void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-09-04 13:52:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'adam/1.16' into gl/ctl-pubsub
Some checks are pending
/ build_macos (push) Waiting to run
Details
/ build_windows (push) Waiting to run
Details
/ build_ubuntu (push) Waiting to run
Details

Browse source
This commit is contained in:
Grant Limberg 2025-09-01 16:47:55 -07:00
commit 195d5b47f0
202 changed files with 7159 additions and 8254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.clangd
View file

@ -4,6 +4,8 @@ CompileFlags:
- "-I../ext"
- "-I../ext/prometheus-cpp-lite-1.0/core/include"
- "-I../ext/prometheus-cpp-lite-1.0/simpleapi/include"
- "-I../ext/opentelemetry-cpp-1.21.0/api/include"
- "-I./ext"
- "-I./ext/prometheus-cpp-lite-1.0/core/include"
- "-I./ext/prometheus-cpp-lite-1.0/simpleapi/include"
- "-I./ext/opentelemetry-cpp-1.21.0/api/include"

16
.gitignore vendored
View file

@ -6,16 +6,19 @@
/zerotier
/nltest
# IDE stuff
# IDE and dev tool stuff
/.idea
/.nova
/compile_commands.json
/.claude
/.aider
# OS-created garbage files from various platforms
.DS_Store
.Apple*
Thumbs.db
@eaDir
lost+found
._*
# Windows build droppings
@ -58,6 +61,9 @@ zt1-src.tar.gz
/MacEthernetTapAgent
# Miscellaneous temporaries, build files, etc.
ext/installfiles/windows/*.back*.aip
tcp-proxy/tcp-proxy
rustybits/target
*.log
*.opensdf
*.user
@ -101,7 +107,6 @@ windows/ZeroTierOne/Debug/
/ext/installfiles/windows/chocolatey/zerotier-one/*.nupkg
# Miscellaneous mac/Xcode droppings
.DS_Store
.Trashes
*.swp
*~.nib
@ -126,19 +131,14 @@ workspace2/
zeroidc/target/
tcp-proxy/target
#snapcraft specifics
# Snapcraft Linux build stuff
/parts/
/stage/
/prime/
*.snap
.snapcraft
__pycache__
*.pyc
*_source.tar.bz2
snap/.snapcraft
tcp-proxy/tcp-proxy
rustybits/target
ext/installfiles/windows/*.back*.aip
build/

2
CMakeLists.txt
View file

@ -91,7 +91,7 @@ add_subdirectory(ext)
add_subdirectory(node)
add_subdirectory(osdep)
add_subdirectory(service)
add_subdirectory(controller)
add_subdirectory(nonfree)
set(LINKED_LIBRARIES
prometheus-cpp-lite

12
COPYING
View file

@ -1,12 +0,0 @@
ZeroTier One, an endpoint server for the ZeroTier virtual network layer.
Copyright © 20112019 ZeroTier, Inc.
ZeroTier is released under the terms of the BUSL version 1.1. See the
file LICENSE.txt for details.
..
Local variables:
coding: utf-8
mode: text
End:
vim: fileencoding=utf-8 filetype=text :

