Commit Graph

4639 Commits

Author SHA1 Message Date
Jonathon Fernyhough
e4e0be979e
Fix ed25519-amd64-asm PIC compatibility
The Hyperledger implementation (https://github.com/hyperledger/iroha-ed25519)
contains changes to the assembly code to allow PIC. This in turn fixes
compilation/linking of ZeroTier One when "full hardening" flags are used.
2018-04-21 16:18:00 +01:00
Adam Ierymenko
86637cda9f Disable ASM ed25519 by default (it only helps significantly on controllers) so fPIE will work -- GitHub issue #717 2018-04-20 11:35:50 -07:00
Adam Ierymenko
94f41e2332 Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2018-04-18 08:08:06 -07:00
Adam Ierymenko
3d2a50f811
Merge pull request #654 from atopuzov/armv7l
Add support for armv7l
2018-04-18 08:06:53 -07:00
Adam Ierymenko
c2ffbb8627
Merge pull request #673 from neutronscott/dev
check physical blacklist for interface binding as well
2018-04-18 08:05:51 -07:00
Adam Ierymenko
54218f6c3c
Merge pull request #690 from Pablohn26/master
Warn about invalid network id instead of help
2018-04-18 08:05:28 -07:00
Adam Ierymenko
6fdbdf9272
Merge pull request #712 from elmar/master
fix typo in documentation
2018-04-18 08:04:19 -07:00
Adam Ierymenko
3de7691af3 Merge branch 'master' of github.com:zerotier/ZeroTierOne
* Features and Core Improvements
    * Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
    * This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons.
    * Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. Most users won't want this, but it's useful for specialized use cases on hub-and-spoke networks and for low-power devices.
    * Cryptographic performance improvements on several platforms.
    * Multithreaded performance improvements throughout the code base, including the use of an inline lightweight spinlock for low-contention resources.
 * Bugs fixed
    * Disappearing routes on Mac (GitHub issue #600)
    * Route flapping and path instability in some dual-stack V4/V6 networks
    * Blacklist (in local.conf) doesn't work reliably (GitHub issue #656)
    * Connection instabilities due to unsigned integer overflows in timing comparisons (use int64_t instead of uint64_t)
    * Binaries don't run on some older or lower-end 32-bit ARM chips (build problem)
    * ARM NEON crypto code crashes (build problem)
    * Fixed some lock ordering issues revealed by "valgrind" tool
    * The "zerotier-idtool" command could not be accessed from "zerotier-one" via command line switch
    * Leaking sockets on some platforms when uPnP/NAT-PMP is enabled
    * Fixed two very rare multithreading issues that were only observed on certain systems
 * Platform-Specific Changes
    * MacOS
        * Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop). On High Sierra and newer kexts must be authorized at the console via security settings system preferences pane.
    * Windows
        * The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs across groups of machines using IT management and provisioning tools.
        * The Windows official packages are now signed with an EV certificate (with hardware key).
        * The Windows UI can now log into ZeroTier Central and join networks via the Central API.
        * The `zerotier-idtool` command should now work on Windows without ugly hacks.
        * Upgraded the installer version.
        * Made a few changes to hopefully fix sporadic "will not uninstall" problems, though we cannot duplicate these issues ourselves.
    * Linux
        * Device names are now generated deterministically based on network IDs for all newly joined networks.
    * Android
        * Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
        * IPv6 can be disabled in UI for cases where it causes problems.
2018-04-17 13:32:39 -07:00
Adam Ierymenko
