VERSION 1.8.3

removing source-type from snapcraft

.clang-format

@@ -0,0 +1,75 @@
+---
+BasedOnStyle: LLVM
+BreakBeforeBraces: Stroustrup
+IndentWidth: 4
+TabWidth: 4
+AlignAfterOpenBracket: AlwaysBreak
+AlignConsecutiveMacros: 'true'
+AlignConsecutiveAssignments: 'false'
+AlignConsecutiveDeclarations: 'false'
+AlignEscapedNewlines: Right
+AlignOperands: 'true'
+AlignTrailingComments: 'true'
+AllowAllArgumentsOnNextLine: 'false'
+AllowAllConstructorInitializersOnNextLine: 'false'
+AllowAllParametersOfDeclarationOnNextLine: 'false'
+AllowShortBlocksOnASingleLine: 'true'
+AllowShortCaseLabelsOnASingleLine: 'false'
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: Never
+AlwaysBreakAfterReturnType: None
+BinPackArguments: 'false'
+BinPackParameters: 'false'
+BreakBeforeBinaryOperators: NonAssignment
+BreakBeforeTernaryOperators: 'true'
+BreakConstructorInitializers: BeforeComma
+BreakInheritanceList: BeforeComma
+CompactNamespaces: 'false'
+ConstructorInitializerAllOnOneLineOrOnePerLine: 'true'
+ConstructorInitializerIndentWidth: '4'
+ContinuationIndentWidth: '4'
+Cpp11BracedListStyle: 'false'
+FixNamespaceComments: 'true'
+IncludeBlocks: Regroup
+IndentCaseLabels: 'true'
+IndentPPDirectives: None
+IndentWrappedFunctionNames: 'false'
+KeepEmptyLinesAtTheStartOfBlocks: 'false'
+MaxEmptyLinesToKeep: '1'
+NamespaceIndentation: None
+PointerAlignment: Left
+ReflowComments: 'true'
+SortIncludes: 'true'
+SortUsingDeclarations: 'true'
+SpaceAfterCStyleCast: 'false'
+SpaceAfterLogicalNot: 'true'
+SpaceAfterTemplateKeyword: 'true'
+SpaceBeforeAssignmentOperators: 'true'
+SpaceBeforeCpp11BracedList: 'true'
+SpaceBeforeCtorInitializerColon: 'true'
+SpaceBeforeInheritanceColon: 'true'
+SpaceBeforeParens: ControlStatements
+SpaceBeforeRangeBasedForLoopColon: 'true'
+SpaceInEmptyParentheses: 'false'
+SpacesBeforeTrailingComments: '3'
+SpacesInAngles: 'false'
+SpacesInCStyleCastParentheses: 'false'
+SpacesInContainerLiterals: 'true'
+SpacesInParentheses: 'false'
+SpacesInSquareBrackets: 'false'
+UseTab: 'Always'
+
+---
+Language: Cpp
+Standard: Cpp03
+ColumnLimit: '240'
+---
+Language: ObjC
+ColumnLimit: '240'
+---
+Language: Java
+ColumnLimit: '240'
+---
+Language: CSharp
+ColumnLimit: '240'
+...

.dockerignore

@@ -0,0 +1,2 @@
+.git/
+workspace/

.gitattributes

@@ -0,0 +1,4 @@
+ext/bin/tap-windows-ndis6/x64/zttap300.inf eol=crlf
+ext/bin/tap-windows-ndis6/x64.old/zttap300.inf eol=crlf
+ext/bin/tap-windows-ndis6/x86/zttap300.inf eol=crlf
+windows/TapDriver6/zttap300.inf eol=crlf

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,46 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-**Alternative, faster ways to get help**
-If you have just started using ZeroTier, here are some places to get help:
-- my.zerotier.com has a _Community_ tab. It's a live chat with other users and the developers. 
-- [ZeroTier Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview)
-- www.zerotier.com has a Contact Us button
-- email contact@zerotier.com
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Create a Network '...'
-2. Install zerotier-one '....'
-3. '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots or console output to help explain your problem.
-
-**Desktop (please complete the following information):**
- - OS: [e.g. Mac, Linux, Windows, BSD]
- - OS/Distribution Version
- - ZeroTier Version [e.g. 1.2.4]
- - Hardware [e.g. raspberry pi 3]
- 
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Version [e.g. 1.2.4]
-
-**Additional context**
-Add any other context about the problem here.
-- ZeroTier Network Configuration
-- Router Config
-- Firewall Config (try turning the firewall off)
-- General Network Environment: [ e.g Home, University Campus, Corporate LAN ]
-

.github/ISSUE_TEMPLATE/bugs-and-issues.md

@@ -0,0 +1,49 @@
+---
+name: Bugs and Issues
+about: Create a report to help us improve
+title: ''
+labels: NEEDS TRIAGE
+assignees: ''
+
+---
+
+# Before filing a Bug Report
+
+_Using these will ensure you get quicker support, and make this space available for code-related issues. Thank you!_
+
+- [Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview) => Guides and documentation on how to use ZeroTier.
+- [Discuss Forum](https://discuss.zerotier.com/) => Our discussion forum for users and support to mutually resolve issues & suggest ideas.
+- [Reddit](https://www.reddit.com/r/zerotier/) => Our subreddit, which we monitor regularly and is fairly active.
+
+# If you still want to file a Bug Report
+
+## Required
+
+- What you expect to be happening.
+- What is actually happening?
+- Any steps to reproduce the error.
+- Any screenshots that would help us out.
+
+## Additional information 
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. Mac, Linux, Windows, BSD]
+ - OS/Distribution Version
+ - ZeroTier Version [e.g. 1.4.6]
+  
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - ZeroTier Version [e.g. 1.4.6]
+
+ **Embedded & NAS (please complete the following information):**
+ - Device: [e.g. Synology, Pi4]
+ - OS/Distribution (if applicable)
+ - ZeroTier Version [e.g. 1.4.6]
+
+**Additional context**
+- ZeroTier Network Configuration: IPv4 & IPv6 networks defined on your ZeroTier Central
+- Router Config: are you permitting port 9993, uPnP, and NAT-PMP?
+- Firewall Config: are you permitting port 9993 on your OS; setting it to "Private" on Windows?
+- Are you using this at home, in an office, college, etc?
+- Have you tried screaming into your router?

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,17 +1,13 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
+title: "[Feature Request] "
+labels: suggestion
+assignees: ''
 
 ---
 
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+If there is something you'd like to have added to ZeroTier, to go to https://discuss.zerotier.com/c/feature-requests/ instead. Issues there can be voted on and discussed in-depth.
 
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
 
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
+Thank you!

.github/ISSUE_TEMPLATE/game-connection-issue.md

@@ -0,0 +1,15 @@
+---
+name: Game Connection Issue
+about: Game issues are better served by forum posts
+title: Please go to our Discuss or Reddit for game-related issues. Thanks!
+labels: wontfix
+assignees: ''
+
+---
+
+Are you having trouble connecting to a game on your virtual network after installing ZeroTier?
+
+- [ ] Yes
+- [ ] No
+
+If you answered yes, then it is very likely that your question would be better answered on our [Community Forums](https://discuss.zerotier.com) or [Reddit](https://www.reddit.com/r/zerotier/) community; we monitor both regularly. We also have extensive documentation on our [Knowledge Base](https://zerotier.atlassian.net/wiki/spaces/SD/overview). Thank you!