373
LICENSE-MPL.txt Normal file
View file

@ -0,0 +1,373 @@
Mozilla Public License Version 2.0
==================================
1. Definitions
--------------
1.1. "Contributor"
means each individual or legal entity that creates, contributes to
the creation of, or owns Covered Software.
1.2. "Contributor Version"
means the combination of the Contributions of others (if any) used
by a Contributor and that particular Contributor's Contribution.
1.3. "Contribution"
means Covered Software of a particular Contributor.
1.4. "Covered Software"
means Source Code Form to which the initial Contributor has attached
the notice in Exhibit A, the Executable Form of such Source Code
Form, and Modifications of such Source Code Form, in each case
including portions thereof.
1.5. "Incompatible With Secondary Licenses"
means
(a) that the initial Contributor has attached the notice described
in Exhibit B to the Covered Software; or
(b) that the Covered Software was made available under the terms of
version 1.1 or earlier of the License, but not also under the
terms of a Secondary License.
1.6. "Executable Form"
means any form of the work other than Source Code Form.
1.7. "Larger Work"
means a work that combines Covered Software with other material, in
a separate file or files, that is not Covered Software.
1.8. "License"
means this document.
1.9. "Licensable"
means having the right to grant, to the maximum extent possible,
whether at the time of the initial grant or subsequently, any and
all of the rights conveyed by this License.
1.10. "Modifications"
means any of the following:
(a) any file in Source Code Form that results from an addition to,
deletion from, or modification of the contents of Covered
Software; or
(b) any new file in Source Code Form that contains any Covered
Software.
1.11. "Patent Claims" of a Contributor
means any patent claim(s), including without limitation, method,
process, and apparatus claims, in any patent Licensable by such
Contributor that would be infringed, but for the grant of the
License, by the making, using, selling, offering for sale, having
made, import, or transfer of either its Contributions or its
Contributor Version.
1.12. "Secondary License"
means either the GNU General Public License, Version 2.0, the GNU
Lesser General Public License, Version 2.1, the GNU Affero General
Public License, Version 3.0, or any later versions of those
licenses.
1.13. "Source Code Form"
means the form of the work preferred for making modifications.
1.14. "You" (or "Your")
means an individual or a legal entity exercising rights under this
License. For legal entities, "You" includes any entity that
controls, is controlled by, or is under common control with You. For
purposes of this definition, "control" means (a) the power, direct
or indirect, to cause the direction or management of such entity,
whether by contract or otherwise, or (b) ownership of more than
fifty percent (50%) of the outstanding shares or beneficial
ownership of such entity.
2. License Grants and Conditions
--------------------------------
2.1. Grants
Each Contributor hereby grants You a world-wide, royalty-free,
non-exclusive license:
(a) under intellectual property rights (other than patent or trademark)
Licensable by such Contributor to use, reproduce, make available,
modify, display, perform, distribute, and otherwise exploit its
Contributions, either on an unmodified basis, with Modifications, or
as part of a Larger Work; and
(b) under Patent Claims of such Contributor to make, use, sell, offer
for sale, have made, import, and otherwise transfer either its
Contributions or its Contributor Version.
2.2. Effective Date
The licenses granted in Section 2.1 with respect to any Contribution
become effective for each Contribution on the date the Contributor first
distributes such Contribution.
2.3. Limitations on Grant Scope
The licenses granted in this Section 2 are the only rights granted under
this License. No additional rights or licenses will be implied from the
distribution or licensing of Covered Software under this License.
Notwithstanding Section 2.1(b) above, no patent license is granted by a
Contributor:
(a) for any code that a Contributor has removed from Covered Software;
or
(b) for infringements caused by: (i) Your and any other third party's
modifications of Covered Software, or (ii) the combination of its
Contributions with other software (except as part of its Contributor
Version); or
(c) under Patent Claims infringed by Covered Software in the absence of
its Contributions.
This License does not grant any rights in the trademarks, service marks,
or logos of any Contributor (except as may be necessary to comply with
the notice requirements in Section 3.4).
2.4. Subsequent Licenses
No Contributor makes additional grants as a result of Your choice to
distribute the Covered Software under a subsequent version of this
License (see Section 10.2) or under the terms of a Secondary License (if
permitted under the terms of Section 3.3).
2.5. Representation
Each Contributor represents that the Contributor believes its
Contributions are its original creation(s) or it has sufficient rights
to grant the rights to its Contributions conveyed by this License.
2.6. Fair Use
This License is not intended to limit any rights You have under
applicable copyright doctrines of fair use, fair dealing, or other
equivalents.
2.7. Conditions
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
in Section 2.1.
3. Responsibilities
-------------------
3.1. Distribution of Source Form
All distribution of Covered Software in Source Code Form, including any
Modifications that You create or to which You contribute, must be under
the terms of this License. You must inform recipients that the Source
Code Form of the Covered Software is governed by the terms of this
License, and how they can obtain a copy of this License. You may not
attempt to alter or restrict the recipients' rights in the Source Code
Form.
3.2. Distribution of Executable Form
If You distribute Covered Software in Executable Form then:
(a) such Covered Software must also be made available in Source Code
Form, as described in Section 3.1, and You must inform recipients of
the Executable Form how they can obtain a copy of such Source Code
Form by reasonable means in a timely manner, at a charge no more
than the cost of distribution to the recipient; and
(b) You may distribute such Executable Form under the terms of this
License, or sublicense it under different terms, provided that the
license for the Executable Form does not attempt to limit or alter
the recipients' rights in the Source Code Form under this License.
3.3. Distribution of a Larger Work
You may create and distribute a Larger Work under terms of Your choice,
provided that You also comply with the requirements of this License for
the Covered Software. If the Larger Work is a combination of Covered
Software with a work governed by one or more Secondary Licenses, and the
Covered Software is not Incompatible With Secondary Licenses, this
License permits You to additionally distribute such Covered Software
under the terms of such Secondary License(s), so that the recipient of
the Larger Work may, at their option, further distribute the Covered
Software under the terms of either this License or such Secondary
License(s).
3.4. Notices
You may not remove or alter the substance of any license notices
(including copyright notices, patent notices, disclaimers of warranty,
or limitations of liability) contained within the Source Code Form of
the Covered Software, except that You may alter any license notices to
the extent required to remedy known factual inaccuracies.
3.5. Application of Additional Terms
You may choose to offer, and to charge a fee for, warranty, support,
indemnity or liability obligations to one or more recipients of Covered
Software. However, You may do so only on Your own behalf, and not on
behalf of any Contributor. You must make it absolutely clear that any
such warranty, support, indemnity, or liability obligation is offered by
You alone, and You hereby agree to indemnify every Contributor for any
liability incurred by such Contributor as a result of warranty, support,
indemnity or liability terms You offer. You may include additional
disclaimers of warranty and limitations of liability specific to any
jurisdiction.
4. Inability to Comply Due to Statute or Regulation
---------------------------------------------------
If it is impossible for You to comply with any of the terms of this
License with respect to some or all of the Covered Software due to
statute, judicial order, or regulation then You must: (a) comply with
the terms of this License to the maximum extent possible; and (b)
describe the limitations and the code they affect. Such description must
be placed in a text file included with all distributions of the Covered
Software under this License. Except to the extent prohibited by statute
or regulation, such description must be sufficiently detailed for a
recipient of ordinary skill to be able to understand it.
5. Termination
--------------
5.1. The rights granted under this License will terminate automatically
if You fail to comply with any of its terms. However, if You become
compliant, then the rights granted under this License from a particular
Contributor are reinstated (a) provisionally, unless and until such
Contributor explicitly and finally terminates Your grants, and (b) on an
ongoing basis, if such Contributor fails to notify You of the
non-compliance by some reasonable means prior to 60 days after You have
come back into compliance. Moreover, Your grants from a particular
Contributor are reinstated on an ongoing basis if such Contributor
notifies You of the non-compliance by some reasonable means, this is the
first time You have received notice of non-compliance with this License
from such Contributor, and You become compliant prior to 30 days after
Your receipt of the notice.
5.2. If You initiate litigation against any entity by asserting a patent
infringement claim (excluding declaratory judgment actions,
counter-claims, and cross-claims) alleging that a Contributor Version
directly or indirectly infringes any patent, then the rights granted to
You by any and all Contributors for the Covered Software under Section
2.1 of this License shall terminate.
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
end user license agreements (excluding distributors and resellers) which
have been validly granted by You or Your distributors under this License
prior to termination shall survive termination.
************************************************************************
* *
* 6. Disclaimer of Warranty *
* ------------------------- *
* *
* Covered Software is provided under this License on an "as is" *
* basis, without warranty of any kind, either expressed, implied, or *
* statutory, including, without limitation, warranties that the *
* Covered Software is free of defects, merchantable, fit for a *
* particular purpose or non-infringing. The entire risk as to the *
* quality and performance of the Covered Software is with You. *
* Should any Covered Software prove defective in any respect, You *
* (not any Contributor) assume the cost of any necessary servicing, *
* repair, or correction. This disclaimer of warranty constitutes an *
* essential part of this License. No use of any Covered Software is *
* authorized under this License except under this disclaimer. *
* *
************************************************************************
************************************************************************
* *
* 7. Limitation of Liability *
* -------------------------- *
* *
* Under no circumstances and under no legal theory, whether tort *
* (including negligence), contract, or otherwise, shall any *
* Contributor, or anyone who distributes Covered Software as *
* permitted above, be liable to You for any direct, indirect, *
* special, incidental, or consequential damages of any character *
* including, without limitation, damages for lost profits, loss of *
* goodwill, work stoppage, computer failure or malfunction, or any *
* and all other commercial damages or losses, even if such party *
* shall have been informed of the possibility of such damages. This *
* limitation of liability shall not apply to liability for death or *
* personal injury resulting from such party's negligence to the *
* extent applicable law prohibits such limitation. Some *
* jurisdictions do not allow the exclusion or limitation of *
* incidental or consequential damages, so this exclusion and *
* limitation may not apply to You. *
* *
************************************************************************
8. Litigation
-------------
Any litigation relating to this License may be brought only in the
courts of a jurisdiction where the defendant maintains its principal
place of business and such litigation shall be governed by laws of that
jurisdiction, without reference to its conflict-of-law provisions.
Nothing in this Section shall prevent a party's ability to bring
cross-claims or counter-claims.
9. Miscellaneous
----------------
This License represents the complete agreement concerning the subject
matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent
necessary to make it enforceable. Any law or regulation which provides
that the language of a contract shall be construed against the drafter
shall not be used to construe this License against a Contributor.
10. Versions of the License
---------------------------
10.1. New Versions
Mozilla Foundation is the license steward. Except as provided in Section
10.3, no one other than the license steward has the right to modify or
publish new versions of this License. Each version will be given a
distinguishing version number.
10.2. Effect of New Versions
You may distribute the Covered Software under the terms of the version
of the License under which You originally received the Covered Software,
or under the terms of any subsequent version published by the license
steward.
10.3. Modified Versions
If you create software not governed by this License, and you want to
create a new license for such software, you may create and use a
modified version of this License if you rename the license and remove
any references to the name of the license steward (except to note that
such modified license differs from this License).
10.4. Distributing Source Code Form that is Incompatible With Secondary
Licenses
If You choose to distribute Source Code Form that is Incompatible With
Secondary Licenses under the terms of this version of the License, the
notice described in Exhibit B of this License must be attached.
Exhibit A - Source Code Form License Notice
-------------------------------------------
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to look
for such a notice.
You may add additional accurate notices of copyright ownership.
Exhibit B - "Incompatible With Secondary Licenses" Notice
---------------------------------------------------------
This Source Code Form is "Incompatible With Secondary Licenses", as
defined by the Mozilla Public License, v. 2.0.

