1.10.6 AIP for Windows.

The check code wasn't running.

I don't know why !defined(TARGET_OS_IOS) would exclude code on
desktop macOS. I did a quick search and changed it to defined(TARGET_OS_MAC).
Not 100% sure what the most correct solution there is.

You can verify the old and new versions with

`ifconfig | grep temporary`

plus

`zerotier-cli info -j` -> listeningOn

.clang-format

@@ -0,0 +1,75 @@
+---
+BasedOnStyle: LLVM
+BreakBeforeBraces: Stroustrup
+IndentWidth: 4
+TabWidth: 4
+AlignAfterOpenBracket: AlwaysBreak
+AlignConsecutiveMacros: 'true'
+AlignConsecutiveAssignments: 'false'
+AlignConsecutiveDeclarations: 'false'
+AlignEscapedNewlines: Right
+AlignOperands: 'true'
+AlignTrailingComments: 'true'
+AllowAllArgumentsOnNextLine: 'false'
+AllowAllConstructorInitializersOnNextLine: 'false'
+AllowAllParametersOfDeclarationOnNextLine: 'false'
+AllowShortBlocksOnASingleLine: 'true'
+AllowShortCaseLabelsOnASingleLine: 'false'
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: Never
+AlwaysBreakAfterReturnType: None
+BinPackArguments: 'false'
+BinPackParameters: 'false'
+BreakBeforeBinaryOperators: NonAssignment
+BreakBeforeTernaryOperators: 'true'
+BreakConstructorInitializers: BeforeComma
+BreakInheritanceList: BeforeComma
+CompactNamespaces: 'false'
+ConstructorInitializerAllOnOneLineOrOnePerLine: 'true'
+ConstructorInitializerIndentWidth: '4'
+ContinuationIndentWidth: '4'
+Cpp11BracedListStyle: 'false'
+FixNamespaceComments: 'true'
+IncludeBlocks: Regroup
+IndentCaseLabels: 'true'
+IndentPPDirectives: None
+IndentWrappedFunctionNames: 'false'
+KeepEmptyLinesAtTheStartOfBlocks: 'false'
+MaxEmptyLinesToKeep: '1'
+NamespaceIndentation: None
+PointerAlignment: Left
+ReflowComments: 'true'
+SortIncludes: 'true'
+SortUsingDeclarations: 'true'
+SpaceAfterCStyleCast: 'false'
+SpaceAfterLogicalNot: 'true'
+SpaceAfterTemplateKeyword: 'true'
+SpaceBeforeAssignmentOperators: 'true'
+SpaceBeforeCpp11BracedList: 'true'
+SpaceBeforeCtorInitializerColon: 'true'
+SpaceBeforeInheritanceColon: 'true'
+SpaceBeforeParens: ControlStatements
+SpaceBeforeRangeBasedForLoopColon: 'true'
+SpaceInEmptyParentheses: 'false'
+SpacesBeforeTrailingComments: '3'
+SpacesInAngles: 'false'
+SpacesInCStyleCastParentheses: 'false'
+SpacesInContainerLiterals: 'true'
+SpacesInParentheses: 'false'
+SpacesInSquareBrackets: 'false'
+UseTab: 'Always'
+
+---
+Language: Cpp
+Standard: Cpp03
+ColumnLimit: '240'
+---
+Language: ObjC
+ColumnLimit: '240'
+---
+Language: Java
+ColumnLimit: '240'
+---
+Language: CSharp
+ColumnLimit: '240'
+...

.dockerignore

@@ -0,0 +1,2 @@
+.git/
+workspace/

.drone.jsonnet

@@ -0,0 +1,40 @@
+local registry = "084037375216.dkr.ecr.us-east-2.amazonaws.com";
+
+local targets = [
+      { "os": "linux",   "name": "sid", "isas": [ "386", "armv7", "amd64", "arm64", "mips64le", "ppc64le", "s390x", "riscv64" ], "events": [ "push", "tag", "custom" ] },
+];
+
+local Build(platform, os, isa, events) = {
+  "kind": "pipeline",
+  "type": "docker",
+  "pull": "always",
+  "name": platform + " " + isa + " " + "build",
+  "clone": { "depth": 1 },
+  "steps": [
+    {
+      "name": "build",
+      "image": registry + "/honda-builder",
+      "commands": [
+        "aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin " + registry,
+        "./ci/scripts/build.sh " + platform + " " + isa + " " + "100.0.0+${DRONE_COMMIT_SHA:0:8}" + " " + "${DRONE_BUILD_EVENT}"
+      ]
+    },
+    // {
+    //   "name": "list",
+    //   "image": registry + "/honda-builder",
+    //   "commands": [ "ls -la " + platform ]
+    // },
+  ],  
+  [ if isa == "arm64" || isa == "armv7" then "platform" ]: { os: os, arch: "arm64" },
+  "trigger": { "event": events }
+};
+
+// puttin on the bits
+
+std.flattenArrays([
+  [
+     Build(p.name, p.os, isa, p.events)
+      for isa in p.isas
+  ]
+  for p in targets
+])

.drone.yml

@@ -0,0 +1,158 @@
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid 386 build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid 386 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid armv7 build
+platform:
+  arch: arm64
+  os: linux
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid armv7 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid amd64 build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid amd64 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid arm64 build
+platform:
+  arch: arm64
+  os: linux
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid arm64 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid mips64le build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid mips64le 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid ppc64le build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid ppc64le 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid s390x build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid s390x 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker
+---
+clone:
+  depth: 1
+kind: pipeline
+name: sid riscv64 build
+pull: always
+steps:
+- commands:
+  - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
+    084037375216.dkr.ecr.us-east-2.amazonaws.com
+  - ./ci/scripts/build.sh sid riscv64 100.0.0+${DRONE_COMMIT_SHA:0:8} ${DRONE_BUILD_EVENT}
+  image: 084037375216.dkr.ecr.us-east-2.amazonaws.com/honda-builder
+  name: build
+trigger:
+  event:
+  - push
+  - tag
+  - custom
+type: docker

.gitattributes

@@ -0,0 +1,4 @@
+ext/bin/tap-windows-ndis6/x64/zttap300.inf eol=crlf
+ext/bin/tap-windows-ndis6/x64.old/zttap300.inf eol=crlf
+ext/bin/tap-windows-ndis6/x86/zttap300.inf eol=crlf
+windows/TapDriver6/zttap300.inf eol=crlf

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,46 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-**Alternative, faster ways to get help**
-If you have just started using ZeroTier, here are some places to get help:
-- my.zerotier.com has a _Community_ tab. It's a live chat with other users and the developers. 
-- [ZeroTier Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview)
-- www.zerotier.com has a Contact Us button
-- email contact@zerotier.com
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Create a Network '...'
-2. Install zerotier-one '....'
-3. '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots or console output to help explain your problem.
-
-**Desktop (please complete the following information):**
- - OS: [e.g. Mac, Linux, Windows, BSD]
- - OS/Distribution Version
- - ZeroTier Version [e.g. 1.2.4]
- - Hardware [e.g. raspberry pi 3]
- 
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Version [e.g. 1.2.4]
-
-**Additional context**
-Add any other context about the problem here.
-- ZeroTier Network Configuration
-- Router Config
-- Firewall Config (try turning the firewall off)
-- General Network Environment: [ e.g Home, University Campus, Corporate LAN ]
-

.github/ISSUE_TEMPLATE/bugs-and-issues.md

@@ -0,0 +1,31 @@
+---
+name: Bugs and Issues
+about: Create a report to help us improve
+title: ''
+labels: NEEDS TRIAGE
+assignees: ''
+
+---
+
+# Before filing a Bug Report
+
+_Using these will ensure you get quicker support, and make this space available for code-related issues. Thank you!_
+
+- [Docs Site](https://docs.zerotier.com/zerotier/troubleshooting) => Troubleshooting, quickstarts, and more advanced topics.
+- [Discuss Forum](https://discuss.zerotier.com/) => Our discussion forum for users and support to mutually resolve issues & suggest ideas.
+- [Reddit](https://www.reddit.com/r/zerotier/) => Our subreddit, which we monitor regularly and is fairly active.
+- [Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview) => Older wiki.
+
+If you are having a connection issue, it's much easier to diagnose through the discussion forum or the ticket system. 
+
+
+# If you still want to file a Bug Report
+
+## Please let us know
+
+- What you expect to be happening.
+- What is actually happening?
+- Any steps to reproduce the error.
+- Any relevant console output or screenshots.
+- What operating system and ZeroTier version. Please try the latest ZeroTier release. 
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,17 +1,13 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
+title: "[Feature Request] "
+labels: suggestion
+assignees: ''
 
 ---
 
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+If there is something you'd like to have added to ZeroTier, to go to https://discuss.zerotier.com/c/feature-requests/ instead. Issues there can be voted on and discussed in-depth.
 
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
 
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
+Thank you!