.github/workflows/badstrings.yml

@@ -0,0 +1,17 @@
+name: badstrings
+on: [pull_request, push]
+jobs:
+  badstrings:
+    runs-on: ubuntu-latest
+    steps:
+      - name: scanning commit message for bad strings
+        run: |
+          #!/bin/bash
+          set -euo pipefail
+          IFS=$'\n\t'
+          message="${{ github.event.head_commit.message }}"
+          
+          strings=($(curl -s https://raw.githubusercontent.com/someara/badstrings/main/strings.txt))
+          for i in ${strings[@]} ; do
+            echo "${message}" | grep -v "$i" &>/dev/null;
+          done

.gitignore

@@ -33,7 +33,6 @@ Thumbs.db
 /ext/installfiles/windows/Prerequisites
 /ext/installfiles/windows/*-cache
 /ZeroTier One.msi
-/windows/.vs
 *.vcxproj.backup
 /windows/TapDriver6/Win7Debug
 /windows/TapDriver6/win7Release
@@ -42,6 +41,7 @@ Thumbs.db
 enc_temp_folder
 /windows/copyutil/bin
 /windows/copyutil/obj
+.vs/
 
 # *nix/Mac build droppings
 /build-*
@@ -120,3 +120,18 @@ __pycache__
 *~
 attic/world/*.c25519
 attic/world/mkworld
+workspace/
+workspace2/
+
+#snapcraft specifics
+/parts/
+/stage/
+/prime/
+
+*.snap
+
+.snapcraft
+__pycache__
+*.pyc
+*_source.tar.bz2
+snap/.snapcraft

Dockerfile.ci

@@ -0,0 +1,28 @@
+# vim: ft=dockerfile
+
+FROM ubuntu:21.04 as stage
+
+RUN apt-get update -qq && apt-get -qq install make clang
+COPY . .
+RUN /usr/bin/make
+RUN echo $PWD
+RUN cp zerotier-one /usr/sbin
+
+FROM ubuntu:21.04
+
+COPY --from=stage /zerotier-one /usr/sbin
+RUN ln -sf /usr/sbin/zerotier-one /usr/sbin/zerotier-idtool
+RUN ln -sf /usr/sbin/zerotier-one /usr/sbin/zerotier-cli
+
+RUN echo "${VERSION}" > /etc/zerotier-version
+RUN rm -rf /var/lib/zerotier-one
+
+
+RUN apt-get -qq update
+RUN apt-get -qq install iproute2 net-tools fping 2ping iputils-ping iputils-arping
+
+COPY entrypoint.sh.release /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+CMD []
+ENTRYPOINT ["/entrypoint.sh"]

Dockerfile.release

@@ -0,0 +1,24 @@
+# vim: ft=dockerfile
+
+FROM debian:buster as stage
+
+ARG PACKAGE_BASEURL=https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/
+ARG ARCH=amd64
+ARG VERSION
+
+RUN apt-get update -qq && apt-get install curl -y
+RUN curl -sSL -o zerotier-one.deb "${PACKAGE_BASEURL}/zerotier-one_${VERSION}_${ARCH}.deb"
+
+FROM debian:buster
+
+COPY --from=stage zerotier-one.deb .
+
+RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb
+RUN echo "${VERSION}" >/etc/zerotier-version
+RUN rm -rf /var/lib/zerotier-one
+
+COPY entrypoint.sh.release /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+CMD []
+ENTRYPOINT ["/entrypoint.sh"]

Jenkinsfile

@@ -1,84 +1,365 @@
-#!/usr/bin/env groovy
-
-node('master') {
-    checkout scm
+pipeline {
+    options {
+        disableConcurrentBuilds()
+        preserveStashes(buildCount: 10)
+        timestamps()
+    }
+    parameters {
+        booleanParam(name: "BUILD_ALL", defaultValue: false, description: "Build all supported platform/architecture combos.  Defaults to x86/x64 only")
+    }
     
-    def changelog = getChangeLog currentBuild
-
-    mattermostSend "Building ${env.JOB_NAME} #${env.BUILD_NUMBER} \n Change Log: \n ${changelog}"
-}
-
-parallel 'centos7': {
-    node('centos7') {
-        try {
-            checkout scm
-
-	        stage('Build Centos 7') {
-                sh 'make -f make-linux.mk'
+    agent none
+    
+    stages {
+        stage ("Build") {
+            steps {
+                script {
+                    def tasks = [:]
+                    tasks << buildStaticBinaries()
+                    tasks << buildDebianNative()
+                    tasks << buildCentosNative()
+                    
+                    parallel tasks
+                }
             }
         }
-        catch (err) {
-            currentBuild.result = "FAILURE"
-            mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Centos 7 (<${env.BUILD_URL}|Open>)"
-
-            throw err
+        stage ("Package Static") {
+            steps {
+                script {
+                    parallel packageStatic()
+                }
+            }
         }
     }
-// }, 'android-ndk': {
-//     node('android-ndk') {
-//         try {
-//             checkout scm
-	
-//             stage('Build Android NDK') { 
-//                 sh "/android/android-ndk-r15b/ndk-build -C $WORKSPACE/java ZT1=${WORKSPACE}"
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Android NDK (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
-// }, 'macOS': {
-//     node('macOS') {
-//         try {
-//             checkout scm
-
-//             stage('Build macOS') {
-//                 sh 'make -f make-mac.mk'
-//             }
-
-//             stage('Build macOS UI') {
-//                 sh 'cd macui && xcodebuild -target "ZeroTier One" -configuration Debug'
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on macOS (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
-// }, 'windows': {
-//     node('windows') {
-//         try {
-//             checkout scm
-            
-//             stage('Build Windows') {
-//                 bat '''CALL "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" amd64
-// git clean -dfx
-// msbuild windows\\ZeroTierOne.sln
-// '''
-//             }
-//         }
-//         catch (err) {
-//             currentBuild.result = "FAILURE"
-//             mattermostSend color: '#ff0000', message: "${env.JOB_NAME} broken on Windows (<${env.BUILD_URL}|Open>)"
-
-//             throw err
-//         }
-//     }
 }
 