150
LICENSE.txt
View file

@ -1,149 +1,5 @@
-----------------------------------------------------------------------------
See LICENSE-MPL.txt for all code in node/, osdep/. service/, and everywhere else except ext/ and nonfree/.
Business Source License 1.1
See nonfree/LICENSE.md for all non-free ("source available") portions of this repository.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
"Business Source License" is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Parameters
Licensor: ZeroTier, Inc.
Licensed Work: ZeroTier Network Virtualization Engine 1.4.4
The Licensed Work is (c)2019 ZeroTier, Inc.
Additional Use Grant: You may make use of the Licensed Work, provided you
do not use it in any of the following ways:
* Sell hosted ZeroTier services as a "SaaS" Product
(1) Operate or sell access to ZeroTier root servers,
network controllers, or authorization key or certificate
generation components of the Licensed Work as a
for-profit service, regardless of whether the use of
these components is sold alone or is bundled with other
services. Note that this does not apply to the use of
ZeroTier behind the scenes to operate a service not
related to ZeroTier network administration.
* Create Non-Open-Source Commercial Derivative Works
(2) Link or directly include the Licensed Work in a
commercial or for-profit application or other product
not distributed under an Open Source Initiative (OSI)
compliant license. See: https://opensource.org/licenses
(3) Remove the name, logo, copyright, or other branding
material from the Licensed Work to create a "rebranded"
or "white labeled" version to distribute as part of
any commercial or for-profit product or service.
* Certain Government Uses
(4) Use or deploy the Licensed Work in a government
setting in support of any active government function
or operation with the exception of the following:
physical or mental health care, family and social
services, social welfare, senior care, child care, and
the care of persons with disabilities.
Change Date: 2026-01-01
Change License: Apache License version 2.0 as published by the Apache
Software Foundation
https://www.apache.org/licenses/
Alternative Licensing
If you would like to use the Licensed Work in any way that conflicts with
the stipulations of the Additional Use Grant, contact ZeroTier, Inc. to
obtain an alternative commercial license.
Visit us on the web at: https://www.zerotier.com/
Notice
The Business Source License (this document, or the "License") is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
For more information on the use of the Business Source License for ZeroTier
products, please visit our pricing page which contains license details and
and license FAQ: https://zerotier.com/pricing
For more information on the use of the Business Source License generally,
please visit the Adopting and Developing Business Source License FAQ at
https://mariadb.com/bsl-faq-adopting.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
-----------------------------------------------------------------------------
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark "Business Source License",
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the "Business
Source License" name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where "compatible" means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text "None".
3. To specify a Change Date.
4. Not to modify this License in any other way.
Code in ext/ is external code included for build convenience or backward compatibility and retains its original license.

2
Makefile
View file

@ -33,4 +33,4 @@ drone:
drone sign zerotier/ZeroTierOne --save
clang-format:
find node osdep service tcp-proxy controller -iname '*.cpp' -o -iname '*.hpp' | xargs clang-format -i
find node osdep service tcp-proxy nonfree/controller -iname '*.cpp' -o -iname '*.hpp' | xargs clang-format -i