.github/ISSUE_TEMPLATE/game-connection-issue.md

@@ -0,0 +1,15 @@
+---
+name: Game Connection Issue
+about: Game issues are better served by forum posts
+title: Please go to our Discuss or Reddit for game-related issues. Thanks!
+labels: wontfix
+assignees: ''
+
+---
+
+Are you having trouble connecting to a game on your virtual network after installing ZeroTier?
+
+- [ ] Yes
+- [ ] No
+
+If you answered yes, then it is very likely that your question would be better answered on our [Community Forums](https://discuss.zerotier.com) or [Reddit](https://www.reddit.com/r/zerotier/) community; we monitor both regularly. We also have extensive documentation on our [Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview). Thank you!

.github/workflows/build.yml

@@ -0,0 +1,107 @@
+on: [ push ]
+
+jobs:
+  build_ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+    - name: gitconfig
+      run: |
+        git config --global core.autocrlf input
+      #        git config --global core.eol lf
+    - name: checkout
+      uses: actions/checkout@v3
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        target: aarch64-apple-darwin
+        override: true
+        components: rustfmt, clippy
+
+    - name: Set up cargo cache
+      uses: actions/cache@v3
+      continue-on-error: false
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          target/
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: ${{ runner.os }}-cargo-
+    - name: make
+      run: make
+    - name: selftest
+      run: |
+        make selftest
+        ./zerotier-selftest
+
+  build_macos:
+    runs-on: macos-latest
+    steps:
+    - name: gitconfig
+      run: |
+        git config --global core.autocrlf input
+      #        git config --global core.eol lf
+    - name: checkout
+      uses: actions/checkout@v3
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        target: aarch64-apple-darwin
+        override: true
+        components: rustfmt, clippy
+    - name: Set up cargo cache
+      uses: actions/cache@v3
+      continue-on-error: false
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          target/
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: ${{ runner.os }}-cargo-
+    - name: make
+      run: make
+    - name: selftest
+      run: |
+        make selftest
+        ./zerotier-selftest
+
+  build_windows:
+    runs-on: windows-latest
+    steps:
+    - name: gitconfig
+      run: |
+        git config --global core.autocrlf true
+      #        git config --global core.eol lf
+    - name: checkout
+      uses: actions/checkout@v3
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        target: aarch64-apple-darwin
+        override: true
+        components: rustfmt, clippy
+    - name: Set up cargo cache
+      uses: actions/cache@v3
+      continue-on-error: false
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          target/
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: ${{ runner.os }}-cargo-
+    - name: setup msbuild
+      uses: microsoft/setup-msbuild@v1.1.3
+    - name: msbuild
+      run: |
+        msbuild windows\ZeroTierOne.sln /m /p:Configuration=Release  /property:Platform=x64 /t:ZeroTierOne:Rebuild        

.gitignore

@@ -6,6 +6,11 @@
 /zerotier
 /nltest
 
+# IDE stuff
+/.idea
+/.nova
+/compile_commands.json
+
 # OS-created garbage files from various platforms
 .DS_Store
 .Apple*
@@ -30,10 +35,8 @@ Thumbs.db
 /windows/WebUIWrapper/obj
 /windows/lib
 /ext/installfiles/windows/ZeroTier One-SetupFiles
-/ext/installfiles/windows/Prerequisites
 /ext/installfiles/windows/*-cache
 /ZeroTier One.msi
-/windows/.vs
 *.vcxproj.backup
 /windows/TapDriver6/Win7Debug
 /windows/TapDriver6/win7Release
@@ -42,6 +45,7 @@ Thumbs.db
 enc_temp_folder
 /windows/copyutil/bin
 /windows/copyutil/obj
+.vs/
 
 # *nix/Mac build droppings
 /build-*
@@ -58,7 +62,6 @@ zt1-src.tar.gz
 *.opensdf
 *.user
 *.cache
-*.obj
 *.tlog
 *.pid
 *.pkg
@@ -103,7 +106,6 @@ windows/ZeroTierOne/Debug/
 *.swp
 *~.nib
 DerivedData/
-build/
 *.pbxuser
 *.mode1v3
 *.mode2v3
@@ -114,9 +116,25 @@ build/
 !default.perspectivev3
 *.xccheckout
 xcuserdata/
-ext/librethinkdbxx/build
 .vscode
 __pycache__
 *~
 attic/world/*.c25519
 attic/world/mkworld
+workspace/
+workspace2/
+zeroidc/target/
+
+#snapcraft specifics
+/parts/
+/stage/
+/prime/
+
+*.snap
+
+.snapcraft
+__pycache__
+*.pyc
+*_source.tar.bz2
+snap/.snapcraft
+tcp-proxy/tcp-proxy

Dockerfile.ci

@@ -0,0 +1,28 @@
+# vim: ft=dockerfile
+
+FROM ubuntu:21.04 as stage
+
+RUN apt-get update -qq && apt-get -qq install make clang
+COPY . .
+RUN /usr/bin/make
+RUN echo $PWD
+RUN cp zerotier-one /usr/sbin
+
+FROM ubuntu:21.04
+
+COPY --from=stage /zerotier-one /usr/sbin
+RUN ln -sf /usr/sbin/zerotier-one /usr/sbin/zerotier-idtool
+RUN ln -sf /usr/sbin/zerotier-one /usr/sbin/zerotier-cli
+
+RUN echo "${VERSION}" > /etc/zerotier-version
+RUN rm -rf /var/lib/zerotier-one
+
+
+RUN apt-get -qq update
+RUN apt-get -qq install iproute2 net-tools fping 2ping iputils-ping iputils-arping
+
+COPY entrypoint.sh.release /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+CMD []
+ENTRYPOINT ["/entrypoint.sh"]

Dockerfile.release

@@ -0,0 +1,23 @@
+# vim: ft=dockerfile
+
+FROM debian:bullseye
+
+ARG VERSION
+
+RUN apt-get update -qq && apt-get install curl gpg -y
+RUN mkdir -p /usr/share/zerotier && \
+    curl -o /usr/share/zerotier/tmp.asc "https://download.zerotier.com/contact%40zerotier.com.gpg" && \
+    gpg --no-default-keyring --keyring /usr/share/zerotier/zerotier.gpg --import /usr/share/zerotier/tmp.asc && \
+    rm -f /usr/share/zerotier/tmp.asc && \
+    echo "deb [signed-by=/usr/share/zerotier/zerotier.gpg] http://download.zerotier.com/debian/bullseye bullseye main" > /etc/apt/sources.list.d/zerotier.list
+
+RUN apt-get update -qq && apt-get install zerotier-one=${VERSION} curl iproute2 net-tools iputils-ping openssl libssl1.1 -y
+RUN rm -rf /var/lib/zerotier-one
+
+COPY entrypoint.sh.release /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+HEALTHCHECK --interval=1s CMD bash /healthcheck.sh
+
+CMD []
+ENTRYPOINT ["/entrypoint.sh"]

Jenkinsfile

@@ -1,84 +0,0 @@
-#!/usr/bin/env groovy
-
-node('master') {
-    checkout scm
-    
-    def changelog = getChangeLog currentBuild
-
-    mattermostSend "Building ${env.JOB_NAME} #${env.BUILD_NUMBER} \n Change Log: \n ${changelog}"
-}
-
-parallel 'centos7': {
-    node('centos7') {
-        try {
-            checkout scm
-
-	        stage('Build Centos 7') {
-                sh 'make -f make-linux.mk'
-            }
-        }
-        catch (err) {
-            currentBuild.result = "FAILURE"
-            mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Centos 7 (<${env.BUILD_URL}|Open>)"
-
-            throw err
-        }
-    }
-// }, 'android-ndk': {
-//     node('android-ndk') {
-//         try {
-//             checkout scm
-	
-//             stage('Build Android NDK') { 
-//                 sh "/android/android-ndk-r15b/ndk-build -C $WORKSPACE/java ZT1=${WORKSPACE}"
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Android NDK (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
-// }, 'macOS': {
-//     node('macOS') {
-//         try {
-//             checkout scm
-
-//             stage('Build macOS') {
-//                 sh 'make -f make-mac.mk'
-//             }
-
-//             stage('Build macOS UI') {
-//                 sh 'cd macui && xcodebuild -target "ZeroTier One" -configuration Debug'
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on macOS (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
-// }, 'windows': {
-//     node('windows') {
-//         try {
-//             checkout scm
-            
-//             stage('Build Windows') {
-//                 bat '''CALL "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" amd64
-// git clean -dfx
-// msbuild windows\\ZeroTierOne.sln
-// '''
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Windows (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
-}
-
-mattermostSend color: "#00ff00", message: "${env.JOB_NAME} #${env.BUILD_NUMBER} Complete (<${env.BUILD_URL}|Show More...>)"

LICENSE.txt

@@ -47,7 +47,7 @@ Additional Use Grant: You may make use of the Licensed Work, provided you
                       services, social welfare, senior care, child care, and
                       the care of persons with disabilities.
 
