-07-20 16:22:03 -07:00
travis laduke
22ab673480 Apply default route a different way - macOS
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.

to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```

gives us this routing table
```
Destination        Gateway            RT_IFA             Flags        Refs      Use    Mtu          Netif Expire    rtt(ms) rttvar(ms)
default            10.2.0.2           10.2.0.18          UGScg          90        1   2800       feth4823
default            192.168.82.1       192.168.82.217     UGScIg
```

allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```

Notice the I flag, for -ifscope, on the physical default route.

route change does not seem to work reliably.
2023-07-20 13:37:05 -07:00
Brenton Bostick
03841dcb81
fix warning: 'OS_STRING' macro redefined [-Wmacro-redefined] (#2064)
Even though this is in ext, these particular chunks of code were added
by us, so are ok to modify.
2023-07-20 11:38:08 -04:00
Brenton Bostick
64c2634b71
suppress warnings: comparison of integers of different signs: 'int64_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Wsign-compare] (#2063) 2023-07-20 11:37:50 -04:00
Adam Ierymenko
f1019dc4ee
Implement recvmmsg() for Linux to reduce syscalls. (#2046)
Between 5% and 40% speed improvement on Linux, depending on system configuration and load.
2023-07-20 11:36:37 -04:00
travisladuke
50ede37a58 remove ZT_NO_METRIC ifdef 2023-07-19 13:42:49 -07:00
travisladuke
60ddca1354 Adjust tcp-proxy makefile to support metrics
There's no way to get the metrics yet. Someone will
have to add the http service.
2023-07-19 13:42:49 -07:00
Jörg Thalheim
19f1f02d91 tcp-proxy: fix build 2023-07-19 13:42:49 -07:00
Grant Limberg
5a36b315a3
Exit if loading an invalid identity from disk (#2058)
* Exit if loading an invalid identity from disk

Previously, if an invalid identity was loaded from disk, ZeroTier would
generate a new identity & chug along and generate a brand new identity
as if nothing happened.  When running in containers, this introduces the
possibility for key matter loss; especially when running in containers
where the identity files are mounted in the container read only.  In
this case, ZT will continue chugging along with a brand new identity
with no possibility of recovering the private key.

ZeroTier should exit upon loading of invalid identity.public/identity.secret #2056

* add validation test for #2056
2023-07-18 14:10:31 -04:00
Sean OMeara
b67cd2cf7a
less drone (#2060) 2023-07-18 10:57:38 +02:00
Joseph Henry
97492eec7c
Fix ifdef that breaks libzt on iOS (#2050) 2023-07-17 16:49:58 -07:00
Joseph Henry
fdc2e0f692 Release memory previously allocated by UPNP_GetValidIGD 2023-07-13 16:34:14 -07:00
Jake Vis
2672d037a8
ARM64 Support for TapDriver6 (#1949) 2023-07-13 16:52:06 -04:00
travis laduke
ee663d61cd Add warning to cli for allow default on FreeBSD
It doesn't work.
Not possible to fix with deficient network
stack and APIs.

ZeroTierOne-freebsd # zerotier-cli set 9bee8941b5xxxxxx allowDefault=1
400 set Allow Default does not work properly on FreeBSD. See #580
root@freebsd13-a:~/ZeroTierOne-freebsd # zerotier-cli get 9bee8941b5xxxxxx allowDefault
1
2023-07-13 13:20:22 -07:00
Grant Limberg
008a768f15
Add a 2nd auth token only for access to /metrics (#2043)
* Add a 2nd auth token for /metrics

Allows administrators to distribute a token that only has access to read
metrics and nothing else.

Also added support for using bearer auth tokens for both types of tokens

Separate endpoint for metrics #2041

* Update readme

* fix a couple of cases of writing the wrong token
2023-07-07 16:43:32 -07:00
Stavros Kois
33b2e6a856
Consider ZEROTIER_JOIN_NETWORKS in healthcheck (#1978) 2023-07-06 12:45:58 -07:00
Travis LaDuke
6540107ccb
fix memory leak in macos ipv6/dns helper (#2030)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
2023-07-06 12:32:10 -07:00
Travis LaDuke
1ce08a62a9
zeroidc cargo warnings (#2029)
* fix unused struct member cargo warning

* fix unused import cargo warning

* fix unused return value cargo warning

---------

Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
2023-07-06 12:13:00 -07:00
dependabot[bot]
b82bdc7782
Bump openssl from 0.10.48 to 0.10.55 in /zeroidc (#2034)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.48 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.55)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
2023-07-06 11:45:32 -07:00
Travis LaDuke
e0e21dfdda
fix oidc auth url memory leak (#2031)
getAuthURL() was not calling zeroidc::free_cstr(url);

the only place authAuthURL is called, the url can be retrieved
from the network config instead.

You could alternatively copy the string and call free_cstr in getAuthURL.
If that's better we can change the PR.

Since now there are no callers of getAuthURL I deleted it.

Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
2023-07-06 11:27:54 -07:00
Grant Limberg
981d09cc28
Merge pull request #2042 from zerotier:docker2
docker tags change
2023-07-06 10:13:35 -07:00
Grant Limberg
2fbd5dc828
docker tags change 2023-07-06 10:12:29 -07:00
Travis LaDuke
931b02dbb1 Update README.md
issue #2009
2023-07-05 13:59:23 -07:00
Grant Limberg
0962af5e72
Multi-arch controller container (#2037)
create arm64 & amd64 images for central controller
2023-06-29 19:45:44 -04:00
Grant Limberg
9b7d13476f
Merge pull request #2022 from zerotier:pgpool
don't unborrow bad connections
2023-06-08 08:52:23 -07:00
Grant Limberg
3efb731b40
don't unborrow bad connections
pool will clean them up later
2023-06-08 08:45:50 -07:00