233
RELEASE-NOTES.md
View file

@ -1,14 +1,42 @@
ZeroTier Release Notes
======
# 2024-10-23 -- Version 1.14.2
## 2025-08-21 -- Version 1.16.0
* License Changes
* The core (`node/` and `include/`) and the service (`service/` and `osdep/`) are now under the Mozilla Public License (MPL).
* The network controller (`controller/`) is now under a commercial source-available license.
* Use `make ZT_NONFREE=1` to build non-MPL components.
* Building with `ZT_NONFREE=1` changes the license of the resulting executable to a proprietary commercial license vs. MPL.
* Default binary builds no longer contain the controller.
* Network-Specific Relays (preview / beta)
* It is now possible to designate one or more nodes as network-specific relays to be used in preference to roots for relayed traffic between members of a network. These nodes need not necessarily be members of the network.
* "Moons" are now considered even more extra *deprecated* and should not be used in new deployments.
* We will announce support for network-specific relays once we have worked with some users to test and performed more internal validation.
* HELLO packet encryption is now available by enabling the `encryptedHelloEnabled` settting in `local.conf`.
* HELLO packets contain no data, only public keys and very basic meta-data like protocol version information.
* Most users won't care about this, but if you require this for e.g. compliance reasons you can enable. This adds a small amount of CPU and bandwidth overhead to the HELLO sign-on process.
* Small Fixes
* Code has been reformatted using `clang-format` with a `.clang-format` definition in the repo. Typing `make clang-format` executes this against all main core and service C++ files.
* Bridges are no longer counted toward multicast limits.
* A flow designation issue in bridged traffic under multipath scenarios has been fixed.
* Library version updates for OIDC and other features.
* Antiquated and unused software update code removed for precautionary reasons.
* Compiler warnings removed through removing use of deprecated functions on some platforms.
* Other minor bug fixes.
----
# 1.14
## 2024-10-23 -- Version 1.14.2
* Fix for missing entitlement on macOS Sequoia.
* Fix for a problem correctly parsing local.conf to enable low bandwidth mode.
* Increment versions of some dependent libraries.
* Other fixes.
# 2024-09-12 -- Version 1.14.1
## 2024-09-12 -- Version 1.14.1
* Multithreaded packet I/O support! Currently this is just for Linux and must
be enabled in local.conf. It will likely make the largest difference on small
@ -24,7 +52,7 @@ ZeroTier Release Notes
to network controllers when networks are joined so it can be displayed to
network admins and in the future used in policy checking and inventory operations.
# 2024-05-02 -- Version 1.14.0
## 2024-05-02 -- Version 1.14.0
* Linux I/O performance improvements under heavy load
* Improvements to multipath
@ -33,18 +61,22 @@ ZeroTier Release Notes
* Controller API enhancements: node names and other node meta-data
* Other bug fixes
# 2023-09-12 -- Version 1.12.2
----
# 1.12 and Older
## 2023-09-12 -- Version 1.12.2
* More improvements to macOS full tunnel mode.
* Faster recovery after changes to physical network settings.
# 2023-08-25 -- Version 1.12.1
## 2023-08-25 -- Version 1.12.1
* Minor release to fix a port binding issue in Linux.
* Update Debian dependencies.
* No changes for other platforms.
# 2023-08-23 -- Version 1.12.0
## 2023-08-23 -- Version 1.12.0
* Experimental Windows ARM64 support
* Fix numerous sleep/wake issues on macOS and other platforms
@ -54,17 +86,17 @@ ZeroTier Release Notes
* Numerous macOS DNS fixes
* 10-30% speed improvement on Linux
# 2023-03-23 -- Version 1.10.6
## 2023-03-23 -- Version 1.10.6
* Prevent binding temporary ipv6 addresses on macos (#1910)
* Prevent path-learning loops (#1914)
* Prevent infinite loop of UAC prompts in tray app
# 2023-03-10 -- Version 1.10.5
## 2023-03-10 -- Version 1.10.5
* Fix for high CPU usage bug on Windows
# 2023-03-07 -- Version 1.10.4
## 2023-03-07 -- Version 1.10.4
* SECURITY FIX (Windows): this version fixes a file permission problem on
Windows that could allow non-privileged users on a Windows system to read
@ -73,11 +105,10 @@ ZeroTier Release Notes
instance without appropriate local permissions. This issue is not remotely
exploitable unless a remote user can read arbitrary local files, and does
not impact other operating systems.
* Fix a bug in the handling of multiple IP address assignments to virtual
interfaces on macOS.
# 2023-02-15 -- Version 1.10.3
## 2023-02-15 -- Version 1.10.3
* Fix for duplicate paths in client. Could cause connectivity issues. Affects all platforms.
* Fix for Ethernet Tap MTU setting, would not properly apply on Linux.
@ -89,7 +120,7 @@ ZeroTier Release Notes
* Fix bug that prevented setting of custom TCP relay address.
* Build script improvements and bug fixes.
# 2022-11-01 -- Version 1.10.2
## 2022-11-01 -- Version 1.10.2
* Fix another SSO "stuck client" issue in zeroidc.
* Expose root-reported external IP/port information via the local JSON API for better diagnostics.
@ -100,12 +131,12 @@ ZeroTier Release Notes
Note that releases are coming few and far between because most of our dev effort is going into version 2.
# 2022-06-27 -- Version 1.10.1
## 2022-06-27 -- Version 1.10.1
* Fix an issue that could cause SSO clients to get "stuck" on stale auth URLs.
* A few other SSO related bug fixes.
# 2022-06-07 -- Version 1.10.0
## 2022-06-07 -- Version 1.10.0
* Fix formatting problem in `zerotier-cli` when using SSO networks.
* Fix a few other minor bugs in SSO signin to prepare for general availability.
@ -114,11 +145,11 @@ Note that releases are coming few and far between because most of our dev effort
* Use system default browser for SSO login so all your plugins, MFA devices, password managers, etc. will work as you have them configured.
* Minor fix for bonding/multipath.
# 2022-05-10 -- Version 1.8.10
## 2022-05-10 -- Version 1.8.10
* Fixed a bug preventing SSO sign-on on Windows.
# 2022-04-25 -- Version 1.8.9
## 2022-04-25 -- Version 1.8.9
* Fixed a long-standing and strange bug that was causing sporadic "phantom" packet authentication failures. Not a security problem but could be behind sporadic reports of link failures under some conditions.
* Fixed a memory leak in SSO/OIDC support.
@ -127,26 +158,26 @@ Note that releases are coming few and far between because most of our dev effort
* Fixed a deadlock bug on leaving SSO/OIDC managed networks.
* Added some new Linux distributions to the build subsystem.
# 2022-04-11 -- Version 1.8.8
## 2022-04-11 -- Version 1.8.8
* Fix a local privilege escalation bug in the Windows installer.
* Dependency fix for some Ubuntu versions.
* No changes for other platforms. Windows upgrade recommended, everyone else optional.
# 2022-03-30 -- Version 1.8.7
## 2022-03-30 -- Version 1.8.7
* Fix for dependency installations in Windows MSI package.
* Fix for desktop UI setup when run by a non-super-user.
* Bug fix in local OIDC / SSO support for auth0 and other providers.
* Other minor fixes for e.g. old Linux distributions.
# 2022-03-04 -- Version 1.8.6
## 2022-03-04 -- Version 1.8.6
* Fixed an issue that could cause the UI to be non-responsive if not joined to any networks.
* Fix dependency issues in Debian and RedHat packages for some distributions (Fedora, Mint).
* Bumped the peer cache serialization version to prevent "coma" issues on upgrade due to changes in path logic behaving badly with old values.
# 2022-02-22 -- Version 1.8.5
## 2022-02-22 -- Version 1.8.5
* Plumbing under the hood for endpoint device SSO support.
* Fix in LinuxEthernetTap to tap device support on very old (2.6) Linux kernels.
@ -154,7 +185,7 @@ Note that releases are coming few and far between because most of our dev effort
* Merge a series of changes by Joseph Henry (of ZeroTier) that should fix some edge cases where ZeroTier would "forget" valid paths.
* Minor multipath improvements for automatic path negotiation.
# 2021-11-30 -- Version 1.8.4
## 2021-11-30 -- Version 1.8.4
* Fixed an ugly font problem on some older macOS versions.
* Fixed a bug that could cause the desktop tray app control panel to stop opening after a while on Windows.
@ -162,7 +193,7 @@ Note that releases are coming few and far between because most of our dev effort
* Fixed installation on 32-bit Windows 10.
* Fixed a build flags issue that could cause ZeroTier to crash on older ARM32 CPUs.
# 2021-11-15 -- Version 1.8.3
## 2021-11-15 -- Version 1.8.3
* Remove problematic spinlock, which was only used on x86_64 anyway. Just use pthread always.
* Fix fd leak on MacOS that caused non-responsiveness after some time.
@ -170,14 +201,14 @@ Note that releases are coming few and far between because most of our dev effort
* Fix regression that could prevent managed routes from being deleted.
* DesktopUI: Remove NSDate:now() call, now works on MacOS 10.13 or newer!
# 2021-11-08 -- Version 1.8.2
## 2021-11-08 -- Version 1.8.2
* Fix multicast on linux.
* Fix a bug that could cause the tap adapter to have the wrong MAC on Linux.
* Update build flags to possibly support MacOS older than 10.14, but more work needs to be done. It may not work yet.