-Change Date:          2023-01-01
+Change Date:          2025-01-01
 
 Change License:       Apache License version 2.0 as published by the Apache
                       Software Foundation

Makefile

@@ -17,8 +17,8 @@ ifeq ($(OSTYPE),FreeBSD)
 	include make-bsd.mk
 endif
 ifeq ($(OSTYPE),OpenBSD)
-	CC=egcc
-	CXX=eg++
+	CC=clang
+	CXX=clang++
 	ZT_BUILD_PLATFORM=9
 	include make-bsd.mk
 endif
@@ -26,3 +26,7 @@ endif
 ifeq ($(OSTYPE),NetBSD)
 	include make-netbsd.mk
 endif
+
+drone:
+	@echo "rendering .drone.yaml from .drone.jsonnet"
+	drone jsonnet --format --stream

OFFICIAL-RELEASE-STEPS.md

@@ -14,7 +14,6 @@ The version must be incremented in all of the following files:
     /debian/changelog
     /ext/installfiles/mac/ZeroTier One.pkgproj
     /ext/installfiles/windows/ZeroTier One.aip
-    /windows/WinUI/AboutView.xaml
 
 The final .AIP file can only be edited on Windows with [Advanced Installer Enterprise](http://www.advancedinstaller.com/). In addition to incrementing the version be sure that a new product code is generated. (The "upgrade code" GUID on the other hand must never change.)
 

README.docker.md

@@ -0,0 +1,72 @@
+# ZeroTier One in a container!
+
+**NOTE:** _Most of this information pertains to the docker image only. For more information about ZeroTier, check out the repository_: [here](https://github.com/zerotier/ZeroTierOne) or the [commercial website](https://www.zerotier.com).
+
+[ZeroTier](https://www.zerotier.com) is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
+
+This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring.
+
+All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connections.
+
+The goals and design principles of ZeroTier are inspired by among other things the original [Google BeyondCorp](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf) paper and the [Jericho Forum](https://en.wikipedia.org/wiki/Jericho_Forum) with its notion of "deperimeterization."
+
+Visit [ZeroTier's site](https://www.zerotier.com/) for more information and [pre-built binary packages](https://www.zerotier.com/download/). Apps for Android and iOS are available for free in the Google Play and Apple app stores.
+
+ZeroTier is licensed under the [BSL version 1.1](https://mariadb.com/bsl11/). See [LICENSE.txt](https://github.com/zerotier/ZeroTierOne/blob/master/LICENSE.txt) and the [ZeroTier pricing page](https://www.zerotier.com/pricing) for details. ZeroTier is free to use internally in businesses and academic institutions and for non-commercial purposes. Certain types of commercial use such as building closed-source apps and devices based on ZeroTier or offering ZeroTier network controllers and network management as a SaaS service require a commercial license.
+
+A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md](https://github.com/zerotier/ZeroTierOne/blob/master/AUTHORS.md) for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
+
+## Building the docker image
+
+Due to the network being a substrate for most applications and not an application unto itself, it makes sense that many people would want to build their own image based on our formula.
+
+The image is based on `debian:buster`.
+
+The `Dockerfile.release` file contains build instructions for building the described image in the rest of the README. The build is multi-arch and multi-release capable.
+
+These build arguments power the build:
+
+- `PACKAGE_BASEURL`: The base URL of the package repository to fetch from. (default: `https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/`)
+- `ARCH`: The architecture of the package, in debian format. Must match your image arch. (default: `amd64`)
+- `VERSION`: **REQUIRED** the version of ZeroTier to fetch.
+
+You can build this image like so:
+
+```
+docker build -f Dockerfile.release -t mybuild --build-arg VERSION=1.6.5 .
+```
+
+## Using the docker image
+
+The `entrypoint.sh` in the docker image is a little different; zerotier will be spawned in the background and the "main process" is actually just a sleeping shell script. This allows `zerotier-one` to gracefully terminate in some situations largely unique to docker.
+
+The `zerotier/zerotier` image requires the `CAP_NET_ADMIN` capability and the `/dev/net/tun` device must be forwarded to it.
+
+To join a network, simply supply it on the command-line; you can supply multiple networks.
+
+```
+docker run --name myzerotier --rm --cap-add NET_ADMIN --device /dev/net/tun zerotier/zerotier:latest abcdefdeadbeef00
+```
+
+Once joining all the networks you have provided, it will sleep until terminated. Note that in ZeroTier, joining a network does not necessarily mean you have an IP or can do anything, really. You will want to probe the control socket:
+
+```
+docker exec myzerotier zerotier-cli listnetworks
+```
+
+To ensure you have a network available before trying to listen on it. Without pre-configuring the identity, this usually means going to the central admin panel and clicking the checkmark against your zerotier identity.
+
+### Environment Variables
+
+You can control a few settings including the identity used and the authtoken used to interact with the control socket (which you can forward and access through `localhost:9993`).
+
+- `ZEROTIER_JOIN_NETWORKS`: additional way to set networks to join.
+- `ZEROTIER_API_SECRET`: replaces the `authtoken.secret` before booting and allows you to manage the control socket's authentication key.
+- `ZEROTIER_IDENTITY_PUBLIC`: the `identity.public` file for zerotier-one. Use `zerotier-idtool` to generate one of these for you.
+- `ZEROTIER_IDENTITY_SECRET`: the `identity.secret` file for zerotier-one. Use `zerotier-idtool` to generate one of these for you.
+
+### Tips
+
+- Forwarding port `<dockerip>:9993` to somewhere outside is probably a good idea for highly trafficked services.
+- Forwarding `localhost:9993` to a control network where you can drive it remotely might be a good idea, just be sure to set your authtoken properly through environment variables.
+- Pre-generating your identities could be much simpler to do via our [terraform plugin](https://github.com/zerotier/terraform-provider-zerotier)

README.md

@@ -1,11 +1,13 @@
 ZeroTier - Global Area Networking
 ======
 
+*This document is written for a software developer audience. For information on using ZeroTier, see the: [Website](https://www.zerotier.com), [Documentation Site](https://docs.zerotier.com), and [Discussion Forum](https://discuss.zerotier.com).*
+
 ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
 
 This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring.
 
-All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connetions.
+All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connections.
 
 The goals and design principles of ZeroTier are inspired by among other things the original [Google BeyondCorp](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf) paper and the [Jericho Forum](https://en.wikipedia.org/wiki/Jericho_Forum) with its notion of "deperimeterization."
 
@@ -13,7 +15,7 @@ Visit [ZeroTier's site](https://www.zerotier.com/) for more information and [pre
 
 ZeroTier is licensed under the [BSL version 1.1](https://mariadb.com/bsl11/). See [LICENSE.txt](LICENSE.txt) and the [ZeroTier pricing page](https://www.zerotier.com/pricing) for details. ZeroTier is free to use internally in businesses and academic institutions and for non-commercial purposes. Certain types of commercial use such as building closed-source apps and devices based on ZeroTier or offering ZeroTier network controllers and network management as a SaaS service require a commercial license.
 
-A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md] for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
+A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md](AUTHORS.md) for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
 
 ### Getting Started
 
@@ -41,61 +43,62 @@ The base path contains the ZeroTier One service main entry point (`one.cpp`), se
  - `rule-compiler/`: JavaScript rules language compiler for defining network-level rules.
  - `service/`: the ZeroTier One service, which wraps the ZeroTier core and provides VPN-like connectivity to virtual networks for desktops, laptops, servers, VMs, and containers.
  - `windows/`: Visual Studio solution files, Windows service code, and the Windows task bar app UI.
+ - `zeroidc/`: OIDC implementation used by ZeroTier service to log into SSO-enabled networks. (This part is written in Rust, and more Rust will be appearing in this repository in the future.)
 
 ### Build and Platform Notes
 
-To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU make) is required and can be installed from packages or ports. For Windows there is a Visual Studio solution in `windows/'.
+To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU make) is required and can be installed from packages or ports. For Windows there is a Visual Studio solution in `windows/`.
 
  - **Mac**
-   - Xcode command line tools for OSX 10.8 or newer are required.
+   - Xcode command line tools for macOS 10.13 or newer are required.
+   - Rust for x86_64 and ARM64 targets *if SSO is enabled in the build*.
  - **Linux**
    - The minimum compiler versions required are GCC/G++ 4.9.3 or CLANG/CLANG++ 3.4.2. (Install `clang` on CentOS 7 as G++ is too old.)
    - Linux makefiles automatically detect and prefer clang/clang++ if present as it produces smaller and slightly faster binaries in most cases. You can override by supplying CC and CXX variables on the make command line.
+   - Rust for x86_64 and ARM64 targets *if SSO is enabled in the build*.
  - **Windows**
-   - Windows 7 or newer is supported. This *may* work on Vista but isn't officially supported there. It will not work on Windows XP.
-   - We build with Visual Studio 2017. Older versions may not work. Clang or MinGW will also probably work but may require some makefile hacking.
+   - Visual Studio 2022 on Windows 10 or newer.
+   - Rust for x86_64 and ARM64 targets *if SSO is enabled in the build*.
  - **FreeBSD**
    - GNU make is required. Type `gmake` to build.
+   - Rust for x86_64 and ARM64 targets *if SSO is enabled in the build*.
  - **OpenBSD**
    - There is a limit of four network memberships on OpenBSD as there are only four tap devices (`/dev/tap0` through `/dev/tap3`).
    - GNU make is required. Type `gmake` to build.
+   - Rust for x86_64 and ARM64 targets *if SSO is enabled in the build*.
 
 Typing `make selftest` will build a *zerotier-selftest* binary which unit tests various internals and reports on a few aspects of the build environment. It's a good idea to try this on novel platforms or architectures.
 