-mattermostSend color: "#00ff00", message: "${env.JOB_NAME} #${env.BUILD_NUMBER} Complete (<${env.BUILD_URL}|Show More...>)"
+def buildStaticBinaries() {
+    def tasks = [:]
+    def dist = ["alpine"]
+    def archs = []
+    if (params.BUILD_ALL == true) {
+        archs = ["arm64", "amd64", "i386", "armhf", "armel", "ppc64le", "s390x"]
+    } else {
+        archs = ["amd64", "i386"]
+    }
+
+    tasks << getTasks(dist, archs, { distro, platform -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                sh "echo ${distro}-${platform}"
+                def runtime = docker.image("ztbuild/${distro}-${platform}:latest")
+                runtime.inside {
+                    dir("build") {
+                        sh 'make -j8 ZT_STATIC=1 all'
+                        sh "file ./zerotier-one"
+                        sh "mv zerotier-one zerotier-one-static-${platform}"
+                        stash includes: 'zerotier-one-static-*', name: "static-${platform}"
+                    }
+                    cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+                }
+            }
+        }
+        return myNode
+    })
+    
+    return tasks
+}
+
+def getTasks(axisDistro, axisPlatform, task) {
+    def tasks = [:]
+    for(int i=0; i< axisDistro.size(); i++) {
+        def axisDistroValue = axisDistro[i]
+        for(int j=0; j< axisPlatform.size(); j++) {
+            def axisPlatformValue = axisPlatform[j]
+            tasks["${axisDistroValue}/${axisPlatformValue}"] = task(axisDistroValue, axisPlatformValue)
+        }
+    }
+    return tasks
+}
+
+def packageStatic() {
+    def tasks = [:]
+    
+    def centos6 = ["centos6"]
+    def centos6Arch = ["i386", "amd64"]
+    tasks << getTasks(centos6, centos6Arch, { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    dir("build") {
+                        unstash "static-${arch}"
+                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
+                        sh "make redhat"
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
+                    }
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    
+    def centos7 = ["centos7"]
+    def centos7Arch = ["i386"]
+    tasks << getTasks(centos7, centos7Arch, { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    dir("build") {
+                        unstash "static-${arch}"
+                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
+                        sh "make redhat"
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
+                    }
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    
+    if (params.BUILD_ALL == true) {
+        def clefos7 = ["clefos"]
+        def clefos7Arch = ["s390x"]
+        tasks << getTasks(clefos7, clefos7Arch, { distro, arch -> 
+            def myNode = {
+                node ('linux-build') {
+                    dir ("build") {
+                        checkout scm
+                    }
+                    def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                    runtime.inside {
+                        dir("build/") {
+                            unstash "static-${arch}"
+                            sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
+                            sh "make redhat"
+                            sh "mkdir -p ${distro}"
+                            sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                            archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
+                        }
+                    }
+                    cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+                }
+            }
+            return myNode
+        })
+    }
+
+    def debianJessie = ["debian-jessie"]
+    def debianJessieArchs = []
+    if (params.BUILD_ALL == true) {
+        debianJessieArch = ["armhf", "armel", "amd64", "i386"]
+    } else {
+        debianJessieArch = ["amd64", "i386"]
+    }
+    tasks << getTasks(debianJessie, debianJessieArch, { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    sh "ls -la ."
+                    dir('build/') {
+                        sh "ls -la ."
+                        unstash "static-${arch}"
+                        sh "pwd"
+                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
+                        sh "mv -f debian/rules.static debian/rules"
+                        sh "make debian"
+                    }
+                    sh "mkdir -p ${distro}"
+                    sh "mv *.deb ${distro}"
+                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    
+    def ubuntuTrusty = ["ubuntu-trusty"]
+    def ubuntuTrustyArch = []
+    if (params.BUILD_ALL == true) {
+        ubuntuTrustyArch = ["i386", "amd64", "armhf", "arm64", "ppc64le"]
+    } else {
+        ubuntuTrustyArch = ["i386", "amd64"]
+    }
+    tasks << getTasks(ubuntuTrusty, ubuntuTrustyArch, { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    sh "ls -la ."
+                    dir('build/') {
+                        sh "ls -la ."
+                        unstash "static-${arch}"
+                        sh "pwd"
+                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
+                        sh "mv -f debian/rules.static debian/rules"
+                        sh "make debian"
+                    }
+                    sh "mkdir -p ${distro}"
+                    sh "mv *.deb ${distro}"
+                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    
+    def debianWheezy = ["debian-wheezy"]
+    def debianWheezyArchs = []
+    if (params.BUILD_ALL == true) {
+        debianWheezyArchs = ["armhf", "armel", "amd64", "i386"]
+    } else {
+        debianWheezyArchs = ["amd64", "i386"]
+    }
+    tasks << getTasks(debianJessie, debianJessieArch, { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    dir('build/') {
+                        unstash "static-${arch}"
+                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
+                        sh "mv -f debian/rules.wheezy.static debian/rules"
+                        sh "mv -f debian/control.wheezy debian/control"
+                        sh "make debian"
+                    }
+                    sh "mkdir -p ${distro}"
+                    sh "mv *.deb ${distro}"
+                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    
+    return tasks
+}
+
+def buildDebianNative() {
+    def tasks = [:]
+    def buster = ["debian-buster", "debian-stretch", "debian-bullseye", "debian-sid"]
+    def busterArchs = []
+    if (params.BUILD_ALL) {
+        busterArchs = ["s390x", "ppc64le", "i386", "armhf", "armel", "arm64", "amd64"]
+    } else {
+        busterArchs = ["amd64", "i386"]
+    }
+    
+    def build = { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    dir("build") {
+                        sh 'make debian'
+                    }
+                    sh "mkdir -p ${distro}"
+                    sh "mv *.deb ${distro}"
+                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
+                    cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+                }
+            }
+        }
+        return myNode
+    }
+    
+    tasks << getTasks(buster, busterArchs, build)
+    
+    // bash is broken when running under QEMU-s390x on Xenial
+    def xenial = ["ubuntu-xenial"]
+    def xenialArchs = []
+    if (params.BUILD_ALL == true) {
+        xenialArchs = ["i386", "amd64", "armhf", "arm64", "ppc64le"]
+    } else {
+        xenialArchs = ["i386", "amd64"]
+    }
+    tasks << getTasks(xenial, xenialArchs, build)
+    
+    def ubuntu = ["ubuntu-bionic", "ubuntu-eoan"]
+    def ubuntuArchs = []
+    if (params.BUILD_ALL == true) {
+        ubuntuArchs = ["i386", "amd64", "armhf", "arm64", "ppc64le", "s390x"]
+    } else {
+        ubuntuArchs = ["i386", "amd64"]
+    }
+    tasks << getTasks(ubuntu, ubuntuArchs, build)
+    
+    def kali = ["kali-rolling"]
+    def kaliArchs = ["amd64"]
+    tasks << getTasks(kali, kaliArchs, build)
+    
+    return tasks
+}
+
+def buildCentosNative() {
+    def tasks = [:]
+    
+    def build = { distro, arch -> 
+        def myNode = {
+            node ('linux-build') {
+                dir ("build") {
+                    checkout scm
+                }
+                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                runtime.inside {
+                    dir("build") {
+                        sh 'make -j4'
+                        sh 'make redhat'
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
+                    }
+                    
+                    cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+                }
+            }
+        }
+        return myNode
+    }
+    
+    def centos8 = ["centos8"]
+    def centos8Archs = []
+    if (params.BUILD_ALL == true) {
+        centos8Archs = ["amd64", "arm64", "ppc64le"]
+    } else {
+        centos8Archs = ["amd64"]
+    }
+    tasks << getTasks(centos8, centos8Archs, build)
+    
+    def centos7 = ["centos7"]
+    def centos7Archs = ["amd64"]
+    tasks << getTasks(centos7, centos7Archs, build)
+    
+    return tasks
+}

LICENSE.txt

@@ -47,7 +47,7 @@ Additional Use Grant: You may make use of the Licensed Work, provided you
                       services, social welfare, senior care, child care, and
                       the care of persons with disabilities.
 
-Change Date:          2023-01-01
+Change Date:          2025-01-01
 
 Change License:       Apache License version 2.0 as published by the Apache
                       Software Foundation

Makefile

@@ -17,8 +17,8 @@ ifeq ($(OSTYPE),FreeBSD)
 	include make-bsd.mk
 endif
 ifeq ($(OSTYPE),OpenBSD)
-	CC=egcc
-	CXX=eg++
+	CC=clang
+	CXX=clang++
 	ZT_BUILD_PLATFORM=9
 	include make-bsd.mk
 endif

OFFICIAL-RELEASE-STEPS.md

@@ -14,7 +14,6 @@ The version must be incremented in all of the following files:
     /debian/changelog
     /ext/installfiles/mac/ZeroTier One.pkgproj
     /ext/installfiles/windows/ZeroTier One.aip
-    /windows/WinUI/AboutView.xaml
 
 The final .AIP file can only be edited on Windows with [Advanced Installer Enterprise](http://www.advancedinstaller.com/). In addition to incrementing the version be sure that a new product code is generated. (The "upgrade code" GUID on the other hand must never change.)
 