* Fix path variable setting on Windows.
# 2021-10-28 -- Version 1.8.1
## 2021-10-28 -- Version 1.8.1
* Fix numerous UI issues from 1.8.0 (never fully released).
* Remove support for REALLY ancient 1.1.6 or earlier network controllers.
@ -187,7 +218,7 @@ Note that releases are coming few and far between because most of our dev effort
* NOTE: Windows 7 is no longer supported! Windows 7 users will have to use version 1.6.5 or earlier.
# 2021-09-15 -- Version 1.8.0 (preview release only)
## 2021-09-15 -- Version 1.8.0 (preview release only)
* A *completely* rewritten desktop UI for Mac and Windows!
* Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
@ -198,32 +229,32 @@ Note that releases are coming few and far between because most of our dev effort
* Check if DNS servers need to be applied on macOS
* Upgrade json.hpp dependency to version 3.10.2
# 2021-09-21 -- Version 1.6.6
## 2021-09-21 -- Version 1.6.6
* Backport COM hash check mitigation against network member impersonation.
# 2021-04-13 -- Version 1.6.5
## 2021-04-13 -- Version 1.6.5
* Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects.
* Fix a printf overflow in zerotier-cli (not exploitable or a security risk)
* Windows now looks up the name of ZeroTier devices instead of relying on them having "ZeroTier" in them.
# 2021-02-15 -- Version 1.6.4
## 2021-02-15 -- Version 1.6.4
* The groundhog saw his shadow, which meant that the "connection coma" bug still wasn't gone. We think we found it this time.
# 2021-02-02 -- Version 1.6.3
## 2021-02-02 -- Version 1.6.3
* Likely fix for GitHub issue #1334, an issue that could cause ZeroTier to
go into a "coma" on some networks.
* Also groundhog day
# 2020-11-30 -- Version 1.6.2
## 2020-11-30 -- Version 1.6.2
* Fix an ARM hardware AES crypto issue (not an exploitable vulnerability).
* Fix a Linux network leave hang due to a mutex deadlock.
# 2020-11-24 -- Version 1.6.1
## 2020-11-24 -- Version 1.6.1
This release fixes some minor bugs and other issues in 1.6.0.
@ -233,7 +264,7 @@ This release fixes some minor bugs and other issues in 1.6.0.
* Merged CLI options for controlling bonded devices into the beta multipath code.
* Updated Windows driver with Microsoft cross-signing to fix issues on some Windows systems.
# 2020-11-19 -- Version 1.6.0
## 2020-11-19 -- Version 1.6.0
Version 1.6.0 is a major release that incorporates back-ported features from the 2.0 branch, which is still under development. It also fixes a number of issues.
@ -274,7 +305,7 @@ Known issues that are not yet fixed in this beta:
We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
# 2019-08-30 -- Version 1.4.6
## 2019-08-30 -- Version 1.4.6
* Update default root list to latest
* ARM32 platform build and flag fixes
@ -283,19 +314,19 @@ We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
* Windows service now looks for service command line arguments
* Fixed a bug that could cause excessive queued multicasts
# 2019-08-23 -- Version 1.4.4
## 2019-08-23 -- Version 1.4.4
* Change license from GPL3 to BSL 1.1, see LICENSE.txt
* Fix an issue with the "ipauth" rule and auto-generated unforgeable IPv6 addresses
* Fix socket/bind errors setting IPs and routes on Linux
# 2019-08-12 -- Version 1.4.2
## 2019-08-12 -- Version 1.4.2
* Fix high CPU use bug on some platforms
* Fix issues with PostgreSQL controller DB (only affects Central)
* Restore backward compatibility with MacOS versions prior to 10.13
# 2019-07-29 -- Version 1.4.0
## 2019-07-29 -- Version 1.4.0
### Major Changes
@ -313,20 +344,20 @@ We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
* Fixed numerous other small issues and bugs such as ARM alignment issues causing crashes on some devices.
* Windows now sets the adapter name such that it is consistent in both the Windows UI and command line utilities.
# 2018-07-27 -- Version 1.2.12
## 2018-07-27 -- Version 1.2.12
* Fixed a bug that caused exits to take a long time on Mac due to huge numbers of redundant attempts to delete managed routes.
* Fixed a socket limit problem on Windows that caused the ZeroTier service to run out of sockets, causing the UI and CLI to be unable to access the API.
* Fixed a threading bug in the ZeroTier Core, albeit one that never manifested on the regular ZeroTier One service/client.
* Fixed a bug that could cause the service to crash if an authorized local client accessed an invalid URL via the control API. (Not exploitable since you needed admin access anyway.)
# 2018-05-08 -- Version 1.2.10
## 2018-05-08 -- Version 1.2.10
* Fix bug loading `moons.d/` files for federated root operation.
* Fix compile problem with ZT_DEBUG on some versions of `clang`
* Fix slow network startup bug related to loading of `networks.d/` cache files
# 2018-04-27 -- Version 1.2.8
## 2018-04-27 -- Version 1.2.8
* Linux version once again builds with PIE (position independent executable) flags
* Fixed bug in zerotier-idtool file sign and verify
@ -334,7 +365,7 @@ We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
* Merged alpha NetBSD support (mostly untested, so YMMV)
* Merged several minor typo and one-liner bug fixes
# 2018-04-17 -- Version 1.2.6
## 2018-04-17 -- Version 1.2.6
* Features and Core Improvements
* Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
@ -369,7 +400,7 @@ We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
* Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
* IPv6 can be disabled in UI for cases where it causes problems.
# 2017-04-20 -- Version 1.2.4
## 2017-04-20 -- Version 1.2.4
* Managed routes are now only bifurcated for the default route. This is a change in behavior, though few people will probably notice. Bifurcating all managed routes was causing more trouble than it was worth for most users.
* Up to 2X crypto speedup on x86-64 (except Windows, which will take some porting) and 32-bit ARM platforms due to integration of fast assembly language implementations of Salsa20/12 from the [supercop](http://bench.cr.yp.to/supercop.html) code base. These were written by Daniel J. Bernstein and are in the public domain. My MacBook Pro (Core i5 2.8ghz) now does almost 1.5GiB/sec Salsa20/12 per core and a Raspberry Pi got a 2X boost. 64-bit ARM support and Windows support will take some work but should not be too hard.
@ -379,128 +410,12 @@ We're trying to fix all these issues before the 1.6.0 release. Stay tuned.
* Fixed an issue causing build problems on some MIPS architecture systems.
* Fixed Windows forgetting routes on sleep/wake or in some other circumstances. (GitHub issue #465)
# 2017-03-17 -- Version 1.2.2
## 2017-03-17 -- Version 1.2.2
* A bug causing unreliable multicast propagation (GitHub issue #461).
* A crash in ARM binaries due to a build chain and flags problem.
* A bug in the network controller preventing members from being listed (GitHub issue #460).
# 2017-03-14 -- Version 1.2.0
## 2017-03-14 -- Version 1.2.0
Version 1.2.0 is a major milestone release representing almost nine months of work. It includes our rules engine for distributed network packet filtering and security monitoring, federated roots, and many other architectural and UI improvements and bug fixes.
## New Features in 1.2.0
### The ZeroTier Rules Engine
The largest new feature in 1.2.0, and the product of many months of work, is our advanced network rules engine. With this release we achieve traffic control, security monitoring, and micro-segmentation capability on par with many enterprise SDN solutions designed for use in advanced data centers and corporate networks.
Rules allow you to filter packets on your network and vector traffic to security observers. Security observation can be performed in-band using REDIRECT or out of band using TEE.
Tags and capabilities provide advanced methods for implementing fine grained permission structures and micro-segmentation schemes without bloating the size and complexity of your rules table.
See the [rules engine announcement blog post](https://www.zerotier.com/blog/?p=927) for an in-depth discussion of theory and implementation. The [manual](https://www.zerotier.com/manual.shtml) contains detailed information on rule, tag, and capability use, and the `rule-compiler/` subfolder of the ZeroTier source tree contains a JavaScript function to compile rules in our human-readable rule definition language into rules suitable for import into a network controller. (ZeroTier Central uses this same script to compile rules on [my.zerotier.com](https://my.zerotier.com/).)
### Root Server Federation
It's now possible to create your own root servers and add them to the root server pool on your nodes. This is done by creating what's called a "moon," which is a signed enumeration of root servers and their stable points on the network. Refer to the [manual](https://www.zerotier.com/manual.shtml) for instructions.
Federated roots achieve a number of things:
* You can deploy your own infrastructure to reduce dependency on ours.
* You can deploy roots *inside your LAN* to ensure that network connectivity inside your facility still works if the Internet goes down. This is the first step toward making ZeroTier viable as an in-house SDN solution.
