This makes switching between physical networks
with full tunnel mode enabled more reliable.
There were issues with the physical default route or device
changing.
* Add test for primary port bindings to validator - See #2105
* Add delay to binding test
* Remove TCP binding logic from Binder to fix#2105
* add second control plane socket for ipv6
* fix controller network post endpoint
* exit if we can't bind at least one of IPV4 or IPV6 for control plane port
---------
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
see commit fb6af1971 * Fix network DNS on macOS
adding that stuff to System Config causes this extra route to be added
which breaks ipv4 default route.
We figured out a weird System Coniguration setting
that works.
--- old
couldn't figure out how to fix it in SystemConfiguration
so here we are# Please enter the commit message for your changes. Lines starting
We also moved the dns setter to before the syncIps stuff
to help with a race condition. It didn't always work when
you re-joined a network with default route enabled.
See issue #2082
We use a call to libnatpmp::ininatpp to make sure the computer
has working network sockets before we go into the main
nat-pmp/upnp logic.
With basic exponenetial delay up to 30 seconds.
Stumbled upon this while debugging something else.
If we add search domain to our system configuration for
network DNS, then search domains work:
```
ping server1 ~
PING server1.my.domain (10.123.3.1): 56 data bytes
64 bytes from 10.123.3.1
```
It stopped working for ipv4 only networks in Monterey.
See #1696
We add some config like so to System Configuration
```
scutil
show State:/Network/Service/9bee8941b5xxxxxx/IPv4
<dictionary> {
Addresses : <array> {
0 : 10.2.1.36
}
InterfaceName : feth4823
Router : 10.2.1.36
ServerAddress : 127.0.0.1
}
```
The original way we applied default route, by forking
0.0.0.0/0 into 0/1 and 128/1 works, but if mac os has any networking
hiccups -if you change SSIDs or sleep/wake- macos erases the system default route.
And then all networking on the computer is broken.
to summarize the new way:
allowDefault=1
```
sudo route delete default 192.168.82.1
sudo route add default 10.2.0.2
sudo route add -ifscope en1 default 192.168.82.1
```
gives us this routing table
```
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire rtt(ms) rttvar(ms)
default 10.2.0.2 10.2.0.18 UGScg 90 1 2800 feth4823
default 192.168.82.1 192.168.82.217 UGScIg
```
allowDefault=0
```
sudo route delete default
sudo route delete -ifscope en1 default
sudo route add default 192.168.82.1
```
Notice the I flag, for -ifscope, on the physical default route.
route change does not seem to work reliably.
* internal db metrics
* use shared mutexes for read/write locks
* remove this lock. only used for a metric
* more metrics
* remove exploratory metrics
place controller request benchmarks behind ifdef
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
* add header-only prometheus lib to ext
* rename folder
* Undo rename directory
* prometheus simpleapi included on mac & linux
* wip
* wire up some controller stats
* Get windows building with prometheus
* bsd build flags for prometheus
* Fix multiple network join from environment entrypoint.sh.release (#1961)
* _bond_m guards _bond, not _paths_m (#1965)
* Fix: warning: mutex '_aqm_m' is not held on every path through here [-Wthread-safety-analysis] (#1964)
* Serve prom metrics from /metrics endpoint
* Add prom metrics for Central controller specific things
* reorganize metric initialization
* testing out a labled gauge on Networks
* increment error counter on throw
* Consolidate metrics definitions
Put all metric definitions into node/Metrics.hpp. Accessed as needed
from there.
* Revert "testing out a labled gauge on Networks"
This reverts commit 499ed6d95e.
* still blows up but adding to the record for completeness right now
* Fix runtime issues with metrics
* Add metrics files to visual studio project
* Missed an "extern"
* add copyright headers to new files
* Add metrics for sent/received bytes (total)
* put /metrics endpoint behind auth
* sendto returns int on Win32
---------
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
The check code wasn't running.
I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.
You can verify the old and new versions with
`ifconfig | grep temporary`
plus
`zerotier-cli info -j` -> listeningOn
* add note about forceTcpRelay
* Create a sample systemd unit for tcp proxy
* set gitattributes for rust & cargo so hashes dont conflict on Windows
* Revert "set gitattributes for rust & cargo so hashes dont conflict on Windows"
This reverts commit 032dc5c108.
* Turn off autocrlf for rust source
Doesn't appear to play nice well when it comes to git and vendored cargo package hashes
* Fix#1883 (#1886)
Still unknown as to why, but the call to `nc->GetProperties()` can fail
when setting a friendly name on the Windows virtual ethernet adapter.
Ensure that `ncp` is not null before continuing and accessing the device
GUID.