 ### Running
 
-Running *zerotier-one* with -h will show help.
+Running *zerotier-one* with `-h` option will show help.
 
-On Linux and BSD you can start the service with:
+On Linux and BSD, if you built from source, you can start the service with:
 
     sudo ./zerotier-one -d
 
+On most distributions, macOS, and Windows, the installer will start the service and set it up to start on boot.
+
 A home folder for your system will automatically be created.
 
-The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See README.md in [service/](service/) for API documentation.
+The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See [service/README.md](service/README.md) for API documentation.
 
 Here's where home folders live (by default) on each OS:
 
  * **Linux**: `/var/lib/zerotier-one`
  * **FreeBSD** / **OpenBSD**: `/var/db/zerotier-one`
  * **Mac**: `/Library/Application Support/ZeroTier/One`
- * **Windows**: `\ProgramData\ZeroTier\One` (That's for Windows 7. The base 'shared app data' folder might be different on different Windows versions.)
-
-Running ZeroTier One on a Mac is the same, but OSX requires a kernel extension. We ship a signed binary build of the ZeroTier tap device driver, which can be installed on Mac with:
-
-    sudo make install-mac-tap
-
-This will create the home folder for Mac, place *tap.kext* there, and set its modes correctly to enable ZeroTier One to manage it with *kextload* and *kextunload*.
+ * **Windows**: `\ProgramData\ZeroTier\One` (That's the default. The base 'shared app data' folder might be different if Windows is installed with a non-standard drive letter assignment or layout.)
 
 ### Basic Troubleshooting
 
 For most users, it just works.
 
-If you are running a local system firewall, we recommend adding a rule permitting UDP port 9993 inbound and outbound. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
+If you are running a local system firewall, we recommend adding a rules permitting zerotier. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
 
-The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. If you're using Ubuntu's *ufw*, you can do this:
+See the [documentation site](https://docs.zerotier.com/zerotier/troubleshooting) for more information.
 
-    sudo ufw allow 9993/udp
+The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools.
 
 On CentOS check `/etc/sysconfig/iptables` for IPTables rules. For other distributions consult your distribution's documentation. You'll also have to check the UIs or documentation for commercial third party firewall applications like Little Snitch (Mac), McAfee Firewall Enterprise (Windows), etc. if you are running any of those. Some corporate environments might have centrally managed firewall software, so you might also have to contact IT.
 
@@ -105,4 +108,4 @@ Users behind certain types of firewalls and "symmetric" NAT devices may not able
 
 If a firewall between you and the Internet blocks ZeroTier's UDP traffic, you will fall back to last-resort TCP tunneling to rootservers over port 443 (https impersonation). This will work almost anywhere but is *very slow* compared to UDP or direct peer to peer connectivity.
 
-Additional help [can be found in our knowledge base](https://zerotier.atlassian.net/wiki/spaces/SD/overview).
+Additional help can be found in our [knowledge base](https://zerotier.atlassian.net/wiki/spaces/SD/overview).

RELEASE-NOTES.md

@@ -1,6 +1,220 @@
 ZeroTier Release Notes
 ======
 
+# 2023-03-10 -- Version 1.10.5
+
+ * Fix for high CPU usage bug on Windows
+
+# 2023-03-07 -- Version 1.10.4
+
+ * SECURITY FIX (Windows): this version fixes a file permission problem on
+   Windows that could allow non-privileged users on a Windows system to read
+   privileged files in the ZeroTier service's working directory. This could
+   allow an unprivileged local Windows user to administrate the local ZeroTier
+   instance without appropriate local permissions. This issue is not remotely
+   exploitable unless a remote user can read arbitrary local files, and does
+   not impact other operating systems.
+
+ * Fix a bug in the handling of multiple IP address assignments to virtual
+   interfaces on macOS.
+
+# 2023-02-15 -- Version 1.10.3
+
+ * Fix for duplicate paths in client. Could cause connectivity issues. Affects all platforms.
+ * Fix for Ethernet Tap MTU setting, would not properly apply on Linux.
+ * Fix default route bugs (macOS.)
+ * Enable Ping automatically for ZeroTier Adapters (Windows.)
+ * SSO updates and minor bugfixes.
+ * Add low-bandwidth mode.
+ * Add forceTcpRelay mode (optionally enabled.)
+ * Fix bug that prevented setting of custom TCP relay address.
+ * Build script improvements and bug fixes.
+
+# 2022-11-01 -- Version 1.10.2
+
+ * Fix another SSO "stuck client" issue in zeroidc.
+ * Expose root-reported external IP/port information via the local JSON API for better diagnostics.
+ * Multipath: CLI output improvement for inspecting bonds
+ * Multipath: balance-aware mode
+ * Multipath: Custom policies
+ * Multipath: Link quality measurement improvements
+
+Note that releases are coming few and far between because most of our dev effort is going into version 2.
+
+# 2022-06-27 -- Version 1.10.1
+
+ * Fix an issue that could cause SSO clients to get "stuck" on stale auth URLs.
+ * A few other SSO related bug fixes.
+
+# 2022-06-07 -- Version 1.10.0
+
+ * Fix formatting problem in `zerotier-cli` when using SSO networks.
+ * Fix a few other minor bugs in SSO signin to prepare for general availability.
+ * Remove requirement for webview in desktop UI and instead just make everything available via the tray pulldown/menu. Use [libui-ng](https://github.com/libui-ng/libui-ng) for minor prompt dialogs. Saves space and eliminates installation headaches on Windows.
+ * Fix SSO "spam" bug in desktop UI.
+ * Use system default browser for SSO login so all your plugins, MFA devices, password managers, etc. will work as you have them configured.
+ * Minor fix for bonding/multipath.
+
+# 2022-05-10 -- Version 1.8.10
+
+ * Fixed a bug preventing SSO sign-on on Windows.
+
+# 2022-04-25 -- Version 1.8.9
+
+ * Fixed a long-standing and strange bug that was causing sporadic "phantom" packet authentication failures. Not a security problem but could be behind sporadic reports of link failures under some conditions.
+ * Fized a memory leak in SSO/OIDC support.
+ * Fixed SSO/OIDC display error on CLI.
+ * Fixed a bug causing nodes to sometimes fail to push certs to each other (primarily affects SSO/OIDC use cases).
+ * Fixed a deadlock bug on leaving SSO/OIDC managed networks.
+ * Added some new Linux distributions to the build subsystem.
+
+# 2022-04-11 -- Version 1.8.8
+
+ * Fix a local privilege escalation bug in the Windows installer.
+ * Dependency fix for some Ubuntu versions.
+ * No changes for other platforms. Windows upgrade recommended, everyone else optional.
+
+# 2022-03-30 -- Version 1.8.7
+
+ * Fix for dependency installations in Windows MSI package.
+ * Fix for desktop UI setup when run by a non-super-user.
+ * Bug fix in local OIDC / SSO support for auth0 and other providers.
+ * Other minor fixes for e.g. old Linux distributions.
+
+# 2022-03-04 -- Version 1.8.6
+
+ * Fixed an issue that could cause the UI to be non-responsive if not joined to any networks.
+ * Fix dependency issues in Debian and RedHat packages for some distributions (Fedora, Mint).
+ * Bumped the peer cache serialization version to prevent "coma" issues on upgrade due to changes in path logic behaving badly with old values.
+
+# 2022-02-22 -- Version 1.8.5
+
+ * Plumbing under the hood for endpoint device SSO support.
+ * Fix in LinuxEthernetTap to tap device support on very old (2.6) Linux kernels.
+ * Fix an issue that could cause self-hosted roots ("moons") to fail to assist peers in making direct links. (GitHub issue #1512)
+ * Merge a series of changes by Joseph Henry (of ZeroTier) that should fix some edge cases where ZeroTier would "forget" valid paths.
+ * Minor multipath improvements for automatic path negotiation.
+
+# 2021-11-30 -- Version 1.8.4
+
+ * Fixed an ugly font problem on some older macOS versions.
+ * Fixed a bug that could cause the desktop tray app control panel to stop opening after a while on Windows.
+ * Fixed a possible double "release" in macOS tray app code that crashed on older macOS versions.
+ * Fixed installation on 32-bit Windows 10.
+ * Fixed a build flags issue that could cause ZeroTier to crash on older ARM32 CPUs.
+
+# 2021-11-15 -- Version 1.8.3
+
+ * Remove problematic spinlock, which was only used on x86_64 anyway. Just use pthread always.
+ * Fix fd leak on MacOS that caused non-responsiveness after some time.
+ * Fix Debian install scripts to set /usr/sbin/nologin as shell on service user.
+ * Fix regression that could prevent managed routes from being deleted.
+ * DesktopUI: Remove NSDate:now() call, now works on MacOS 10.13 or newer!
+
+# 2021-11-08 -- Version 1.8.2
+
+ * Fix multicast on linux.
+ * Fix a bug that could cause the tap adapter to have the wrong MAC on Linux.
+ * Update build flags to possibly support MacOS older than 10.14, but more work needs to be done. It may not work yet.
+ * Fix path variable setting on Windows.
+
+# 2021-10-28 -- Version 1.8.1
+
+ * Fix numerous UI issues from 1.8.0 (never fully released).
+ * Remove support for REALLY ancient 1.1.6 or earlier network controllers.
+ * MacOS IPv6 no longer binds to temporary addresses as these can cause interruptions if they expire.
+ * Added additional hardening against address impersonation on networks (also in 1.6.6).
+ * Fix an issue that could cause clobbering of MacOS IP route settings on restart.
+
+ * NOTE: Windows 7 is no longer supported! Windows 7 users will have to use version 1.6.5 or earlier.
+
+# 2021-09-15 -- Version 1.8.0 (preview release only)
+
+ * A *completely* rewritten desktop UI for Mac and Windows!
+ * Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
+ * Fix for MacOS MTU capping issue on feth devices
+ * Fix for mistakenly using v6 source addresses for v4 routes on some platforms
+ * Stop binding to temporary IPv6 addresses
+ * Set MAC address before bringing up Linux TAP link
+ * Check if DNS servers need to be applied on macOS
+ * Upgrade json.hpp dependency to version 3.10.2
+
+# 2021-09-21 -- Version 1.6.6
+
+ * Backport COM hash check mitigation against network member impersonation.
+
+# 2021-04-13 -- Version 1.6.5
+
+ * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects.
+ * Fix a printf overflow in zerotier-cli (not exploitable or a security risk)
+ * Windows now looks up the name of ZeroTier devices instead of relying on them having "ZeroTier" in them.
+
+# 2021-02-15 -- Version 1.6.4
+
+ * The groundhog saw his shadow, which meant that the "connection coma" bug still wasn't gone. We think we found it this time.
+
+# 2021-02-02 -- Version 1.6.3
+
+ * Likely fix for GitHub issue #1334, an issue that could cause ZeroTier to
+   go into a "coma" on some networks.
+ * Also groundhog day
+
+# 2020-11-30 -- Version 1.6.2
+
+ * Fix an ARM hardware AES crypto issue (not an exploitable vulnerability).
+ * Fix a Linux network leave hang due to a mutex deadlock.
+
+# 2020-11-24 -- Version 1.6.1
+
+This release fixes some minor bugs and other issues in 1.6.0.
+
+ * Fixed a bug that caused IP addresses in the 203.0.0.0/8 block to be miscategorized as not being in global scope.
+ * Changed Linux builds to (hopefully) fix LXC and SELinux issues.
+ * Fixed unaligned memory access that caused crash on FreeBSD systems on the ARM architecture.
+ * Merged CLI options for controlling bonded devices into the beta multipath code.
+ * Updated Windows driver with Microsoft cross-signing to fix issues on some Windows systems.
+
+# 2020-11-19 -- Version 1.6.0
+
+Version 1.6.0 is a major release that incorporates back-ported features from the 2.0 branch, which is still under development. It also fixes a number of issues.
+
+New features and improvements (including those listed under 1.5.0):
+
+ * **Apple Silicon** (MacOS ARM64) native support via universal binary. ZeroTier now requires the very latest Xcode to build.
+ * **Linux performance improvements** for up to 25% faster tun/tap I/O performance on multi-core systems.
+ * **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
+ * **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
+ * **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
+
+Bug fixes:
+
+ * **Managed route assignment fixes** to eliminate missing routes on Linux and what we believe to be the source of sporadic high CPU usage on MacOS.
+ * **Hang on shutdown** issues should be fixed.
+ * **Sporadic multicast outages** should be fixed.
+
+Known remaining issues:
+
+ * AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
+
+# 2020-10-05 -- Version 1.5.0 (actually 1.6.0-beta1)
+
+Version 1.6.0 (1.5.0 is a beta!) is a significant release that incorporates a number of back-ported fixes and features from the ZeroTier 2.0 tree.
+
+Major new features are:
+
+ * **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
+ * **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
+ * **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
+
+Known issues that are not yet fixed in this beta:
+
+ * Some Mac users have reported periods of 100% CPU in kernel_task and connection instability after leaving networks that have been joined for a period of time, or needing to kill ZeroTier and restart it to finish leaving a network. This doesn't appear to affect all users and we haven't diagnosed the root cause yet.
+ * The service sometimes hangs on shutdown requiring a kill -9. This also does not affect all systems or users.
+ * AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
+ * Some users have reported multicast/broadcast outages on networks lasting up to 30 seconds. Still investigating.
+
+We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
+
 # 2019-08-30 -- Version 1.4.6
 