* Roots can be deployed inside national boundaries for countries with data residency laws or "great firewalls." (As of 1.2.0 there is still no way to force all traffic to use these roots, but that will be easy to do in a later version.)
* Last but not least this makes ZeroTier somewhat less centralized by eliminating any hard dependency on ZeroTier, Inc.'s infrastructure.
Our roots will of course remain and continue to provide zero-configuration instant-on deployment, a secure global authority for identities, and free traffic relaying for those who can't establish peer to peer connections.
### Local Configuration
An element of our design philosophy is "features are bugs." This isn't an absolute dogma but more of a guiding principle. We try as hard as we can to avoid adding features, especially "knobs" that must be tweaked by a user.
As of 1.2.0 we've decided that certain knobs are unavoidable, and so there is now a `local.conf` file that can be used to configure them. See the ZeroTier One documentation for these. They include:
* Blacklisting interfaces you want to make sure ZeroTier doesn't use for network traffic, such as VPNs, slow links, or backplanes designated for only certain kinds of traffic.
* Turning uPnP/NAT-PMP on or off.
* Configuring software updates on Windows and Mac platforms.
* Defining trusted paths (the old trusted paths file is now deprecated)
* Setting the ZeroTier main port so it doesn't have to be changed on the command line, which is very inconvenient in many cases.
### Improved In-Band Software Updates
A good software update system for Windows and Mac clients has been a missing feature in previous versions. It does exist but we've been shy about using it so far due to its fragility in some environments.
We've greatly improved this mechanism in 1.2.0. Not only does it now do a better job of actually invoking the update, but it also transfers updates in-band using the ZeroTier protocol. This means it can work in environments that do not allows http/https traffic or that force it through proxies. There's also now an update channel setting: `beta` or `release` (the default).
Software updates are authenticated three ways:
1. ZeroTier's own signing key is used to sign all updates and this signature is checked prior to installation. ZeroTier, Inc.'s signatures are performed on an air-gapped machine.
2. Updates for Mac and Windows are signed using Apple and Microsoft (DigiCert EV) keys and will not install unless these signatures are also valid.
3. The new in-band update mechanism also authenticates the source of the update via ZeroTier's built-in security features. This provides transport security, while 1 and 2 provide security of the update at rest.
Updates are now configurable via `local.conf`. There are three options: `disable`, `download`, and `apply`. The third (apply) is the default for official builds on Windows and Mac, making updates happen silently and automatically as they do for popular browsers like Chrome and Firefox. Updates are disabled by default on Linux and other Unix-type systems as these are typically updated through package managers.
### Path Link Quality Awareness
Version 1.2.0 is now aware of the link quality of direct paths with other 1.2.0 nodes. This information isn't used yet but is visible through the JSON API. (Quality always shows as 100% with pre-1.2.0 nodes.) Quality is measured passively with no additional overhead using a counter based packet loss detection algorithm.
This information is visible from the command line via `listpeers`:
200 listpeers XXXXXXXXXX 199.XXX.XXX.XXX/9993;10574;15250;1.00 48 1.2.0 LEAF
200 listpeers XXXXXXXXXX 195.XXX.XXX.XXX/45584;467;7608;0.44 290 1.2.0 LEAF
The first peer's path is at 100% (1.00), while the second peer's path is suffering quite a bit of packet loss (0.44).
Link quality awareness is a precursor to intelligent multi-path and QoS support, which will in future versions bring us to feature parity with SD-WAN products like Cisco iWAN.
### Security Improvements
Version 1.2.0 adds anti-DOS (denial of service) rate limits and other hardening for improved resiliency against a number of denial of service attack scenarios.
It also adds a mechanism for instantaneous credential revocation. This can be used to revoke certificates of membership instantly to kick a node off a network (for private networks) and also to revoke capabilities and tags. The new controller sends revocations by default when a peer is de-authorized.
Revocations propagate using a "rumor mill" peer to peer algorithm. This means that a controller need only successfully send a revocation to at least one member of a network with connections to other active members. At this point the revocation will flood through the network peer to peer very quickly. This helps make revocations more robust in the face of poor connectivity with the controller or attempts to incapacitate the controller with denial of service attacks, as well as making revocations faster on huge networks.
### Windows and Macintosh UI Improvements (ZeroTier One)
The Mac has a whole new UI built natively in Objective-C. It provides a pulldown similar in appearance and operation to the Mac WiFi task bar menu.
The Windows UI has also been improved and now provides a task bar icon that can be right-clicked to manage networks. Both now expose managed route and IP permissions, allowing nodes to easily opt in to full tunnel operation if you have a router configured on your network.
### Ad-Hoc Networks
A special kind of public network called an ad-hoc network may be accessed by joining a network ID with the format:
ffSSSSEEEE000000
| | | |
| | | Reserved for future use, must be 0
| | End of port range (hex)
| Start of port range (hex)
Reserved ZeroTier address prefix indicating a controller-less network
Ad-hoc networks are public (no access control) networks that have no network controller. Instead their configuration and other credentials are generated locally. Ad-hoc networks permit only IPv6 UDP and TCP unicast traffic (no multicast or broadcast) using 6plane format NDP-emulated IPv6 addresses. In addition an ad-hoc network ID encodes an IP port range. UDP packets and TCP SYN (connection open) packets are only allowed to destination ports within the encoded range.
For example `ff00160016000000` is an ad-hoc network allowing only SSH, while `ff0000ffff000000` is an ad-hoc network allowing any UDP or TCP port.
Keep in mind that these networks are public and anyone in the entire world can join them. Care must be taken to avoid exposing vulnerable services or sharing unwanted files or other resources.
### Network Controller (Partial) Rewrite
The network controller has been largely rewritten to use a simple in-filesystem JSON data store in place of SQLite, and it is now included by default in all Windows, Mac, Linux, and BSD builds. This means any desktop or server node running ZeroTier One can now be a controller with no recompilation needed.
If you have data in an old SQLite3 controller we've included a NodeJS script in `controller/migrate-sqlite` to migrate data to the new format. If you don't migrate, members will start getting `NOT_FOUND` when they attempt to query for updates.
## Major Bug Fixes in 1.2.0
* **The Windows HyperV 100% CPU bug is FINALLY DEAD**: This long-running problem turns out to have been an issue with Windows itself, but one we were triggering by placing invalid data into the Windows registry. Microsoft is aware of the issue but we've also fixed the triggering problem on our side. ZeroTier should now co-exist quite well with HyperV and should now be able to be bridged with a HyperV virtual switch.
* **Segmentation faults on musl-libc based Linux systems**: Alpine Linux and some embedded Linux systems that use musl libc (a minimal libc) experienced segmentation faults. These were due to a smaller default stack size. A work-around that sets the stack size for new threads has been added.
* **Windows firewall blocks local JSON API**: On some Windows systems the firewall likes to block 127.0.0.1:9993 for mysterious reasons. This is now fixed in the installer via the addition of another firewall exemption rule.
* **UI crash on embedded Windows due to missing fonts**: The MSI installer now ships fonts and will install them if they are not present, so this should be fixed.
## Other Improvements in 1.2.0
* **Improved dead path detection**: ZeroTier is now more aggressive about expiring paths that do not seem to be active. If a path seems marginal it is re-confirmed before re-use.
* **Minor performance improvements**: We've reduced unnecessary memcpy's and made a few other performance improvements in the core.
* **Linux static binaries**: For our official packages (the ones in the download.zerotier.com apt and yum repositories) we now build Linux binaries with static linking. Hopefully this will stop all the bug reports relating to library inconsistencies, as well as allowing our deb packages to run on a wider variety of Debian-based distributions. (There are far too many of these to support officially!) The overhead for this is very small, especially since we built our static versions against musl-libc. Distribution maintainers are of course free to build dynamically linked versions for inclusion into distributions; this only affects our official binaries.

