mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-19 13:07:55 +00:00
c03ca3c278
Version 1.1.6 contains several significant improvements for use in complex network environments along with some minor bug fixes and improvements to path stability and dead path detection. ROUTE MANAGEMENT AND FULL TUNNEL SUPPORT 1.1.6 is the first version of ZeroTier One to permit "full tunnel" (default route override) operation on Linux, Mac, and Windows. This allows all Internet traffic to be tunneled through ZeroTier while allowing ZeroTier peer-to-peer traffic to continue to use the physical interface. 1.1.6 also brings route management support and permissions settings for local networks to control whether networks are allowed to modify the routing table or override default routing. This is currently considered a beta/experimental feature and must be enabled via the command line interface. Route management and default route override requires support at the network controller. When my.zerotier.com is updated and ready, we will post more information and testing instructions at: https://www.zerotier.com/community HIGHLY SCALABLE CONTAINER NETWORKING 1.1.6 also brings a new multicast-free (NDP emulated) IPv6 private addressing scheme called "6plane." 6plane provides each host with a private IPv6 /80 and routes *all* IPv6 traffic for this subnet to the host via transparent NDP emulation. This /80 can then be assigned to Docker or other container/VM managers to assign a network-wide IPv6 /128 to every container. Since NDP is emulated and multicast isn't needed, this system can scale to millions of containers or more on a single backplane network with a high degree of efficiency and reliability. 6plane also requires controller support. Look for it at my.zerotier.com once we have upgraded our core infrastructure and web UIs. (All hosts must be running 1.1.6 for 6plane to work properly. Other IPv6 addresses or addressing modes are not affected and normal IPv6 NDP will continue to work alongside 6plane in the same network.) OTHER CHANGES * Upgraded bundled miniupnpc, libnatpmp, and http-parser. * New Debian and RPM packaging that is closer to compliance with distribution guidelines, and a new Dockerized Linux package build system in linux-build-farm/ that can build every package on actual images of the correct distribution. * Improvements to dead path detection. * IPv6 now uses keepalive because a significant number of stateful IPv6 edge routers have very short timeouts (30 seconds or less!). * Significant performance improvements to network controllers under high load. * Enable -fstack-protector-strong for better stack canary (security) support in binaries. Note that this may require newer gcc/g++ or clang. COMING SOON The next version of ZeroTier One should have a new Mac UI. It's a system tray app that looks and behaves a lot like the Mac WiFi pulldown menu. We'll also be adding GUI support for default route and route management options and other new features. Shortly after that we plan on adding full OpenFlow-like SDN rules engine support to the ZeroTier core, making our planetary Ethernet switch a fully manageable smart switch and enabling sophisticated security and flow rule management.
115 lines
4.5 KiB
Makefile
115 lines
4.5 KiB
Makefile
ifeq ($(origin CC),default)
|
|
CC=$(shell if [ -e /usr/bin/clang ]; then echo clang; else echo gcc; fi)
|
|
endif
|
|
ifeq ($(origin CXX),default)
|
|
CXX=$(shell if [ -e /usr/bin/clang++ ]; then echo clang++; else echo g++; fi)
|
|
endif
|
|
|
|
INCLUDES=
|
|
DEFS=
|
|
LIBS=
|
|
ARCH_FLAGS=-arch x86_64
|
|
|
|
include objects.mk
|
|
OBJS+=osdep/OSXEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o
|
|
|
|
# Disable codesign since open source users will not have ZeroTier's certs
|
|
CODESIGN=echo
|
|
PRODUCTSIGN=echo
|
|
CODESIGN_APP_CERT=
|
|
CODESIGN_INSTALLER_CERT=
|
|
|
|
# Build with libminiupnpc by default for Mac -- desktops/laptops almost always want this
|
|
ZT_USE_MINIUPNPC?=1
|
|
|
|
# For internal use only -- signs everything with ZeroTier's developer cert
|
|
ifeq ($(ZT_OFFICIAL_RELEASE),1)
|
|
DEFS+=-DZT_OFFICIAL_RELEASE -DZT_AUTO_UPDATE
|
|
ZT_USE_MINIUPNPC=1
|
|
CODESIGN=codesign
|
|
PRODUCTSIGN=productsign
|
|
CODESIGN_APP_CERT="Developer ID Application: ZeroTier Networks LLC (8ZD9JUCZ4V)"
|
|
CODESIGN_INSTALLER_CERT="Developer ID Installer: ZeroTier Networks LLC (8ZD9JUCZ4V)"
|
|
endif
|
|
|
|
ifeq ($(ZT_ENABLE_CLUSTER),1)
|
|
DEFS+=-DZT_ENABLE_CLUSTER
|
|
endif
|
|
|
|
ifeq ($(ZT_AUTO_UPDATE),1)
|
|
DEFS+=-DZT_AUTO_UPDATE
|
|
endif
|
|
|
|
ifeq ($(ZT_USE_MINIUPNPC),1)
|
|
DEFS+=-DMACOSX -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
|
|
OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o osdep/PortMapper.o
|
|
endif
|
|
|
|
ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1)
|
|
DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER
|
|
LIBS+=-L/usr/local/lib -lsqlite3
|
|
OBJS+=controller/SqliteNetworkController.o
|
|
endif
|
|
|
|
# Debug mode -- dump trace output, build binary with -g
|
|
ifeq ($(ZT_DEBUG),1)
|
|
DEFS+=-DZT_TRACE
|
|
CFLAGS+=-Wall -g -pthread $(INCLUDES) $(DEFS)