  * Update default root list to latest

SECURITY.md

@@ -0,0 +1,95 @@
+# Security
+
+ZeroTier takes the security of our software products and services seriously, which 
+includes all source code repositories managed through our GitHub organization.
+
+## Supported Versions
+
+The following versions of ZeroTier One receive security updates
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.10.x   | :white_check_mark: |
+| 1.8.x   | :white_check_mark:  |
+| < 1.8.0 | :x: |
+
+## Reporting a Vulnerability
+
+**Please do not report security issues through public GitHub issues**
+
+Instead, please report vulnerabilities via email to security@zerotier.com. If possible,
+please encrypt with our PGP key (see below).
+
+Please include the following information, or as much as you can provide to help us 
+understand the nature and scope of the issue:
+
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## security@zerotier.com PGP key
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGQGOVIBEACalXTnNqaiSOVLFEiqHpDMg8N/OI5D5850Xy1ZEvx3B3rz7cbn
+k30ozHtJKbh+vqpyItE7DjyQAuF19gP5Q64Yh0Y+MmLHq60q/GwOwAYz7cI+UzA3
+5x8YqcmTp32LAM1xJn+iMlMLBuAmJl4kULKmOXPlpqPiyTFs5saizvm7fgRmfgJJ
+HpsnIrTkaDFJhAR+jvMJohVYwmhuydeI0DsHu7KGpG1ddcHDrUjOPNqXnnAPSPwx
+llw4yfKlQb8GYErsv/G5QVyzd5+SxEuiI4MARRnrk8LlMQ33CR6pzIQ/Bk5AAmye
+mHqfEAknkiOf++urYhRs9BL3Kz3MdV0cg92zr9EFOg0u56jxf5OnAiTOhGUUA0hn
+dS7peVGl46R9Oy2JYIazNDGi+4NIsYDFXsnsss9xOQVygPyeQd71zFHfix0jct9w
+j3o/kj7Egsnm9nc13354bYT6bbalqXiRWwGH1eAFpjueNWiVFwZS6NZUP3WeNDiY
+BlPo1LodvolbXiJcTILTCyEkERJPCK2zoE2nTdVfvTLWsuehw1M6Yd2/q74TVYy/
+RY+KjHkrChEBQ9PqXsXRHj6opKbT8JLfZkvU5k+3IiqqxOpB+QXFI/whj493CxWW
+so7QAmzOCyJq8GDVPxzkwUac22YIkXdiOmb8i/HWq+kLY/HjQE259Gx6KwARAQAB
+tClaZXJvVGllciBTZWN1cml0eSA8c2VjdXJpdHlAemVyb3RpZXIuY29tPokCTAQT
+AQoANhYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlSAhsDBAsJCAcEFQoJCAUW
+AgMBAAIeAQIXgAAKCRD9PZurqgA5ACqPD/sFt6SG6Tu0HwTY2ofJtYsa2GBLL0pf
+dYlX4cWSs1PVB5+m5Oj18y+GB2umA9GnsVtmvaSfp3XEngt2zNWX27uUsVfL35b2
+/5TVVe8RjzOedqMN+lQWMvO+f/C1zmWYXjjpC+iGjgMMaRRrofkkn+7uL4N9y6gY
+rcXtpACT1rYFC+i1AKnZfUO8Vr5ji7odq0f7bDkN/N38rB0kRRwEmO8wqdpQK6gK
+nxf9vgJl5ggimDk5Xtz1sfd3y28bf5N4hdOCkXUbd10nUFY3wDNTM4VxozxTGJeG
+imdcc19Wuw/1fGUZ5SIjgPanCdPLGYwSTr+M6Fuern9uTtlC1GOby3BUtmVGP6EU
+1pSAJSRpmoBPHKKOYtSMwV8PCboXru9P1ab8y8STKM3SKyghUJrl17gdc0LaksZa
+E54pJudGPIQMFRqZjMdV6jgMuaLTozjZ4mW8EThf4mkX4xDkO8l7cOn0225ZYJZC
+lZKpdnwzk9owkJA80u4KBNJxTtB4ZAPzjBsD5hFzCZQTLNQp/psU3EjZsau28eXT
+E/C1QjEQHgy4ohkgQlCm1H1+clKssCWcdmsVGXuS1u8gh4K6X9b0Z6LeCGRaQvH2
++DB8oTAdqp9nUZv9rP4pbo+sR4fF67CFLriVuxjedAiFkbM4uHMFcL4tc/X9+DRo
+YN5X7oEkZvO507kCDQRkBjlSARAAz58UMF7K1qKyQjzKTcutaYZ5SaIGky9lCLZn
+/2vjpFCoBogkxS/6IKQcwZk8b4S9QstaaQZDFEkxqNeKC0GiFTAMAb6SmYcK495h
+EZnHl0NA5Nc2dBlZk5E/ENzTCz2bXaxCcVESc2z+xCzu07brbhGrqvliKiwOUzt9
+JzqEsar6I95OutBcZvkFCs44/Uf9bS1qf1w4klE8w3vdMtGH23umrET4tFZ+sh6o
+ZFtQx0u2eKjsRdn/RMtsxLNaJlcE1DdIAqBpQrcmuwMC8v5wUGfCGZjhClzmyQlq
+akUkayir7UtbHbFT/mgO+YI77YGXWk5QrwPscqqT2l8KB/YMujNDmaWa/0KV1lIY
+zr5s4dzVeiwqFLR9ANFIhzFwzf3JLi6XSx123Qix0TxZoYPZCHl7yoi9qi6qybz5
+0Od2LSz3jbApeKYymZ+zjE+YV5y9DI6Wzy1j2M1FogNvTO9fMk+6dLt4HhTdSNvH
+cKya462YCcy+tnZTkhmh+FTebbJlV6D4wG7skE5KCdBhjm53xLwp6XW9L6n2CrkL
+W1IDBcCz0oPd1sMkXbO3wnxdXprV2XurCfsg/R2nszSNzvdJ8/xj3cr9hpoJ714R
+qqyoEDRZ1Ss9kGL166o5MpN5qb/EewdkqGgWP7YFXbhsdHQiW7Z7dAqzjoaybD4O
+nakkwyUAEQEAAYkCNgQYAQoAIBYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlS
+AhsMAAoJEP09m6uqADkAax0P/Rh8EZYRqW6dPYTl1YQusAK10rAcRNq3ekjofXGk
+oXK1S7HWGoFgl5++5nfSfNgFJ5VLcgIM56wtIf49zFjWe5oC6fw8k+ghh4d2chMP
+hdDILx6e0c30Iq1+EvovGR9hWa0wJ4cKTdzlwhY9ZC09q0ia+bl2mwpie1JQDR0c
+zXCjt+PldLeeK9z1/XT0Q7KowYC+U18oR+KFm+EaRV4QT85JVequnIeGkmaHJrHB
+lH4T5A5ib7y8edon1c0Zx3GsaxJUojkEJ0SX7ffVDu6ztUZfkHfCVpMW4VzUeGA/
+m+CtFO9ciLRGZEkRa+zhIGoBvwEXU0GiwiF4nZ0F2C8UioeW0YIEV9zl3nXJctYE
+ZKc2whSENQRTGgaYHVoVZhznt71LKWgFLshwBo81UCXVkzwAjMW1ActDnmPw5M7q
+xR5Qp5G49Z1GmfSozazha0HVFPKNV5i3RlTzs4yLUnZyH0yC9IvtOefMHcLjG96L
+N5miEV97gvJJjrn8rhRvpUwAWgmT/9IuYjBNQTtNN40arto5HxezR76WCjdKYxdL
+p3dM1iiBDShHNm7LdyZlLFhTOMU0tNBxJJ7B09ar5gakeZjD+2aB1ODX9VuFtozL
+onBjI2gIkry0UIkuznHfFw05lZAZAiqHEVgVi/WTk4C/bklDZNgE0lx+IWzEz2iS
+L455
+=lheL
+-----END PGP PUBLIC KEY BLOCK-----
+```