7
SECURITY.md
View file

@ -1,6 +1,6 @@
# Security
ZeroTier takes the security of our software products and services seriously, which
ZeroTier takes the security of our software products and services seriously, which
includes all source code repositories managed through our GitHub organization.
## Supported Versions
@ -9,8 +9,9 @@ The following versions of ZeroTier One receive security updates
| Version | Supported |
| -------- | ------------------ |
| 1.16.x | :white_check_mark: |
| 1.14.x | :white_check_mark: |
| 1.12.x | :white_check_mark: |
| 1.12.x | :x: |
| < 1.12.0 | :x: |
## Reporting a Vulnerability
@ -20,7 +21,7 @@ The following versions of ZeroTier One receive security updates
Instead, please report vulnerabilities via email to security@zerotier.com. If possible,
please encrypt with our PGP key (see below).
Please include the following information, or as much as you can provide to help us
Please include the following information, or as much as you can provide to help us
understand the nature and scope of the issue:
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)

7
attic/world/README.md
View file

@ -1,7 +0,0 @@
World Definitions and Generator Code
======
This little bit of code is used to generate world updates. Ordinary users probably will never need this unless they want to test or experiment.
See mkworld.cpp for documentation. To build from this directory use 'source ./build.sh'.

3
attic/world/build.sh
View file

@ -1,3 +0,0 @@
#!/bin/bash
c++ -std=c++11 -I../.. -I../../ext -I.. -g -o mkworld ../../node/C25519.cpp ../../node/Salsa20.cpp ../../node/SHA512.cpp ../../node/Identity.cpp ../../node/Utils.cpp ../../node/InetAddress.cpp ../../osdep/OSUtils.cpp mkworld.cpp -lm