README.docker.md

@@ -0,0 +1,71 @@
+# ZeroTier One in a container!
+
+**NOTE:** _Most of this information pertains to the docker image only. For more information about ZeroTier, check out the repository_: [here](https://github.com/zerotier/ZeroTierOne) or the [commercial website](https://www.zerotier.com).
+
+[ZeroTier](https://www.zerotier.com) is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
+
+This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring.
+
+All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connections.
+
+The goals and design principles of ZeroTier are inspired by among other things the original [Google BeyondCorp](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf) paper and the [Jericho Forum](https://en.wikipedia.org/wiki/Jericho_Forum) with its notion of "deperimeterization."
+
+Visit [ZeroTier's site](https://www.zerotier.com/) for more information and [pre-built binary packages](https://www.zerotier.com/download/). Apps for Android and iOS are available for free in the Google Play and Apple app stores.
+
+ZeroTier is licensed under the [BSL version 1.1](https://mariadb.com/bsl11/). See [LICENSE.txt](https://github.com/zerotier/ZeroTierOne/blob/master/LICENSE.txt) and the [ZeroTier pricing page](https://www.zerotier.com/pricing) for details. ZeroTier is free to use internally in businesses and academic institutions and for non-commercial purposes. Certain types of commercial use such as building closed-source apps and devices based on ZeroTier or offering ZeroTier network controllers and network management as a SaaS service require a commercial license.
+
+A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md](https://github.com/zerotier/ZeroTierOne/blob/master/AUTHORS.md) for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
+
+## Building the docker image
+
+Due to the network being a substrate for most applications and not an application unto itself, it makes sense that many people would want to build their own image based on our formula.
+
+The image is based on `debian:buster`.
+
+The `Dockerfile.release` file contains build instructions for building the described image in the rest of the README. The build is multi-arch and multi-release capable.
+
+These build arguments power the build:
+
+- `PACKAGE_BASEURL`: The base URL of the package repository to fetch from. (default: `https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/`)
+- `ARCH`: The architecture of the package, in debian format. Must match your image arch. (default: `amd64`)
+- `VERSION`: **REQUIRED** the version of ZeroTier to fetch.
+
+You can build this image like so:
+
+```
+docker build -f Dockerfile.release -t mybuild --build-arg VERSION=1.6.5 .
+```
+
+## Using the docker image
+
+The `entrypoint.sh` in the docker image is a little different; zerotier will be spawned in the background and the "main process" is actually just a sleeping shell script. This allows `zerotier-one` to gracefully terminate in some situations largely unique to docker.
+
+The `zerotier/zerotier` image requires the `CAP_NET_ADMIN` capability and the `/dev/net/tun` device must be forwarded to it.
+
+To join a network, simply supply it on the command-line; you can supply multiple networks.
+
+```
+docker run --name myzerotier --rm --cap-add NET_ADMIN --device /dev/net/tun zerotier/zerotier:latest abcdefdeadbeef00
+```
+
+Once joining all the networks you have provided, it will sleep until terminated. Note that in ZeroTier, joining a network does not necessarily mean you have an IP or can do anything, really. You will want to probe the control socket:
+
+```
+docker exec myzerotier zerotier-cli listnetworks
+```
+
+To ensure you have a network available before trying to listen on it. Without pre-configuring the identity, this usually means going to the central admin panel and clicking the checkmark against your zerotier identity.
+
+### Environment Variables
+
+You can control a few settings including the identity used and the authtoken used to interact with the control socket (which you can forward and access through `localhost:9993`).
+
+- `ZEROTIER_API_SECRET`: replaces the `authtoken.secret` before booting and allows you to manage the control socket's authentication key.
+- `ZEROTIER_IDENTITY_PUBLIC`: the `identity.public` file for zerotier-one. Use `zerotier-idtool` to generate one of these for you.
+- `ZEROTIER_IDENTITY_SECRET`: the `identity.secret` file for zerotier-one. Use `zerotier-idtool` to generate one of these for you.
+
+### Tips
+
+- Forwarding port `<dockerip>:9993` to somewhere outside is probably a good idea for highly trafficked services.
+- Forwarding `localhost:9993` to a control network where you can drive it remotely might be a good idea, just be sure to set your authtoken properly through environment variables.
+- Pre-generating your identities could be much simpler to do via our [terraform plugin](https://github.com/zerotier/terraform-provider-zerotier)

README.md

@@ -1,11 +1,12 @@
 ZeroTier - Global Area Networking
 ======
+This document is written for a software developer audience. For information on using ZeroTier, see the: [Website](https://www.zerotier.com), [Documentation Site](https://docs.zerotier.com), and [Discussion Forum](https://discuss.zerotier.com)
 
 ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region.
 
 This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring.
 
-All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connetions.
+All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connections.
 
 The goals and design principles of ZeroTier are inspired by among other things the original [Google BeyondCorp](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf) paper and the [Jericho Forum](https://en.wikipedia.org/wiki/Jericho_Forum) with its notion of "deperimeterization."
 
@@ -13,7 +14,7 @@ Visit [ZeroTier's site](https://www.zerotier.com/) for more information and [pre
 
 ZeroTier is licensed under the [BSL version 1.1](https://mariadb.com/bsl11/). See [LICENSE.txt](LICENSE.txt) and the [ZeroTier pricing page](https://www.zerotier.com/pricing) for details. ZeroTier is free to use internally in businesses and academic institutions and for non-commercial purposes. Certain types of commercial use such as building closed-source apps and devices based on ZeroTier or offering ZeroTier network controllers and network management as a SaaS service require a commercial license.
 
-A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md] for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
+A small amount of third party code is also included in ZeroTier and is not subject to our BSL license. See [AUTHORS.md](AUTHORS.md) for a list of third party code, where it is included, and the licenses that apply to it. All of the third party code in ZeroTier is liberally licensed (MIT, BSD, Apache, public domain, etc.).
 
 ### Getting Started
 
@@ -44,7 +45,7 @@ The base path contains the ZeroTier One service main entry point (`one.cpp`), se
 
 ### Build and Platform Notes
 
-To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU make) is required and can be installed from packages or ports. For Windows there is a Visual Studio solution in `windows/'.
+To build on Mac and Linux just type `make`. On FreeBSD and OpenBSD `gmake` (GNU make) is required and can be installed from packages or ports. For Windows there is a Visual Studio solution in `windows/`.
 
  - **Mac**
    - Xcode command line tools for OSX 10.8 or newer are required.
@@ -64,15 +65,17 @@ Typing `make selftest` will build a *zerotier-selftest* binary which unit tests
 
 ### Running
 
-Running *zerotier-one* with -h will show help.
+Running *zerotier-one* with `-h` option will show help.
 
-On Linux and BSD you can start the service with:
+On Linux and BSD, if you built from source, you can start the service with:
 
     sudo ./zerotier-one -d
 
+On most distributions, macOS, and Windows, the installer will start the service and set it up to start on boot.
+
 A home folder for your system will automatically be created.
 
-The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See README.md in [service/](service/) for API documentation.
+The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See [service/README.md](service/README.md) for API documentation.
 
 Here's where home folders live (by default) on each OS:
 
@@ -81,21 +84,15 @@ Here's where home folders live (by default) on each OS:
  * **Mac**: `/Library/Application Support/ZeroTier/One`
  * **Windows**: `\ProgramData\ZeroTier\One` (That's for Windows 7. The base 'shared app data' folder might be different on different Windows versions.)
 
-Running ZeroTier One on a Mac is the same, but OSX requires a kernel extension. We ship a signed binary build of the ZeroTier tap device driver, which can be installed on Mac with:
-
-    sudo make install-mac-tap
-
-This will create the home folder for Mac, place *tap.kext* there, and set its modes correctly to enable ZeroTier One to manage it with *kextload* and *kextunload*.
-
 ### Basic Troubleshooting
 
 For most users, it just works.
 
-If you are running a local system firewall, we recommend adding a rule permitting UDP port 9993 inbound and outbound. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
+If you are running a local system firewall, we recommend adding a rules permitting zerotier. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
 
-The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. If you're using Ubuntu's *ufw*, you can do this:
+See the [documentation site](https://docs.zerotier.com/zerotier/troubleshooting) for more information.
 
-    sudo ufw allow 9993/udp
+The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools.
 
 On CentOS check `/etc/sysconfig/iptables` for IPTables rules. For other distributions consult your distribution's documentation. You'll also have to check the UIs or documentation for commercial third party firewall applications like Little Snitch (Mac), McAfee Firewall Enterprise (Windows), etc. if you are running any of those. Some corporate environments might have centrally managed firewall software, so you might also have to contact IT.
 