bbed93bcf4 * Features and Core Improvements
* Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
    * This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons.
    * Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. Most users won't want this, but it's useful for specialized use cases on hub-and-spoke networks and for low-power devices.
    * Cryptographic performance improvements on several platforms.
    * Multithreaded performance improvements throughout the code base, including the use of an inline lightweight spinlock for low-contention resources.
 * Bugs fixed
    * Disappearing routes on Mac (GitHub issue #600)
    * Route flapping and path instability in some dual-stack V4/V6 networks
    * Blacklist (in local.conf) doesn't work reliably (GitHub issue #656)
    * Connection instabilities due to unsigned integer overflows in timing comparisons (use int64_t instead of uint64_t)
    * Binaries don't run on some older or lower-end 32-bit ARM chips (build problem)
    * ARM NEON crypto code crashes (build problem)
    * Fixed some lock ordering issues revealed by "valgrind" tool
    * The "zerotier-idtool" command could not be accessed from "zerotier-one" via command line switch
    * Leaking sockets on some platforms when uPnP/NAT-PMP is enabled
    * Fixed two very rare multithreading issues that were only observed on certain systems
 * Platform-Specific Changes
    * MacOS
        * Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop). On High Sierra and newer kexts must be authorized at the console via security settings system preferences pane.
    * Windows
        * The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs across groups of machines using IT management and provisioning tools.
        * The Windows official packages are now signed with an EV certificate (with hardware key).
        * The Windows UI can now log into ZeroTier Central and join networks via the Central API.
        * The `zerotier-idtool` command should now work on Windows without ugly hacks.
        * Upgraded the installer version.
        * Made a few changes to hopefully fix sporadic "will not uninstall" problems, though we cannot duplicate these issues ourselves.
    * Linux
        * Device names are now generated deterministically based on network IDs for all newly joined networks.
    * Android
        * Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
        * IPv6 can be disabled in UI for cases where it causes problems.
2018-04-17 13:30:37 -07:00
Adam Ierymenko
8900b30b6e Windows installer tweaks and version bumps. 2018-04-17 12:47:33 -07:00
Adam Ierymenko
ae4fb799e4 More versioning 2018-04-17 12:14:59 -07:00
Adam Ierymenko
3f1d1fb3c3 'versioning' 2018-04-17 12:12:49 -07:00
Adam Ierymenko
f0a23ae0ea docs 2018-04-17 10:48:00 -07:00
Elmar S. Heeb
c14f9cc247 fix typo in documentation 2018-04-14 10:52:30 +02:00
Adam Ierymenko
e276b6463e Release notes, and shorten Linux canonical network ID derived device names a bit. 2018-04-12 10:33:06 -04:00
Adam Ierymenko
9da7967197 Merge branch 'dev' into edge 2018-04-12 09:08:48 -04:00
Adam Ierymenko
74f2b78c04 Refactor some potentially unsafe SharedPtr<> code. 2018-04-06 08:10:34 -07:00
Adam Ierymenko
2021f8cb5f Merge branch 'dev' into edge 2018-03-29 13:34:54 -07:00
Adam Ierymenko
40a9ebd078 GitHub issue #675 2018-03-29 10:44:57 -07:00
Adam Ierymenko
8c1b73b29c GitHub issue #701 2018-03-29 10:25:29 -07:00
Adam Ierymenko
6679a55693 certutil needs -f in case TrustedProvider store is not yet created 2018-03-27 19:15:14 -07:00
Adam Ierymenko
1101c1d919 Works on 32-bit too now. 2018-03-27 18:46:06 -07:00
Adam Ierymenko
fcb529b348 Take two on unattended driver installs. I think it works now.' 2018-03-27 17:53:28 -07:00
Adam Ierymenko