attic/WinUI/APIHandler.cs

@@ -272,7 +272,7 @@ namespace WinUI
             }
         }
 
-        public void JoinNetwork(Dispatcher d, string nwid, bool allowManaged = true, bool allowGlobal = false, bool allowDefault = false)
+        public void JoinNetwork(Dispatcher d, string nwid, bool allowManaged = true, bool allowGlobal = false, bool allowDefault = false, bool allowDNS = false)
         {
             Task.Factory.StartNew(() =>
             {
@@ -291,7 +291,8 @@ namespace WinUI
                     {
                         string json = "{\"allowManaged\":" + (allowManaged ? "true" : "false") + "," +
                                 "\"allowGlobal\":" + (allowGlobal ? "true" : "false") + "," +
-                                "\"allowDefault\":" + (allowDefault ? "true" : "false") + "}";
+                                "\"allowDefault\":" + (allowDefault ? "true" : "false") + "," +
+                                "\"allowDNS\":" + (allowDNS ? "true" : "false") + "}";
                         streamWriter.Write(json);
                         streamWriter.Flush();
                         streamWriter.Close();

attic/WinUI/AboutView.xaml

@@ -19,9 +19,9 @@
                     <Run Text="ZeroTier One"/>
                 </Paragraph>
                 <Paragraph TextAlignment="Center">
-                    <Run FontSize="14" Text="Version 1.4.6"/>
+                    <Run FontSize="14" Text="Version 1.6.6"/>
                     <LineBreak/>
-                    <Run FontSize="14" Text="(c) 2011-2019 ZeroTier, Inc."/>
+                    <Run FontSize="14" Text="(c) 2011-2021 ZeroTier, Inc."/>
                     <LineBreak/>
                     <Run FontSize="14" Text="www.zerotier.com"/>
                 </Paragraph>

attic/WinUI/CentralAPI.cs

@@ -75,7 +75,15 @@ namespace WinUI
             {
                 byte[] tmp = File.ReadAllBytes(centralConfigPath);
                 string json = Encoding.UTF8.GetString(tmp).Trim();
-                Central = JsonConvert.DeserializeObject<CentralServer>(json);
+                CentralServer ctmp = JsonConvert.DeserializeObject<CentralServer>(json);
+                if (ctmp != null)
+                {
+                    Central = ctmp;
+                } 
+                else
+                {
+                    Central = new CentralServer();
+                }
             }
             else
             {
@@ -105,7 +113,10 @@ namespace WinUI
         {
             string json = JsonConvert.SerializeObject(Central);
             byte[] tmp = Encoding.UTF8.GetBytes(json);
-            File.WriteAllBytes(CentralConfigFile(), tmp);
+            if (tmp != null)
+            {
+                File.WriteAllBytes(CentralConfigFile(), tmp);
+            }
         }
 
         private void UpdateRequestHeaders()

attic/WinUI/JoinNetworkView.xaml

@@ -10,7 +10,8 @@
         <TextBox x:Name="joinNetworkBox" HorizontalAlignment="Left" Height="23" Margin="10,10,0,0" TextWrapping="Wrap" VerticalAlignment="Top" Width="291" PreviewTextInput="joinNetworkBox_OnTextEntered" PreviewKeyDown="joinNetworkBox_OnKeyDown"/>
         <CheckBox x:Name="allowManagedCheckbox" Content="Allow Managed" HorizontalAlignment="Left" Margin="10,38,0,0" VerticalAlignment="Top" IsChecked="True"/>
         <CheckBox x:Name="allowGlobalCheckbox" Content="Allow Global" HorizontalAlignment="Left" Margin="118,38,0,0" VerticalAlignment="Top"/>
-        <CheckBox x:Name="allowDefaultCheckbox" Content="Allow Default" HorizontalAlignment="Left" Margin="210,38,-6,0" VerticalAlignment="Top"/>
+        <CheckBox x:Name="allowDefaultCheckbox" Content="Allow Default" HorizontalAlignment="Left" Margin="10,58,0,0" VerticalAlignment="Top"/>
+        <CheckBox x:Name="allowDNSCheckbox" Content="Allow DNS" HorizontalAlignment="Left" VerticalAlignment="Top" Margin="118,58,0,0"/>
         <Button x:Name="joinButton" Content="Join" HorizontalAlignment="Left" Margin="226,58,0,10" Background="#FFFFB354" VerticalAlignment="Top" Width="75" Click="joinButton_Click" IsEnabled="False"/>
     </Grid>
 </Window>

attic/WinUI/JoinNetworkView.xaml.cs

@@ -117,8 +117,9 @@ namespace WinUI
             bool allowDefault = allowDefaultCheckbox.IsChecked.Value;
             bool allowGlobal = allowGlobalCheckbox.IsChecked.Value;
             bool allowManaged = allowManagedCheckbox.IsChecked.Value;
+            bool allowDNS = allowDNSCheckbox.IsChecked.Value;
 
-            APIHandler.Instance.JoinNetwork(this.Dispatcher, joinNetworkBox.Text, allowManaged, allowGlobal, allowDefault);
+            APIHandler.Instance.JoinNetwork(this.Dispatcher, joinNetworkBox.Text, allowManaged, allowGlobal, allowDefault, allowDNS);
 
             Close();
         }

attic/WinUI/NetworkInfoView.xaml

@@ -29,6 +29,7 @@
                 <RowDefinition Height="auto"/>
                 <RowDefinition Height="auto"/>
                 <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
             </Grid.RowDefinitions>
 
             <Grid Grid.Column="0" Grid.Row="0" Grid.ColumnSpan="3">
@@ -54,8 +55,9 @@
             <TextBlock TextWrapping="Wrap" Text="Allow Global IP" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="10" Foreground="#FF000000"/>
             <TextBlock TextWrapping="Wrap" Text="Allow Managed IP" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="11" Foreground="#FF000000"/>
             <TextBlock TextWrapping="Wrap" Text="Allow Default Route" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="12" Foreground="#FF000000"/>
-            
-            <Rectangle Grid.Column="2" Grid.Row="2" Grid.RowSpan="11" Fill="#FFEEEEEE"/>
+            <TextBlock TextWrapping="Wrap" Text="Allow DNS" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="13" Foreground="#FF000000"/>
+
+            <Rectangle Grid.Column="2" Grid.Row="2" Grid.RowSpan="12" Fill="#FFEEEEEE"/>
 