@@ -105,4 +102,4 @@ Users behind certain types of firewalls and "symmetric" NAT devices may not able
 
 If a firewall between you and the Internet blocks ZeroTier's UDP traffic, you will fall back to last-resort TCP tunneling to rootservers over port 443 (https impersonation). This will work almost anywhere but is *very slow* compared to UDP or direct peer to peer connectivity.
 
-Additional help [can be found in our knowledge base](https://zerotier.atlassian.net/wiki/spaces/SD/overview).
+Additional help can be found in our [knowledge base](https://zerotier.atlassian.net/wiki/spaces/SD/overview).

RELEASE-NOTES.md

@@ -1,6 +1,118 @@
 ZeroTier Release Notes
 ======
 
+# 2021-11-15 -- -- Version 1.8.3
+
+ * Remove problematic spinlock, which was only used on x86_64 anyway. Just use pthread always.
+ * Fix fd leak on MacOS that caused non-responsiveness after some time.
+ * Fix Debian install scripts to set /usr/sbin/nologin as shell on service user.
+ * Fix regression that could prevent managed routes from being deleted.
+ * DesktopUI: Remove NSDate:now() call, now works on MacOS 10.13 or newer!
+
+# 2021-11-08 -- Version 1.8.2
+
+ * Fix multicast on linux.
+ * Fix a bug that could cause the tap adapter to have the wrong MAC on Linux.
+ * Update build flags to possibly support MacOS older than 10.14, but more work needs to be done. It may not work yet.
+ * Fix path variable setting on Windows.
+
+# 2021-10-28 -- Version 1.8.1
+
+ * Fix numerous UI issues from 1.8.0 (never fully released).
+ * Remove support for REALLY ancient 1.1.6 or earlier network controllers.
+ * MacOS IPv6 no longer binds to temporary addresses as these can cause interruptions if they expire.
+ * Added additional hardening against address impersonation on networks (also in 1.6.6).
+ * Fix an issue that could cause clobbering of MacOS IP route settings on restart.
+
+ * NOTE: Windows 7 is no longer supported! Windows 7 users will have to use version 1.6.5 or earlier.
+
+# 2021-09-15 -- Version 1.8.0 (preview release only)
+
+ * A *completely* rewritten desktop UI for Mac and Windows!
+ * Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
+ * Fix for MacOS MTU capping issue on feth devices
+ * Fix for mistakenly using v6 source addresses for v4 routes on some platforms
+ * Stop binding to temporary IPv6 addresses
+ * Set MAC address before bringing up Linux TAP link
+ * Check if DNS servers need to be applied on macOS
+ * Upgrade json.hpp dependency to version 3.10.2
+
+# 2021-09-21 -- Version 1.6.6
+
+ * Backport COM hash check mitigation against network member impersonation.
+
+# 2021-04-13 -- Version 1.6.5
+
+ * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects.
+ * Fix a printf overflow in zerotier-cli (not exploitable or a security risk)
+ * Windows now looks up the name of ZeroTier devices instead of relying on them having "ZeroTier" in them.
+
+# 2021-02-15 -- Version 1.6.4
+
+ * The groundhog saw his shadow, which meant that the "connection coma" bug still wasn't gone. We think we found it this time.
+
+# 2021-02-02 -- Version 1.6.3
+
+ * Likely fix for GitHub issue #1334, an issue that could cause ZeroTier to
+   go into a "coma" on some networks.
+ * Also groundhog day
+
+# 2020-11-30 -- Version 1.6.2
+
+ * Fix an ARM hardware AES crypto issue (not an exploitable vulnerability).
+ * Fix a Linux network leave hang due to a mutex deadlock.
+
+# 2020-11-24 -- Version 1.6.1
+
+This release fixes some minor bugs and other issues in 1.6.0.
+
+ * Fixed a bug that caused IP addresses in the 203.0.0.0/8 block to be miscategorized as not being in global scope.
+ * Changed Linux builds to (hopefully) fix LXC and SELinux issues.
+ * Fixed unaligned memory access that caused crash on FreeBSD systems on the ARM architecture.
+ * Merged CLI options for controlling bonded devices into the beta multipath code.
+ * Updated Windows driver with Microsoft cross-signing to fix issues on some Windows systems.
+
+# 2020-11-19 -- Version 1.6.0
+
+Version 1.6.0 is a major release that incorporates back-ported features from the 2.0 branch, which is still under development. It also fixes a number of issues.
+
+New features and improvements (including those listed under 1.5.0):
+
+ * **Apple Silicon** (MacOS ARM64) native support via universal binary. ZeroTier now requires the very latest Xcode to build.
+ * **Linux performance improvements** for up to 25% faster tun/tap I/O performance on multi-core systems.
+ * **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
+ * **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
+ * **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
+
+Bug fixes:
+
+ * **Managed route assignment fixes** to eliminate missing routes on Linux and what we believe to be the source of sporadic high CPU usage on MacOS.
+ * **Hang on shutdown** issues should be fixed.
+ * **Sporadic multicast outages** should be fixed.
+
+Known remaining issues:
+
+ * AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
+
+# 2020-10-05 -- Version 1.5.0 (actually 1.6.0-beta1)
+
+Version 1.6.0 (1.5.0 is a beta!) is a significant release that incorporates a number of back-ported fixes and features from the ZeroTier 2.0 tree.
+
+Major new features are:
+
+ * **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
+ * **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
+ * **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
+
+Known issues that are not yet fixed in this beta:
+
+ * Some Mac users have reported periods of 100% CPU in kernel_task and connection instability after leaving networks that have been joined for a period of time, or needing to kill ZeroTier and restart it to finish leaving a network. This doesn't appear to affect all users and we haven't diagnosed the root cause yet.
+ * The service sometimes hangs on shutdown requiring a kill -9. This also does not affect all systems or users.
+ * AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
+ * Some users have reported multicast/broadcast outages on networks lasting up to 30 seconds. Still investigating.
+
+We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
+
 # 2019-08-30 -- Version 1.4.6
 
  * Update default root list to latest

attic/WinUI/APIHandler.cs

@@ -272,7 +272,7 @@ namespace WinUI
             }
         }
 
-        public void JoinNetwork(Dispatcher d, string nwid, bool allowManaged = true, bool allowGlobal = false, bool allowDefault = false)
+        public void JoinNetwork(Dispatcher d, string nwid, bool allowManaged = true, bool allowGlobal = false, bool allowDefault = false, bool allowDNS = false)
         {
             Task.Factory.StartNew(() =>
             {
@@ -291,7 +291,8 @@ namespace WinUI
                     {
                         string json = "{\"allowManaged\":" + (allowManaged ? "true" : "false") + "," +
                                 "\"allowGlobal\":" + (allowGlobal ? "true" : "false") + "," +
-                                "\"allowDefault\":" + (allowDefault ? "true" : "false") + "}";
+                                "\"allowDefault\":" + (allowDefault ? "true" : "false") + "," +
+                                "\"allowDNS\":" + (allowDNS ? "true" : "false") + "}";
                         streamWriter.Write(json);
                         streamWriter.Flush();
                         streamWriter.Close();

attic/WinUI/AboutView.xaml

@@ -19,9 +19,9 @@
                     <Run Text="ZeroTier One"/>
                 </Paragraph>
                 <Paragraph TextAlignment="Center">
-                    <Run FontSize="14" Text="Version 1.4.6"/>
+                    <Run FontSize="14" Text="Version 1.6.6"/>
                     <LineBreak/>
-                    <Run FontSize="14" Text="(c) 2011-2019 ZeroTier, Inc."/>
+                    <Run FontSize="14" Text="(c) 2011-2021 ZeroTier, Inc."/>
                     <LineBreak/>
                     <Run FontSize="14" Text="www.zerotier.com"/>
                 </Paragraph>

