ZeroTierOne/service
2016-11-21 15:21:24 -08:00
..
ClusterDefinition.hpp Cleanup in numerous places, reduce network chattiness around MULTICAST_LIKE, and fix a "how was that working" latent bug causing some control traffic to take the scenic route. 2016-04-19 12:09:35 -07:00
ClusterGeoIpService.cpp Store lat/lon too for testing and future display use. 2016-04-18 15:48:33 -07:00
ClusterGeoIpService.hpp Store lat/lon too for testing and future display use. 2016-04-18 15:48:33 -07:00
ControlPlane.cpp Move split() to OSUtils since it is not used in core. 2016-11-18 15:49:28 -08:00
ControlPlane.hpp We now always build the controller in ZeroTier One, at least for desktop and server targets. Also means that ZeroTier One now requires C++11. (Still keeping C++11 out of the core in node/ though.) 2016-08-17 10:42:32 -07:00
OneService.cpp Allow relay policy setting in local.conf 2016-11-21 15:21:24 -08:00
OneService.hpp Add (currently undocumented) option to allow management from certain networks. 2016-11-14 15:47:06 -08:00
README.md Keep connections up for netconf stuff as well as frames. 2016-11-09 16:04:08 -08:00

ZeroTier One Network Virtualization Service

This is the common background service implementation for ZeroTier One, the VPN-like OS-level network virtualization service.

It provides a ready-made core I/O loop and a local HTTP-based JSON control bus for controlling the service. This control bus HTTP server can also serve the files in ui/ if this folder's contents are installed in the ZeroTier home folder. The ui/ implements a React-based HTML5 user interface which is then wrappered for various platforms via MacGap, Windows .NET WebControl, etc. It can also be used locally from scripts or via curl.

Network Virtualization Service API

The JSON API supports GET, POST/PUT, and DELETE. PUT is treated as a synonym for POST. Other methods including HEAD are not supported.

Values POSTed to the JSON API are extremely type sensitive. Things must be of the indicated type, otherwise they will be ignored or will generate an error. Anything quoted is a string so booleans and integers must lack quotes. Booleans must be true or false and nothing else. Integers cannot contain decimal points or they are floats (and vice versa). If something seems to be getting ignored or set to a strange value, or if you receive errors, check the type of all JSON fields you are submitting against the types listed below. Unrecognized fields in JSON objects are also ignored.

API requests must be authenticated via an authentication token. ZeroTier One saves this token in the authtoken.secret file in its working directory. This token may be supplied via the auth URL parameter (e.g. '?auth=...') or via the X-ZT1-Auth HTTP request header. Static UI pages are the only thing the server will allow without authentication.

A jsonp URL argument may be supplied to request JSONP encapsulation. A JSONP response is sent as a script with its JSON response payload wrapped in a call to the function name supplied as the argument to jsonp.

/status

  • Purpose: Get running node status and addressing info
  • Methods: GET
  • Returns: { object }
FieldTypeDescriptionWritable
addressstring10-digit hexadecimal ZeroTier address of this nodeno
publicIdentitystringFull public ZeroTier identity of this nodeno
worldIdintegerFixed value representing the virtual data center of Earth.no
worldTimestampintegerTimestamp of the last root server topology change.no
onlinebooleanDoes this node appear to have upstream network access?no
tcpFallbackActivebooleanIs TCP fallback mode active?no
versionMajorintegerZeroTier major versionno
versionMinorintegerZeroTier minor versionno
versionRevintegerZeroTier revisionno
versionstringVersion in major.minor.rev formatno
clockintegerNode system clock in ms since epochno

/config

  • Purpose: Get or set local configuration
  • Methods: GET, POST
  • Returns: { object }

No local configuration options are exposed yet.

FieldTypeDescriptionWritable

/network

  • Purpose: Get all network memberships
  • Methods: GET
  • Returns: [ {object}, ... ]

Getting /network returns an array of all networks that this node has joined. See below for network object format.

/network/<network ID>

  • Purpose: Get, join, or leave a network
  • Methods: GET, POST, DELETE
  • Returns: { object }

To join a network, POST to it. Since networks have no mandatory writable parameters, POST data is optional and may be omitted. Example: POST to /network/8056c2e21c000001 to join the public "Earth" network. To leave a network, DELETE it e.g. DELETE /network/8056c2e21c000001.

Most network settings are not writable, as they are defined by the network controller.

FieldTypeDescriptionWritable
nwidstring16-digit hex network IDno
macstringEthernet MAC address of virtual network portno
namestringNetwork short name as configured on network controllerno
statusstringNetwork status: OK, ACCESS_DENIED, PORT_ERROR, etc.no
typestringNetwork type, currently PUBLIC or PRIVATEno
mtuintegerEthernet MTUno
dhcpbooleanIf true, DHCP may be used to obtain an IP addressno
bridgebooleanIf true, this node may bridge in other Ethernet devicesno
broadcastEnabledbooleanIs Ethernet broadcast (ff:ff:ff:ff:ff:ff) allowed?no
portErrorintegerError code (if any) returned by underlying OS "tap" driverno
netconfRevisionintegerNetwork configuration revision IDno
assignedAddresses[string]ZeroTier-managed IP address assignments as array of IP/netmask bits tuplesno
routes[route]ZeroTier-managed route assignments for a network. See below for a description of the route object.no
portDeviceNamestringOS-specific network device name (if available)no
allowManagedbooleanWhether ZeroTier-managed IP addresses are allowed.yes
allowGlobalbooleanWhether globally-reachable IP addresses are allowed to be assigned.yes
allowDefaultbooleanWhether a default route is allowed to be assigned for the network (route all traffic via ZeroTier)yes

route objects

FieldTypeDescriptionWritable
targetstringTarget network / netmask bits, NULL, or 0.0.0.0/0 for default routeno
viastringGateway IP addressno
flagsintegerRoute flagsno
metricintegerRoute metric (not currently used)no

/peer

  • Purpose: Get all peers
  • Methods: GET
  • Returns: [ {object}, ... ]

Getting /peer returns an array of peer objects for all current peers. See below for peer object format.

/peer/<address>

  • Purpose: Get information about a peer
  • Methods: GET
  • Returns: { object }
FieldTypeDescriptionWritable
addressstring10-digit hex ZeroTier addressno
versionMajorintegerMajor version of remote if knownno
versionMinorintegerMinor version of remote if knownno
versionRevintegerRevision of remote if knownno
versionstringVersion in major.minor.rev formatno
latencyintegerLatency in milliseconds if knownno
rolestringLEAF, HUB, or ROOTSERVERno
paths[object]Array of path objects (see below)no

Path objects describe direct physical paths to peer. If no path objects are listed, peer is only reachable via indirect relay fallback. Path object format is:

FieldTypeDescriptionWritable
addressstringPhysical socket address e.g. IP/port for UDPno
lastSendintegerLast send via this path in ms since epochno
lastReceiveintegerLast receive via this path in ms since epochno
fixedbooleanIf true, this is a statically-defined "fixed" pathno
preferredbooleanIf true, this is the current preferred pathno