             <TextBlock x:Name="networkStatus" FontFamily="Lucida Console" TextWrapping="Wrap" HorizontalAlignment="Right" Text="OK" TextAlignment="Right"  Grid.Column="2" Grid.Row="2" Foreground="#FF000000"/>
             <TextBlock x:Name="networkType" FontFamily="Lucida Console" TextWrapping="Wrap" Text="PUBLIC" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="3" Foreground="#FF000000"/>
@@ -68,10 +70,11 @@
             <CheckBox x:Name="allowGlobal" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="10" />
             <CheckBox x:Name="allowManaged" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="11" />
             <CheckBox x:Name="allowDefault" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="12" />
+            <CheckBox x:Name="allowDNS" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="13"/>
+
+            <Separator Grid.Column="0" Grid.Row="14" Grid.ColumnSpan="3"/>
             
-            <Separator Grid.Column="0" Grid.Row="13" Grid.ColumnSpan="3"/>
-            
-            <Grid Grid.Column="0" Grid.Row="14" Grid.ColumnSpan="3" Background="GhostWhite">
+            <Grid Grid.Column="0" Grid.Row="15" Grid.ColumnSpan="3" Background="GhostWhite">
                 <Grid.ColumnDefinitions>
                     <ColumnDefinition Width="auto"/>
                     <ColumnDefinition Width="*"/>

attic/WinUI/NetworkInfoView.xaml.cs

@@ -36,6 +36,8 @@ namespace WinUI
             allowGlobal.Unchecked += AllowGlobal_CheckStateChanged;
             allowManaged.Checked += AllowManaged_CheckStateChanged;
             allowManaged.Unchecked += AllowManaged_CheckStateChanged;
+            allowDNS.Checked += AllowDNS_CheckStateChanged;
+            allowDNS.Unchecked += AllowDNS_CheckStateChanged;
         }
 
         private void UpdateNetworkData()
@@ -79,6 +81,7 @@ namespace WinUI
             this.allowDefault.IsChecked = network.AllowDefault;
             this.allowGlobal.IsChecked = network.AllowGlobal;
             this.allowManaged.IsChecked = network.AllowManaged;
+            this.allowDNS.IsChecked = network.AllowDNS;
 
 						this.connectedCheckBox.Checked -= connectedCheckBox_Checked;
 						this.connectedCheckBox.Unchecked -= connectedCheckbox_Unchecked;
@@ -116,7 +119,8 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void AllowGlobal_CheckStateChanged(object sender, RoutedEventArgs e)
@@ -125,7 +129,8 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void AllowDefault_CheckStateChanged(object sender, RoutedEventArgs e)
@@ -134,7 +139,18 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
+        }
+
+        private void AllowDNS_CheckStateChanged(object sender, RoutedEventArgs e)
+        {
+            CheckBox cb = sender as CheckBox;
+            APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
+                allowManaged.IsChecked ?? false,
+                allowGlobal.IsChecked ?? false,
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void connectedCheckBox_Checked(object sender, RoutedEventArgs e)
@@ -154,8 +170,9 @@ namespace WinUI
                 bool global = allowGlobal.IsChecked.Value;
                 bool managed = allowManaged.IsChecked.Value;
                 bool defRoute = allowDefault.IsChecked.Value;
+                bool dns = allowDNS.IsChecked.Value;
 
-                APIHandler.Instance.JoinNetwork(this.Dispatcher, networkId.Text, managed, global, defRoute);
+                APIHandler.Instance.JoinNetwork(this.Dispatcher, networkId.Text, managed, global, defRoute, dns);
             }
             else
             {

attic/WinUI/WinUI.csproj

@@ -260,7 +260,6 @@
     <None Include="Resources\ZeroTierIcon.ico" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <Import Project="$(MSBuildExtensionsPath)\Microsoft\Expression\Blend\.NETFramework\v4.5\Microsoft.Expression.Blend.WPF.targets" />
   <PropertyGroup>
     <PostBuildEvent>copy "$(SolutionDir)\copyutil\bin\$(ConfigurationName)\copyutil.exe" "$(ProjectDir)\$(OutDir)\copyutil.exe"</PostBuildEvent>
   </PropertyGroup>

attic/WinUI/ZeroTierNetwork.cs

@@ -30,6 +30,7 @@ namespace WinUI
         private bool allowManaged;
         private bool allowGlobal;
         private bool allowDefault;
+        private bool allowDNS;
         private bool isConnected;
 
         protected ZeroTierNetwork(SerializationInfo info, StreamingContext ctx)
@@ -53,6 +54,7 @@ namespace WinUI
                 AllowManaged = info.GetBoolean("allowManaged");
                 AllowGlobal = info.GetBoolean("allowGlobal");
                 AllowDefault = info.GetBoolean("allowDefault");
+                AllowDNS = info.GetBoolean("allowDNS");
             }
             catch { }
             IsConnected = false;
@@ -79,6 +81,7 @@ namespace WinUI
             info.AddValue("allowManaged", AllowManaged);
             info.AddValue("allowGlobal", AllowGlobal);
             info.AddValue("allowDefault", AllowDefault);
+            info.AddValue("allowDNS", AllowDNS);
         }
 
         public void UpdateNetwork(ZeroTierNetwork network)
@@ -165,6 +168,11 @@ namespace WinUI
                 AllowDefault = network.AllowDefault;
             }
 
+            if (AllowDNS != network.AllowDNS)
+            {
+                AllowDNS = network.AllowDNS;
+            }
+
             if (IsConnected != network.IsConnected)
             {
                 IsConnected = network.IsConnected;
@@ -413,6 +421,20 @@ namespace WinUI
                 NotifyPropertyChanged();
             }
         }
+
+        [JsonProperty("allowDNS")]
+        public bool AllowDNS
+        {
+            get
+            {
+                return allowDNS;
+            }
+            set
+            {
+                allowDNS = value;
+                NotifyPropertyChanged();
+            }
+        }
         
         public bool IsConnected
         {

attic/macui/ZeroTier One.xcodeproj/project.pbxproj

@@ -65,6 +65,7 @@
 		93DAFB261D3F0BEE004D5417 /* about.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = about.html; sourceTree = "<group>"; };
 		93DAFE4A1CFE53CA00547CC4 /* AuthtokenCopy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AuthtokenCopy.m; sourceTree = "<group>"; };
 		93DAFE4C1CFE53DA00547CC4 /* AuthtokenCopy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthtokenCopy.h; sourceTree = "<group>"; };
+		C13C72B12527E1B20094F8B4 /* ZeroTier One.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "ZeroTier One.entitlements"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -99,6 +100,7 @@
 		93326BDA1CE7C816005CA2AC /* ZeroTier One */ = {
 			isa = PBXGroup;
 			children = (
+				C13C72B12527E1B20094F8B4 /* ZeroTier One.entitlements */,
 				932D472E1D1CD499004BCFE2 /* ZeroTierIcon.icns */,
 				93326BDD1CE7C816005CA2AC /* Assets.xcassets */,
 				93326BDF1CE7C816005CA2AC /* MainMenu.xib */,
@@ -175,6 +177,7 @@
 			developmentRegion = English;
 			hasScannedForEncodings = 0;
 			knownRegions = (
+				English,
 				en,
 				Base,
 			);
@@ -330,7 +333,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = "ZeroTier One/ZeroTier One.entitlements";
+				CODE_SIGN_IDENTITY = "-";
 				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ZeroTier One/Info.plist";
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
 				MACOSX_DEPLOYMENT_TARGET = 10.10;
@@ -345,7 +351,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = "ZeroTier One/ZeroTier One.entitlements";
+				CODE_SIGN_IDENTITY = "-";
 				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ZeroTier One/Info.plist";
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
 				MACOSX_DEPLOYMENT_TARGET = 10.10;

attic/macui/ZeroTier One.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

attic/macui/ZeroTier One/AppDelegate.m

@@ -336,6 +336,7 @@
                                     allowManaged:network.allowManaged
                                      allowGlobal:network.allowGlobal
                                     allowDefault:(network.allowDefault && ![Network defaultRouteExists:self.networks])
+                                        allowDNS:network.allowDNS
                                            error:&error];
 
         if (error) {

attic/macui/ZeroTier One/JoinNetworkViewController.h

@@ -30,6 +30,7 @@ extern NSString * const JoinedNetworksKey;
 @property (nonatomic, weak) IBOutlet NSButton *allowManagedCheckBox;
 @property (nonatomic, weak) IBOutlet NSButton *allowGlobalCheckBox;
 @property (nonatomic, weak) IBOutlet NSButton *allowDefaultCheckBox;
+@property (nonatomic, weak) IBOutlet NSButton *allowDNSCheckBox;
 @property (nonatomic, weak) IBOutlet AppDelegate *appDelegate;
 