attic/WinUI/CentralAPI.cs

@@ -75,7 +75,15 @@ namespace WinUI
             {
                 byte[] tmp = File.ReadAllBytes(centralConfigPath);
                 string json = Encoding.UTF8.GetString(tmp).Trim();
-                Central = JsonConvert.DeserializeObject<CentralServer>(json);
+                CentralServer ctmp = JsonConvert.DeserializeObject<CentralServer>(json);
+                if (ctmp != null)
+                {
+                    Central = ctmp;
+                } 
+                else
+                {
+                    Central = new CentralServer();
+                }
             }
             else
             {
@@ -105,7 +113,10 @@ namespace WinUI
         {
             string json = JsonConvert.SerializeObject(Central);
             byte[] tmp = Encoding.UTF8.GetBytes(json);
-            File.WriteAllBytes(CentralConfigFile(), tmp);
+            if (tmp != null)
+            {
+                File.WriteAllBytes(CentralConfigFile(), tmp);
+            }
         }
 
         private void UpdateRequestHeaders()

attic/WinUI/JoinNetworkView.xaml

@@ -10,7 +10,8 @@
         <TextBox x:Name="joinNetworkBox" HorizontalAlignment="Left" Height="23" Margin="10,10,0,0" TextWrapping="Wrap" VerticalAlignment="Top" Width="291" PreviewTextInput="joinNetworkBox_OnTextEntered" PreviewKeyDown="joinNetworkBox_OnKeyDown"/>
         <CheckBox x:Name="allowManagedCheckbox" Content="Allow Managed" HorizontalAlignment="Left" Margin="10,38,0,0" VerticalAlignment="Top" IsChecked="True"/>
         <CheckBox x:Name="allowGlobalCheckbox" Content="Allow Global" HorizontalAlignment="Left" Margin="118,38,0,0" VerticalAlignment="Top"/>
-        <CheckBox x:Name="allowDefaultCheckbox" Content="Allow Default" HorizontalAlignment="Left" Margin="210,38,-6,0" VerticalAlignment="Top"/>
+        <CheckBox x:Name="allowDefaultCheckbox" Content="Allow Default" HorizontalAlignment="Left" Margin="10,58,0,0" VerticalAlignment="Top"/>
+        <CheckBox x:Name="allowDNSCheckbox" Content="Allow DNS" HorizontalAlignment="Left" VerticalAlignment="Top" Margin="118,58,0,0"/>
         <Button x:Name="joinButton" Content="Join" HorizontalAlignment="Left" Margin="226,58,0,10" Background="#FFFFB354" VerticalAlignment="Top" Width="75" Click="joinButton_Click" IsEnabled="False"/>
     </Grid>
 </Window>

attic/WinUI/JoinNetworkView.xaml.cs

@@ -117,8 +117,9 @@ namespace WinUI
             bool allowDefault = allowDefaultCheckbox.IsChecked.Value;
             bool allowGlobal = allowGlobalCheckbox.IsChecked.Value;
             bool allowManaged = allowManagedCheckbox.IsChecked.Value;
+            bool allowDNS = allowDNSCheckbox.IsChecked.Value;
 
-            APIHandler.Instance.JoinNetwork(this.Dispatcher, joinNetworkBox.Text, allowManaged, allowGlobal, allowDefault);
+            APIHandler.Instance.JoinNetwork(this.Dispatcher, joinNetworkBox.Text, allowManaged, allowGlobal, allowDefault, allowDNS);
 
             Close();
         }

attic/WinUI/NetworkInfoView.xaml

@@ -29,6 +29,7 @@
                 <RowDefinition Height="auto"/>
                 <RowDefinition Height="auto"/>
                 <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
             </Grid.RowDefinitions>
 
             <Grid Grid.Column="0" Grid.Row="0" Grid.ColumnSpan="3">
@@ -54,8 +55,9 @@
             <TextBlock TextWrapping="Wrap" Text="Allow Global IP" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="10" Foreground="#FF000000"/>
             <TextBlock TextWrapping="Wrap" Text="Allow Managed IP" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="11" Foreground="#FF000000"/>
             <TextBlock TextWrapping="Wrap" Text="Allow Default Route" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="12" Foreground="#FF000000"/>
-            
-            <Rectangle Grid.Column="2" Grid.Row="2" Grid.RowSpan="11" Fill="#FFEEEEEE"/>
+            <TextBlock TextWrapping="Wrap" Text="Allow DNS" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="13" Foreground="#FF000000"/>
+
+            <Rectangle Grid.Column="2" Grid.Row="2" Grid.RowSpan="12" Fill="#FFEEEEEE"/>
 
             <TextBlock x:Name="networkStatus" FontFamily="Lucida Console" TextWrapping="Wrap" HorizontalAlignment="Right" Text="OK" TextAlignment="Right"  Grid.Column="2" Grid.Row="2" Foreground="#FF000000"/>
             <TextBlock x:Name="networkType" FontFamily="Lucida Console" TextWrapping="Wrap" Text="PUBLIC" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="3" Foreground="#FF000000"/>
@@ -68,10 +70,11 @@
             <CheckBox x:Name="allowGlobal" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="10" />
             <CheckBox x:Name="allowManaged" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="11" />
             <CheckBox x:Name="allowDefault" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="12" />
+            <CheckBox x:Name="allowDNS" HorizontalAlignment="Right" Grid.Column="2" Grid.Row="13"/>
+
+            <Separator Grid.Column="0" Grid.Row="14" Grid.ColumnSpan="3"/>
             
-            <Separator Grid.Column="0" Grid.Row="13" Grid.ColumnSpan="3"/>
-            
-            <Grid Grid.Column="0" Grid.Row="14" Grid.ColumnSpan="3" Background="GhostWhite">
+            <Grid Grid.Column="0" Grid.Row="15" Grid.ColumnSpan="3" Background="GhostWhite">
                 <Grid.ColumnDefinitions>
                     <ColumnDefinition Width="auto"/>
                     <ColumnDefinition Width="*"/>

attic/WinUI/NetworkInfoView.xaml.cs

@@ -36,6 +36,8 @@ namespace WinUI
             allowGlobal.Unchecked += AllowGlobal_CheckStateChanged;
             allowManaged.Checked += AllowManaged_CheckStateChanged;
             allowManaged.Unchecked += AllowManaged_CheckStateChanged;
+            allowDNS.Checked += AllowDNS_CheckStateChanged;
+            allowDNS.Unchecked += AllowDNS_CheckStateChanged;
         }
 
         private void UpdateNetworkData()
@@ -79,6 +81,7 @@ namespace WinUI
             this.allowDefault.IsChecked = network.AllowDefault;
             this.allowGlobal.IsChecked = network.AllowGlobal;
             this.allowManaged.IsChecked = network.AllowManaged;
+            this.allowDNS.IsChecked = network.AllowDNS;
 
 						this.connectedCheckBox.Checked -= connectedCheckBox_Checked;
 						this.connectedCheckBox.Unchecked -= connectedCheckbox_Unchecked;
@@ -116,7 +119,8 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void AllowGlobal_CheckStateChanged(object sender, RoutedEventArgs e)
@@ -125,7 +129,8 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void AllowDefault_CheckStateChanged(object sender, RoutedEventArgs e)
@@ -134,7 +139,18 @@ namespace WinUI
             APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
                 allowManaged.IsChecked ?? false,
                 allowGlobal.IsChecked ?? false,
-                allowDefault.IsChecked ?? false);
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
+        }
+
+        private void AllowDNS_CheckStateChanged(object sender, RoutedEventArgs e)
+        {
+            CheckBox cb = sender as CheckBox;
+            APIHandler.Instance.JoinNetwork(this.Dispatcher, network.NetworkId,
+                allowManaged.IsChecked ?? false,
+                allowGlobal.IsChecked ?? false,
+                allowDefault.IsChecked ?? false,
+                allowDNS.IsChecked ?? false);
         }
 
         private void connectedCheckBox_Checked(object sender, RoutedEventArgs e)
@@ -154,8 +170,9 @@ namespace WinUI
                 bool global = allowGlobal.IsChecked.Value;
                 bool managed = allowManaged.IsChecked.Value;
                 bool defRoute = allowDefault.IsChecked.Value;
+                bool dns = allowDNS.IsChecked.Value;
 