|
|
STRIP=echo
|
|
# The following line enables optimization for the crypto code, since
|
|
# C25519 in particular is almost UNUSABLE in heavy testing without it.
|
|
ext/lz4/lz4.o node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
|
|
else
|
|
CFLAGS?=-Ofast -fstack-protector-strong
|
|
CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -pthread -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
|
|
STRIP=strip
|
|
endif
|
|
|
|
CXXFLAGS=$(CFLAGS) -fno-rtti
|
|
|
|
all: one
|
|
|
|
one: $(OBJS) service/OneService.o one.o
|
|
$(CXX) $(CXXFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o $(LIBS)
|
|
$(STRIP) zerotier-one
|
|
ln -sf zerotier-one zerotier-idtool
|
|
ln -sf zerotier-one zerotier-cli
|
|
$(CODESIGN) -f -s $(CODESIGN_APP_CERT) zerotier-one
|
|
$(CODESIGN) -vvv zerotier-one
|
|
|
|
cli: FORCE
|
|
$(CXX) -Os -mmacosx-version-min=10.7 -std=c++11 -stdlib=libc++ -o zerotier cli/zerotier.cpp osdep/OSUtils.cpp node/InetAddress.cpp node/Utils.cpp node/Salsa20.cpp node/Identity.cpp node/SHA512.cpp node/C25519.cpp -lcurl
|
|
$(STRIP) zerotier
|
|
|
|
selftest: $(OBJS) selftest.o
|
|
$(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(OBJS) $(LIBS)
|
|
$(STRIP) zerotier-selftest
|
|
|
|
# Requires Packages: http://s.sudre.free.fr/Software/Packages/about.html
|
|
mac-dist-pkg: FORCE
|
|
packagesbuild "ext/installfiles/mac/ZeroTier One.pkgproj"
|
|
rm -f "ZeroTier One Signed.pkg"
|
|
$(PRODUCTSIGN) --sign $(CODESIGN_INSTALLER_CERT) "ZeroTier One.pkg" "ZeroTier One Signed.pkg"
|
|
if [ -f "ZeroTier One Signed.pkg" ]; then mv -f "ZeroTier One Signed.pkg" "ZeroTier One.pkg"; fi
|
|
|
|
# For ZeroTier, Inc. to build official signed packages
|
|
official: FORCE
|
|
make clean
|
|
make ZT_OFFICIAL_RELEASE=1 -j 4 one
|
|
make ZT_OFFICIAL_RELEASE=1 mac-dist-pkg
|
|
|
|
clean:
|
|
rm -rf *.dSYM build-* *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o $(OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier ZeroTierOneInstaller-* mkworld doc/node_modules
|
|
|
|
distclean: clean
|
|
rm -rf doc/node_modules
|
|
|
|
# For those building from source -- installs signed binary tap driver in system ZT home
|
|
install-mac-tap: FORCE
|
|
mkdir -p /Library/Application\ Support/ZeroTier/One
|
|
rm -rf /Library/Application\ Support/ZeroTier/One/tap.kext
|
|
cp -R ext/bin/tap-mac/tap.kext /Library/Application\ Support/ZeroTier/One
|
|
chown -R root:wheel /Library/Application\ Support/ZeroTier/One/tap.kext
|
|
|
|
FORCE:
|