680b1ca208 Upgrade installer AIP versions and redo how we bundle the driver sub-installer to allow unattended driver installs (hopefully). 2018-03-27 14:19:45 -07:00
Adam Ierymenko
af74fe1711 Merge branch 'dev' into edge 2018-03-21 15:32:04 -07:00
Adam Ierymenko
494cf4049e Add specification of anchor and multicast hub address (optional) to new multicast and IPv4 enabled ad-hoc network ID format. 2018-03-21 15:31:48 -07:00
Adam Ierymenko
c908b9f67a Add anchor and multicast hub address field to new multicast enabled ad-hoc address format. 2018-03-21 15:27:26 -07:00
Adam Ierymenko
209f6d9d2d Merge branch 'dev' into edge 2018-03-19 11:18:54 -07:00
Adam Ierymenko
916077012e Make sure fopen is in binary mode on Windows. 2018-03-16 11:27:11 -07:00
Adam Ierymenko
beb170e4fb Use X64 ASM ed25519 signatures on Linux/x64, which are about 10X faster. Will matter a lot for network controllers, not so much for other things. 2018-03-13 06:51:17 -07:00
Adam Ierymenko
a59912f3af SHA512 using libcrypto (not enabled by default) 2018-03-12 16:56:47 -07:00
Adam Ierymenko
610e594a50 Speed tweaks for signatures, etc. 2018-03-12 16:16:20 -07:00
Joseph Henry
b4e2547052 Minor tweak to QNAP path getter 2018-03-12 11:23:10 -07:00
Pablo Hinojosa
a9778549f2
Warn about invalid network id instead of help 2018-03-11 03:39:13 +01:00
Adam Ierymenko
b601041b5b Merge branch 'edge' of http://10.6.6.2/zerotier/ZeroTierOne into edge 2018-03-09 07:51:43 -08:00
Adam Ierymenko
0945d6ec0d Merge branch 'dev' into edge 2018-03-09 07:50:38 -08:00
Adam Ierymenko
78d9cee416 Other fixes to IPv4 ad-hoc networks. 2018-03-09 00:10:01 -08:00
Adam Ierymenko
bbdb2aa672 Some work on IPv4 enabled ad-hoc networks. 2018-03-08 23:53:57 -08:00
Adam Ierymenko
574b24c082 docs 2018-03-08 22:41:42 -08:00
Adam Ierymenko
874a187c7f cleanup 2018-03-08 22:39:51 -08:00
Adam Ierymenko
e8fb443313 Forgot one other use in RethinkDb driver. 2018-03-08 22:34:51 -08:00
Adam Ierymenko
57b96af2c4 Fix for FileDB _networkChanged / _memberChanged problem. 2018-03-08 22:33:08 -08:00
Grant Limberg
e61d4ab67a Merge branch 'dev' into edge 2018-02-23 13:58:24 -08:00
Grant Limberg
2ee358dbfc TAP driver requires input and output buffers for calls passed into DeviceIoControl
Otherwise the driver returns STATUS_INVALID_PARAMETER and the call fails.  This should fix some Multicast issues on Windows
2018-02-23 13:42:02 -08:00
Joseph Henry
e3bb67d188 Added debug output convenience macros 2018-02-16 16:55:31 -08:00
Grant Limberg
2d289a3308 Just a little cleanup 2018-02-16 15:20:07 -08:00
Grant Limberg
bdb2cc7c85 Linux: link system libcurl when compiling with ZT_VAULT_SUPPORT=1
Requires libcurl and development headers to be installed
2018-02-16 15:08:04 -08:00
Grant Limberg
7793060723 Add HashiCorp Vault storage of ZeroTier's public & secret identity
Adds a "vault" section to local.conf.  Example local.conf:

{
  "config": {
    "vault": {
      "vaultURL": "https://some.vault.host:8200",
      "vaultToken": "my-super-secret-vault-token",
      "vaultPath": "secure/place/to/put/identity"
    }
}

Additionally, the following environment variables can be set.  Environment variables override local.conf:

VAULT_ADDR
VAULT_TOKEN
VAULT_PATH

Identities will be placed in the keys "public" and "secret" under the user specified path.  If no path is specified, they will be placed in the token specific cubbyhole.

If identity.public and identity.secret exist on disk and vault is configured, they will be automatically added to Vault and removed from disk.

TODO:
 *  Decide behavior for if Vault cannot be reached.
 *  Add libcurl as a dependency in Linux & Mac builds
 *  Add libcurl as a requirement for linux packages
2018-02-16 14:30:27 -08:00
Grant Limberg
84302ae9c7 Add CURL libs to VC project 2018-02-16 14:21:38 -08:00
Grant Limberg
cd801b96fa libcurl binaries for Windows 2018-02-16 10:31:37 -08:00