-                APIHandler.Instance.JoinNetwork(this.Dispatcher, networkId.Text, managed, global, defRoute);
+                APIHandler.Instance.JoinNetwork(this.Dispatcher, networkId.Text, managed, global, defRoute, dns);
             }
             else
             {

attic/WinUI/WinUI.csproj

@@ -260,7 +260,6 @@
     <None Include="Resources\ZeroTierIcon.ico" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <Import Project="$(MSBuildExtensionsPath)\Microsoft\Expression\Blend\.NETFramework\v4.5\Microsoft.Expression.Blend.WPF.targets" />
   <PropertyGroup>
     <PostBuildEvent>copy "$(SolutionDir)\copyutil\bin\$(ConfigurationName)\copyutil.exe" "$(ProjectDir)\$(OutDir)\copyutil.exe"</PostBuildEvent>
   </PropertyGroup>

attic/WinUI/ZeroTierNetwork.cs

@@ -30,6 +30,7 @@ namespace WinUI
         private bool allowManaged;
         private bool allowGlobal;
         private bool allowDefault;
+        private bool allowDNS;
         private bool isConnected;
 
         protected ZeroTierNetwork(SerializationInfo info, StreamingContext ctx)
@@ -53,6 +54,7 @@ namespace WinUI
                 AllowManaged = info.GetBoolean("allowManaged");
                 AllowGlobal = info.GetBoolean("allowGlobal");
                 AllowDefault = info.GetBoolean("allowDefault");
+                AllowDNS = info.GetBoolean("allowDNS");
             }
             catch { }
             IsConnected = false;
@@ -79,6 +81,7 @@ namespace WinUI
             info.AddValue("allowManaged", AllowManaged);
             info.AddValue("allowGlobal", AllowGlobal);
             info.AddValue("allowDefault", AllowDefault);
+            info.AddValue("allowDNS", AllowDNS);
         }
 
         public void UpdateNetwork(ZeroTierNetwork network)
@@ -165,6 +168,11 @@ namespace WinUI
                 AllowDefault = network.AllowDefault;
             }
 
+            if (AllowDNS != network.AllowDNS)
+            {
+                AllowDNS = network.AllowDNS;
+            }
+
             if (IsConnected != network.IsConnected)
             {
                 IsConnected = network.IsConnected;
@@ -413,6 +421,20 @@ namespace WinUI
                 NotifyPropertyChanged();
             }
         }
+
+        [JsonProperty("allowDNS")]
+        public bool AllowDNS
+        {
+            get
+            {
+                return allowDNS;
+            }
+            set
+            {
+                allowDNS = value;
+                NotifyPropertyChanged();
+            }
+        }
         
         public bool IsConnected
         {

attic/macui/ZeroTier One.xcodeproj/project.pbxproj

@@ -65,6 +65,7 @@
 		93DAFB261D3F0BEE004D5417 /* about.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = about.html; sourceTree = "<group>"; };
 		93DAFE4A1CFE53CA00547CC4 /* AuthtokenCopy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AuthtokenCopy.m; sourceTree = "<group>"; };
 		93DAFE4C1CFE53DA00547CC4 /* AuthtokenCopy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuthtokenCopy.h; sourceTree = "<group>"; };
+		C13C72B12527E1B20094F8B4 /* ZeroTier One.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "ZeroTier One.entitlements"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -99,6 +100,7 @@
 		93326BDA1CE7C816005CA2AC /* ZeroTier One */ = {
 			isa = PBXGroup;
 			children = (
+				C13C72B12527E1B20094F8B4 /* ZeroTier One.entitlements */,
 				932D472E1D1CD499004BCFE2 /* ZeroTierIcon.icns */,
 				93326BDD1CE7C816005CA2AC /* Assets.xcassets */,
 				93326BDF1CE7C816005CA2AC /* MainMenu.xib */,
@@ -175,6 +177,7 @@
 			developmentRegion = English;
 			hasScannedForEncodings = 0;
 			knownRegions = (
+				English,
 				en,
 				Base,
 			);
@@ -330,7 +333,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = "ZeroTier One/ZeroTier One.entitlements";
+				CODE_SIGN_IDENTITY = "-";
 				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ZeroTier One/Info.plist";
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
 				MACOSX_DEPLOYMENT_TARGET = 10.10;
@@ -345,7 +351,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = "ZeroTier One/ZeroTier One.entitlements";
+				CODE_SIGN_IDENTITY = "-";
 				COMBINE_HIDPI_IMAGES = YES;
+				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ZeroTier One/Info.plist";
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
 				MACOSX_DEPLOYMENT_TARGET = 10.10;

attic/macui/ZeroTier One.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

attic/macui/ZeroTier One/AppDelegate.m

@@ -336,6 +336,7 @@
                                     allowManaged:network.allowManaged
                                      allowGlobal:network.allowGlobal
                                     allowDefault:(network.allowDefault && ![Network defaultRouteExists:self.networks])
+                                        allowDNS:network.allowDNS
                                            error:&error];
 
         if (error) {

attic/macui/ZeroTier One/JoinNetworkViewController.h

@@ -30,6 +30,7 @@ extern NSString * const JoinedNetworksKey;
 @property (nonatomic, weak) IBOutlet NSButton *allowManagedCheckBox;
 @property (nonatomic, weak) IBOutlet NSButton *allowGlobalCheckBox;
 @property (nonatomic, weak) IBOutlet NSButton *allowDefaultCheckBox;
+@property (nonatomic, weak) IBOutlet NSButton *allowDNSCheckBox;
 @property (nonatomic, weak) IBOutlet AppDelegate *appDelegate;
 
 @property (nonatomic) NSMutableArray<NSString*> *values;

attic/macui/ZeroTier One/JoinNetworkViewController.m

@@ -54,6 +54,7 @@ NSString * const JoinedNetworksKey = @"com.zerotier.one.joined-networks";
     self.allowManagedCheckBox.state = NSOnState;
     self.allowGlobalCheckBox.state = NSOffState;
     self.allowDefaultCheckBox.state = NSOffState;
+    self.allowDNSCheckBox.state = NSOffState;
 
     self.network.stringValue = @"";
 
@@ -82,6 +83,7 @@ NSString * const JoinedNetworksKey = @"com.zerotier.one.joined-networks";
                                 allowManaged:(self.allowManagedCheckBox.state == NSOnState)
                                  allowGlobal:(self.allowGlobalCheckBox.state == NSOnState)
                                 allowDefault:(self.allowDefaultCheckBox.state == NSOnState)
+                                    allowDNS:(self.allowDNSCheckBox.state == NSOnState)
                                        error:&error];
 