 @property (nonatomic) NSMutableArray<NSString*> *values;

attic/macui/ZeroTier One/JoinNetworkViewController.m

@@ -54,6 +54,7 @@ NSString * const JoinedNetworksKey = @"com.zerotier.one.joined-networks";
     self.allowManagedCheckBox.state = NSOnState;
     self.allowGlobalCheckBox.state = NSOffState;
     self.allowDefaultCheckBox.state = NSOffState;
+    self.allowDNSCheckBox.state = NSOffState;
 
     self.network.stringValue = @"";
 
@@ -82,6 +83,7 @@ NSString * const JoinedNetworksKey = @"com.zerotier.one.joined-networks";
                                 allowManaged:(self.allowManagedCheckBox.state == NSOnState)
                                  allowGlobal:(self.allowGlobalCheckBox.state == NSOnState)
                                 allowDefault:(self.allowDefaultCheckBox.state == NSOnState)
+                                    allowDNS:(self.allowDNSCheckBox.state == NSOnState)
                                        error:&error];
 
     if(error) {

attic/macui/ZeroTier One/JoinNetworkViewController.xib

@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="11762" systemVersion="16D32" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="16097.3" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
     <dependencies>
         <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="11762"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="16097.3"/>
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
     <objects>
         <customObject id="-2" userLabel="File's Owner" customClass="JoinNetworkViewController" customModule="ZeroTier_One" customModuleProvider="target">
             <connections>
+                <outlet property="allowDNSCheckBox" destination="LKY-vN-prS" id="COu-3z-092"/>
                 <outlet property="allowDefaultCheckBox" destination="rz3-0a-oNA" id="mYu-Wq-MHW"/>
                 <outlet property="allowGlobalCheckBox" destination="BH2-2O-Qeu" id="alx-Je-q9I"/>
                 <outlet property="allowManagedCheckBox" destination="OQS-QZ-zcY" id="7pz-vO-3IC"/>
@@ -19,11 +20,11 @@
         <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
         <customObject id="-3" userLabel="Application" customClass="NSObject"/>
         <customView id="Hz6-mo-xeY">
-            <rect key="frame" x="0.0" y="0.0" width="397" height="123"/>
+            <rect key="frame" x="0.0" y="0.0" width="397" height="106"/>
             <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
             <subviews>
-                <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="puT-Yk-CWC">
-                    <rect key="frame" x="18" y="83" width="107" height="17"/>
+                <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" allowsCharacterPickerTouchBarItem="YES" translatesAutoresizingMaskIntoConstraints="NO" id="puT-Yk-CWC">
+                    <rect key="frame" x="18" y="66" width="107" height="17"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                     <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Enter Network ID" id="oYH-gS-BX5">
                         <font key="font" metaFont="system"/>
@@ -31,6 +32,47 @@
                         <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
                     </textFieldCell>
                 </textField>
+                <comboBox verticalHuggingPriority="750" fixedFrame="YES" allowsCharacterPickerTouchBarItem="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BQy-d9-BNg">
+                    <rect key="frame" x="131" y="62" width="249" height="26"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesDataSource="YES" numberOfVisibleItems="5" id="n71-4S-AaI">
+                        <font key="font" metaFont="system"/>
+                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                    </comboBoxCell>
+                </comboBox>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="OQS-QZ-zcY">
+                    <rect key="frame" x="18" y="42" width="115" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Managed" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="QEN-MJ-xaj">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BH2-2O-Qeu">
+                    <rect key="frame" x="18" y="22" width="97" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Global" bezelStyle="regularSquare" imagePosition="left" inset="2" id="epO-Uh-aHN">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="rz3-0a-oNA">
+                    <rect key="frame" x="137" y="42" width="141" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Default Route" bezelStyle="regularSquare" imagePosition="left" inset="2" id="Lkd-XI-Kcu">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="LKY-vN-prS">
+                    <rect key="frame" x="137" y="22" width="86" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow DNS" bezelStyle="regularSquare" imagePosition="left" inset="2" id="gGS-NZ-yu1">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
                 <button verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BGy-vd-NQX">
                     <rect key="frame" x="302" y="13" width="81" height="32"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
@@ -42,41 +84,8 @@
                         <action selector="onJoinClicked:" target="-2" id="kzC-GT-JKb"/>
                     </connections>
                 </button>
-                <comboBox verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BQy-d9-BNg">
-                    <rect key="frame" x="131" y="79" width="249" height="26"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesDataSource="YES" numberOfVisibleItems="5" id="n71-4S-AaI">
-                        <font key="font" metaFont="system"/>
-                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
-                    </comboBoxCell>
-                </comboBox>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="OQS-QZ-zcY">
-                    <rect key="frame" x="18" y="59" width="115" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Managed" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="QEN-MJ-xaj">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BH2-2O-Qeu">
-                    <rect key="frame" x="137" y="59" width="97" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Global" bezelStyle="regularSquare" imagePosition="left" inset="2" id="epO-Uh-aHN">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="rz3-0a-oNA">
-                    <rect key="frame" x="238" y="59" width="141" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Default Route" bezelStyle="regularSquare" imagePosition="left" inset="2" id="Lkd-XI-Kcu">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
             </subviews>
-            <point key="canvasLocation" x="263.5" y="372.5"/>
+            <point key="canvasLocation" x="263.5" y="364"/>
         </customView>
     </objects>
 </document>

attic/macui/ZeroTier One/Network.h

@@ -50,6 +50,7 @@ enum NetworkType {
 @property (readonly) BOOL allowManaged;
 @property (readonly) BOOL allowGlobal;
 @property (readonly) BOOL allowDefault;
+@property (readonly) BOOL allowDNS;
 @property (readonly) BOOL connected; // not persisted.  set to YES if loaded via json
 
 - (id)initWithJsonData:(NSDictionary*)jsonData;

attic/macui/ZeroTier One/Network.m

@@ -35,6 +35,7 @@ NSString *NetworkTypeKey = @"type";
 NSString *NetworkAllowManagedKey = @"allowManaged";
 NSString *NetworkAllowGlobalKey = @"allowGlobal";
 NSString *NetworkAllowDefaultKey = @"allowDefault";
+NSString *NetworkAllowDNSKey = @"allowDNS";
 
 @implementation Network
 
@@ -101,6 +102,11 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         if([jsonData objectForKey:@"allowDefault"]) {
             _allowDefault = [(NSNumber*)[jsonData objectForKey:@"allowDefault"] boolValue];
         }
+        if([jsonData objectForKey:@"allowDNS"]) {
+            _allowDNS = [(NSNumber*)[jsonData objectForKey:@"allowDNS"] boolValue];
+        } else {
+            _allowDNS = false;
+        }
 
         if([jsonData objectForKey:@"status"]) {
             NSString *statusStr = (NSString*)[jsonData objectForKey:@"status"];
@@ -207,6 +213,12 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         if([aDecoder containsValueForKey:NetworkAllowDefaultKey]) {
             _allowDefault = [aDecoder decodeBoolForKey:NetworkAllowDefaultKey];
         }
+        
+        if([aDecoder containsValueForKey:NetworkAllowDNSKey]) {
+            _allowDNS = [aDecoder decodeBoolForKey:NetworkAllowDNSKey];
+        } else {
+            _allowDNS = false;
+        }
 
         _connected = NO;
     }
@@ -233,6 +245,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
     [aCoder encodeBool:_allowManaged forKey:NetworkAllowManagedKey];
     [aCoder encodeBool:_allowGlobal forKey:NetworkAllowGlobalKey];
     [aCoder encodeBool:_allowDefault forKey:NetworkAllowDefaultKey];
+    [aCoder encodeBool:_allowDNS forKey:NetworkAllowDNSKey];
 }
 
 + (BOOL)defaultRouteExists:(NSArray<Network *>*)netList
@@ -297,6 +310,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         self.allowManaged == network.allowManaged &&
         self.allowGlobal == network.allowGlobal &&
         self.allowDefault == network.allowDefault &&
+        self.allowDNS == network.allowDNS &&
         self.connected == network.connected;
 }
 
@@ -331,6 +345,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         self.allowManaged ^
         self.allowGlobal ^
         self.allowDefault ^
+        self.allowDNS ^
         self.connected;
 }
 

attic/macui/ZeroTier One/NetworkInfoCell.h

@@ -37,6 +37,7 @@
 @property (weak, nonatomic) IBOutlet NSButton *allowManaged;
 @property (weak, nonatomic) IBOutlet NSButton *allowGlobal;
 @property (weak, nonatomic) IBOutlet NSButton *allowDefault;
+@property (weak, nonatomic) IBOutlet NSButton *allowDNS;
 @property (weak, nonatomic) IBOutlet NSButton *connectedCheckbox;
 @property (weak, nonatomic) IBOutlet NSButton *deleteButton;
 

attic/macui/ZeroTier One/NetworkInfoCell.m

@@ -57,6 +57,7 @@
                                 allowManaged:(self.allowManaged.state == NSOnState)
                                  allowGlobal:(self.allowGlobal.state  == NSOnState)
                                 allowDefault:![Network defaultRouteExists:_parent.networkList] && (self.allowDefault.state == NSOnState)
+                                    allowDNS:(self.allowDNS.state == NSOnState)
                                        error:&error];
 
     if (error) {