* Don't vendor packages for zeroidc (#1885)
* Added docker environment way to join networks (#1871)
* add StringUtils
* fix headers
use recommended headers and remove unused headers
* move extern "C"
only JNI functions need to be exported
* cleanup
* fix ANDROID-50: RESULT_ERROR_BAD_PARAMETER typo
* fix typo in log message
* fix typos in JNI method signatures
* fix typo
* fix ANDROID-51: fieldName is uninitialized
* fix ANDROID-35: memory leak
* fix missing DeleteLocalRef in loops
* update to use unique error codes
* add GETENV macro
* add LOG_TAG defines
* ANDROID-48: add ZT_jnicache.cpp
* ANDROID-48: use ZT_jnicache.cpp and remove ZT_jnilookup.cpp and ZT_jniarray.cpp
* add Event.fromInt
* add PeerRole.fromInt
* add ResultCode.fromInt
* fix ANDROID-36: issues with ResultCode
* add VirtualNetworkConfigOperation.fromInt
* fix ANDROID-40: VirtualNetworkConfigOperation out-of-sync with ZT_VirtualNetworkConfigOperation enum
* add VirtualNetworkStatus.fromInt
* fix ANDROID-37: VirtualNetworkStatus out-of-sync with ZT_VirtualNetworkStatus enum
* add VirtualNetworkType.fromInt
* make NodeStatus a plain data class
* fix ANDROID-52: synchronization bug with nodeMap
* Node init work: separate Node construction and init
* add Node.toString
* make PeerPhysicalPath a plain data class
* remove unused PeerPhysicalPath.fixed
* add array functions
* make Peer a plain data class
* make Version a plain data class
* fix ANDROID-42: copy/paste error
* fix ANDROID-49: VirtualNetworkConfig.equals is wrong
* reimplement VirtualNetworkConfig.equals
* reimplement VirtualNetworkConfig.compareTo
* add VirtualNetworkConfig.hashCode
* make VirtualNetworkConfig a plain data class
* remove unused VirtualNetworkConfig.enabled
* reimplement VirtualNetworkDNS.equals
* add VirtualNetworkDNS.hashCode
* make VirtualNetworkDNS a plain data class
* reimplement VirtualNetworkRoute.equals
* reimplement VirtualNetworkRoute.compareTo
* reimplement VirtualNetworkRoute.toString
* add VirtualNetworkRoute.hashCode
* make VirtualNetworkRoute a plain data class
* add isSocketAddressEmpty
* add addressPort
* add fromSocketAddressObject
* invert logic in a couple of places and return early
* newInetAddress and newInetSocketAddress work
allow newInetSocketAddress to return NULL if given empty address
* fix ANDROID-38: stack corruption in onSendPacketRequested
* use GETENV macro
* JniRef work
JniRef does not use callbacks struct, so remove
fix NewGlobalRef / DeleteGlobalRef mismatch
* use PRId64 macros
* switch statement work
* comments and logging
* Modifier 'public' is redundant for interface members
* NodeException can be made a checked Exception
* 'NodeException' does not define a 'serialVersionUID' field
* 'finalize()' should not be overridden
this is fine to do because ZeroTierOneService calls close() when it is done
* error handling, error reporting, asserts, logging
* simplify loadLibrary
* rename Node.networks -> Node.networkConfigs
* Windows file permissions fix (#1887)
* Allow macOS interfaces to use multiple IP addresses (#1879)
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* Fix condition where full HELLOs might not be sent when necessary (#1877)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
* 1.10.4 version bumps
* Add security policy to repo (#1889)
* [+] add e2k64 arch (#1890)
* temp fix for ANDROID-56: crash inside newNetworkConfig from too many args
* 1.10.4 release notes
---------
Co-authored-by: travis laduke <travisladuke@gmail.com>
Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
Co-authored-by: Leonardo Amaral <leleobhz@users.noreply.github.com>
Co-authored-by: Brenton Bostick <bostick@gmail.com>
Co-authored-by: Sean OMeara <someara@users.noreply.github.com>
Co-authored-by: Joseph Henry <joseph-henry@users.noreply.github.com>
Co-authored-by: Roman Peshkichev <roman.peshkichev@gmail.com>
If you have a VM host like parallels, sometimes you get these link-local
default routes:
```
netstat -nrfinet | grep "default\|\/1"
0/1 10.2.0.12 UGScg feth4823
default 192.168.82.1 UGScg en1
0/1 192.168.82.1 UGScIg en1
default link#22 UCSIg bridge101 !
128.0/1 10.2.0.12 UGSc feth4823
128.0/1 192.168.82.1 UGScI en1
```
(the link#22 one)
The _getRTEs function inclused these routes in the list it makes as like:
device: bridge101, target: 0.0.0.0/0
If it happens to be first in the list, bridge101 gets
selected as the default route.
Then Full Tunnel Mode doesn't work.
The other routes in the list are like:
device: en1 target: 192.168.1.0/24 via: metric: 0 ifscope: 0
device: en1 target: 192.168.1.1/32 via: metric: 0 ifscope: 0
We only need the device name from this, so either one will work.