     if(error) {

attic/macui/ZeroTier One/JoinNetworkViewController.xib

@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="11762" systemVersion="16D32" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="16097.3" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
     <dependencies>
         <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="11762"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="16097.3"/>
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
     <objects>
         <customObject id="-2" userLabel="File's Owner" customClass="JoinNetworkViewController" customModule="ZeroTier_One" customModuleProvider="target">
             <connections>
+                <outlet property="allowDNSCheckBox" destination="LKY-vN-prS" id="COu-3z-092"/>
                 <outlet property="allowDefaultCheckBox" destination="rz3-0a-oNA" id="mYu-Wq-MHW"/>
                 <outlet property="allowGlobalCheckBox" destination="BH2-2O-Qeu" id="alx-Je-q9I"/>
                 <outlet property="allowManagedCheckBox" destination="OQS-QZ-zcY" id="7pz-vO-3IC"/>
@@ -19,11 +20,11 @@
         <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
         <customObject id="-3" userLabel="Application" customClass="NSObject"/>
         <customView id="Hz6-mo-xeY">
-            <rect key="frame" x="0.0" y="0.0" width="397" height="123"/>
+            <rect key="frame" x="0.0" y="0.0" width="397" height="106"/>
             <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
             <subviews>
-                <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="puT-Yk-CWC">
-                    <rect key="frame" x="18" y="83" width="107" height="17"/>
+                <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" allowsCharacterPickerTouchBarItem="YES" translatesAutoresizingMaskIntoConstraints="NO" id="puT-Yk-CWC">
+                    <rect key="frame" x="18" y="66" width="107" height="17"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                     <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Enter Network ID" id="oYH-gS-BX5">
                         <font key="font" metaFont="system"/>
@@ -31,6 +32,47 @@
                         <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
                     </textFieldCell>
                 </textField>
+                <comboBox verticalHuggingPriority="750" fixedFrame="YES" allowsCharacterPickerTouchBarItem="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BQy-d9-BNg">
+                    <rect key="frame" x="131" y="62" width="249" height="26"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesDataSource="YES" numberOfVisibleItems="5" id="n71-4S-AaI">
+                        <font key="font" metaFont="system"/>
+                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                    </comboBoxCell>
+                </comboBox>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="OQS-QZ-zcY">
+                    <rect key="frame" x="18" y="42" width="115" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Managed" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="QEN-MJ-xaj">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BH2-2O-Qeu">
+                    <rect key="frame" x="18" y="22" width="97" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Global" bezelStyle="regularSquare" imagePosition="left" inset="2" id="epO-Uh-aHN">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="rz3-0a-oNA">
+                    <rect key="frame" x="137" y="42" width="141" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow Default Route" bezelStyle="regularSquare" imagePosition="left" inset="2" id="Lkd-XI-Kcu">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
+                <button verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="LKY-vN-prS">
+                    <rect key="frame" x="137" y="22" width="86" height="18"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                    <buttonCell key="cell" type="check" title="Allow DNS" bezelStyle="regularSquare" imagePosition="left" inset="2" id="gGS-NZ-yu1">
+                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                </button>
                 <button verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BGy-vd-NQX">
                     <rect key="frame" x="302" y="13" width="81" height="32"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
@@ -42,41 +84,8 @@
                         <action selector="onJoinClicked:" target="-2" id="kzC-GT-JKb"/>
                     </connections>
                 </button>
-                <comboBox verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BQy-d9-BNg">
-                    <rect key="frame" x="131" y="79" width="249" height="26"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesDataSource="YES" numberOfVisibleItems="5" id="n71-4S-AaI">
-                        <font key="font" metaFont="system"/>
-                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
-                    </comboBoxCell>
-                </comboBox>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="OQS-QZ-zcY">
-                    <rect key="frame" x="18" y="59" width="115" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Managed" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="QEN-MJ-xaj">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="BH2-2O-Qeu">
-                    <rect key="frame" x="137" y="59" width="97" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Global" bezelStyle="regularSquare" imagePosition="left" inset="2" id="epO-Uh-aHN">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
-                <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="rz3-0a-oNA">
-                    <rect key="frame" x="238" y="59" width="141" height="18"/>
-                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
-                    <buttonCell key="cell" type="check" title="Allow Default Route" bezelStyle="regularSquare" imagePosition="left" inset="2" id="Lkd-XI-Kcu">
-                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
-                        <font key="font" metaFont="system"/>
-                    </buttonCell>
-                </button>
             </subviews>
-            <point key="canvasLocation" x="263.5" y="372.5"/>
+            <point key="canvasLocation" x="263.5" y="364"/>
         </customView>
     </objects>
 </document>

attic/macui/ZeroTier One/Network.h

@@ -50,6 +50,7 @@ enum NetworkType {
 @property (readonly) BOOL allowManaged;
 @property (readonly) BOOL allowGlobal;
 @property (readonly) BOOL allowDefault;
+@property (readonly) BOOL allowDNS;
 @property (readonly) BOOL connected; // not persisted.  set to YES if loaded via json
 
 - (id)initWithJsonData:(NSDictionary*)jsonData;

attic/macui/ZeroTier One/Network.m

@@ -35,6 +35,7 @@ NSString *NetworkTypeKey = @"type";
 NSString *NetworkAllowManagedKey = @"allowManaged";
 NSString *NetworkAllowGlobalKey = @"allowGlobal";
 NSString *NetworkAllowDefaultKey = @"allowDefault";
+NSString *NetworkAllowDNSKey = @"allowDNS";
 
 @implementation Network
 
@@ -101,6 +102,11 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         if([jsonData objectForKey:@"allowDefault"]) {
             _allowDefault = [(NSNumber*)[jsonData objectForKey:@"allowDefault"] boolValue];
         }
+        if([jsonData objectForKey:@"allowDNS"]) {
+            _allowDNS = [(NSNumber*)[jsonData objectForKey:@"allowDNS"] boolValue];
+        } else {
+            _allowDNS = false;
+        }
 
         if([jsonData objectForKey:@"status"]) {
             NSString *statusStr = (NSString*)[jsonData objectForKey:@"status"];
@@ -207,6 +213,12 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         if([aDecoder containsValueForKey:NetworkAllowDefaultKey]) {
             _allowDefault = [aDecoder decodeBoolForKey:NetworkAllowDefaultKey];
         }
+        
+        if([aDecoder containsValueForKey:NetworkAllowDNSKey]) {
+            _allowDNS = [aDecoder decodeBoolForKey:NetworkAllowDNSKey];
+        } else {
+            _allowDNS = false;
+        }
 
         _connected = NO;
     }
@@ -233,6 +245,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
     [aCoder encodeBool:_allowManaged forKey:NetworkAllowManagedKey];
     [aCoder encodeBool:_allowGlobal forKey:NetworkAllowGlobalKey];
     [aCoder encodeBool:_allowDefault forKey:NetworkAllowDefaultKey];
+    [aCoder encodeBool:_allowDNS forKey:NetworkAllowDNSKey];
 }
 
 + (BOOL)defaultRouteExists:(NSArray<Network *>*)netList
@@ -297,6 +310,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         self.allowManaged == network.allowManaged &&
         self.allowGlobal == network.allowGlobal &&
         self.allowDefault == network.allowDefault &&
+        self.allowDNS == network.allowDNS &&
         self.connected == network.connected;
 }
 
@@ -331,6 +345,7 @@ NSString *NetworkAllowDefaultKey = @"allowDefault";
         self.allowManaged ^
         self.allowGlobal ^
         self.allowDefault ^
+        self.allowDNS ^
         self.connected;
 }
 

attic/macui/ZeroTier One/NetworkInfoCell.h

@@ -37,6 +37,7 @@
 @property (weak, nonatomic) IBOutlet NSButton *allowManaged;
 @property (weak, nonatomic) IBOutlet NSButton *allowGlobal;
 @property (weak, nonatomic) IBOutlet NSButton *allowDefault;
+@property (weak, nonatomic) IBOutlet NSButton *allowDNS;
 @property (weak, nonatomic) IBOutlet NSButton *connectedCheckbox;
 @property (weak, nonatomic) IBOutlet NSButton *deleteButton;
 

attic/macui/ZeroTier One/NetworkInfoCell.m

@@ -57,6 +57,7 @@
                                 allowManaged:(self.allowManaged.state == NSOnState)
                                  allowGlobal:(self.allowGlobal.state  == NSOnState)
                                 allowDefault:![Network defaultRouteExists:_parent.networkList] && (self.allowDefault.state == NSOnState)
+                                    allowDNS:(self.allowDNS.state == NSOnState)
                                        error:&error];
 
     if (error) {