173
attic/world/mkworld.cpp
View file

@ -1,173 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* This utility makes the World from the configuration specified below.
* It probably won't be much use to anyone outside ZeroTier, Inc. except
* for testing and experimentation purposes.
*
* If you want to make your own World you must edit this file.
*
* When run, it expects two files in the current directory:
*
* previous.c25519 - key pair to sign this world (key from previous world)
* current.c25519 - key pair whose public key should be embedded in this world
*
* If these files do not exist, they are both created with the same key pair
* and a self-signed initial World is born.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <string>
#include <vector>
#include <algorithm>
#include <node/Constants.hpp>
#include <node/World.hpp>
#include <node/ECC.hpp>
#include <node/Identity.hpp>
#include <node/InetAddress.hpp>
#include <osdep/OSUtils.hpp>
using namespace ZeroTier;
int main(int argc,char **argv)
{
std::string previous,current;
if ((!OSUtils::readFile("previous.c25519",previous))||(!OSUtils::readFile("current.c25519",current))) {
ECC::Pair np(ECC::generate());
previous = std::string();
previous.append((const char *)np.pub.data,ZT_C25519_PUBLIC_KEY_LEN);
previous.append((const char *)np.priv.data,ZT_C25519_PRIVATE_KEY_LEN);
current = previous;
OSUtils::writeFile("previous.c25519",previous);
OSUtils::writeFile("current.c25519",current);
fprintf(stderr,"INFO: created initial world keys: previous.c25519 and current.c25519 (both initially the same)" ZT_EOL_S);
}
if ((previous.length() != (ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_PRIVATE_KEY_LEN))||(current.length() != (ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_PRIVATE_KEY_LEN))) {
fprintf(stderr,"FATAL: previous.c25519 or current.c25519 empty or invalid" ZT_EOL_S);
return 1;
}
ECC::Pair previousKP;
memcpy(previousKP.pub.data,previous.data(),ZT_C25519_PUBLIC_KEY_LEN);
memcpy(previousKP.priv.data,previous.data() + ZT_C25519_PUBLIC_KEY_LEN,ZT_C25519_PRIVATE_KEY_LEN);
ECC::Pair currentKP;
memcpy(currentKP.pub.data,current.data(),ZT_C25519_PUBLIC_KEY_LEN);
memcpy(currentKP.priv.data,current.data() + ZT_C25519_PUBLIC_KEY_LEN,ZT_C25519_PRIVATE_KEY_LEN);
// =========================================================================
// EDIT BELOW HERE
std::vector<World::Root> roots;
const uint64_t id = ZT_WORLD_ID_EARTH;
const uint64_t ts = 1567191349589ULL; // August 30th, 2019
// Los Angeles
roots.push_back(World::Root());
roots.back().identity = Identity("3a46f1bf30:0:76e66fab33e28549a62ee2064d1843273c2c300ba45c3f20bef02dbad225723bb59a9bb4b13535730961aeecf5a163ace477cceb0727025b99ac14a5166a09a3");
roots.back().stableEndpoints.push_back(InetAddress("185.180.13.82/9993"));
roots.back().stableEndpoints.push_back(InetAddress("2a02:6ea0:c815::/9993"));
// Miami
roots.push_back(World::Root());
roots.back().identity = Identity("de8950a8b2:0:1b3ada8251b91b6b6fa6535b8c7e2460918f4f729abdec97d3c7f3796868fb02f0de0b0ee554b2d59fc3524743eebfcf5315e790ed6d92db5bd10c28c09b40ef");
roots.back().stableEndpoints.push_back(InetAddress("207.246.73.245/443"));
roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:9002:5cb:ec4:7aff:fe8f:69d9/443"));
// Tokyo
roots.push_back(World::Root());
roots.back().identity = Identity("34e0a5e174:0:93efb50934788f856d5cfb9ca5be88e85b40965586b75befac900df77352c145a1ba7007569d37c77bfe52c0999f3bdc67a47a4a6000b720a883ce47aa2fb7f8");
roots.back().stableEndpoints.push_back(InetAddress("147.75.92.2/443"));
roots.back().stableEndpoints.push_back(InetAddress("2604:1380:3000:7100::1/443"));
// Amsterdam
roots.push_back(World::Root());
roots.back().identity = Identity("992fcf1db7:0:206ed59350b31916f749a1f85dffb3a8787dcbf83b8c6e9448d4e3ea0e3369301be716c3609344a9d1533850fb4460c50af43322bcfc8e13d3301a1f1003ceb6");
roots.back().stableEndpoints.push_back(InetAddress("195.181.173.159/443"));
roots.back().stableEndpoints.push_back(InetAddress("2a02:6ea0:c024::/443"));
// Alice
//roots.push_back(World::Root());
//roots.back().identity = Identity("9d219039f3:0:01f0922a98e3b34ebcbff333269dc265d7a020aab69d72be4d4acc9c8c9294785771256cd1d942a90d1bd1d2dca3ea84ef7d85afe6611fb43ff0b74126d90a6e");
//roots.back().stableEndpoints.push_back(InetAddress("188.166.94.177/9993")); // Amsterdam
//roots.back().stableEndpoints.push_back(InetAddress("2a03:b0c0:2:d0::7d:1/9993")); // Amsterdam
//roots.back().stableEndpoints.push_back(InetAddress("154.66.197.33/9993")); // Johannesburg
//roots.back().stableEndpoints.push_back(InetAddress("2c0f:f850:154:197::33/9993")); // Johannesburg
//roots.back().stableEndpoints.push_back(InetAddress("159.203.97.171/9993")); // New York
//roots.back().stableEndpoints.push_back(InetAddress("2604:a880:800:a1::54:6001/9993")); // New York
//roots.back().stableEndpoints.push_back(InetAddress("131.255.6.16/9993")); // Buenos Aires
//roots.back().stableEndpoints.push_back(InetAddress("2803:eb80:0:e::2/9993")); // Buenos Aires
//roots.back().stableEndpoints.push_back(InetAddress("107.170.197.14/9993")); // San Francisco
//roots.back().stableEndpoints.push_back(InetAddress("2604:a880:1:20::200:e001/9993")); // San Francisco
//roots.back().stableEndpoints.push_back(InetAddress("128.199.197.217/9993")); // Singapore
//roots.back().stableEndpoints.push_back(InetAddress("2400:6180:0:d0::b7:4001/9993")); // Singapore
// Bob
//roots.push_back(World::Root());
//roots.back().identity = Identity("8841408a2e:0:bb1d31f2c323e264e9e64172c1a74f77899555ed10751cd56e86405cde118d02dffe555d462ccf6a85b5631c12350c8d5dc409ba10b9025d0f445cf449d92b1c");
//roots.back().stableEndpoints.push_back(InetAddress("45.32.198.130/9993")); // Dallas
//roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:6400:81c3:5400:00ff:fe18:1d61/9993")); // Dallas
//roots.back().stableEndpoints.push_back(InetAddress("46.101.160.249/9993")); // Frankfurt
//roots.back().stableEndpoints.push_back(InetAddress("2a03:b0c0:3:d0::6a:3001/9993")); // Frankfurt
//roots.back().stableEndpoints.push_back(InetAddress("107.191.46.210/9993")); // Paris
//roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:6800:83a4::64/9993")); // Paris
//roots.back().stableEndpoints.push_back(InetAddress("45.32.246.179/9993")); // Sydney
//roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:5800:8bf8:5400:ff:fe15:b39a/9993")); // Sydney
//roots.back().stableEndpoints.push_back(InetAddress("45.32.248.87/9993")); // Tokyo
//roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:7000:9bc9:5400:00ff:fe15:c4f5/9993")); // Tokyo
//roots.back().stableEndpoints.push_back(InetAddress("159.203.2.154/9993")); // Toronto
//roots.back().stableEndpoints.push_back(InetAddress("2604:a880:cad:d0::26:7001/9993")); // Toronto
// END WORLD DEFINITION
// =========================================================================
fprintf(stderr,"INFO: generating and signing id==%llu ts==%llu" ZT_EOL_S,(unsigned long long)id,(unsigned long long)ts);
World nw = World::make(World::TYPE_PLANET,id,ts,currentKP.pub,roots,previousKP);
Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> outtmp;
nw.serialize(outtmp,false);
World testw;
testw.deserialize(outtmp,0);
if (testw != nw) {
fprintf(stderr,"FATAL: serialization test failed!" ZT_EOL_S);
return 1;
}
OSUtils::writeFile("world.bin",std::string((const char *)outtmp.data(),outtmp.size()));
fprintf(stderr,"INFO: world.bin written with %u bytes of binary world data." ZT_EOL_S,outtmp.size());
fprintf(stdout,ZT_EOL_S);
fprintf(stdout,"#define ZT_DEFAULT_WORLD_LENGTH %u" ZT_EOL_S,outtmp.size());
fprintf(stdout,"static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {");
for(unsigned int i=0;i<outtmp.size();++i) {
const unsigned char *d = (const unsigned char *)outtmp.data();
if (i > 0)
fprintf(stdout,",");
fprintf(stdout,"0x%.2x",(unsigned int)d[i]);
}
fprintf(stdout,"};" ZT_EOL_S);
return 0;
}

BIN
attic/world/world.bin
View file

Binary file not shown.

3
attic/world/world.c
View file

@ -1,3 +0,0 @@
#define ZT_DEFAULT_WORLD_LENGTH 732
static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x6b,0xd4,0x16,0x08,0xc1,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x16,0x93,0xf4,0xe5,0xbd,0x20,0xda,0x10,0xad,0xc7,0x05,0xf4,0x99,0xfe,0x04,0x08,0x9b,0xe0,0x9e,0x77,0x1d,0x9f,0x47,0x16,0xaa,0x92,0x4f,0x10,0x16,0x3d,0xc7,0xec,0xd3,0x90,0x9e,0xd1,0x74,0xfc,0xb3,0xb5,0x07,0x9c,0x4d,0x95,0xc5,0x17,0x8b,0x3d,0x0b,0x60,0x76,0xe8,0x51,0xbb,0xb6,0x3d,0x74,0xb5,0x21,0x83,0x7b,0x95,0x1d,0x02,0x9b,0xcd,0xaf,0x5c,0x3e,0x96,0xdf,0x37,0x2c,0x56,0x6d,0xfa,0x75,0x0f,0xda,0x55,0x85,0x13,0xf4,0x76,0x1a,0x66,0x4d,0x3b,0x8d,0xcf,0x12,0xc9,0x34,0xb9,0x0d,0x61,0x03,0x3a,0x46,0xf1,0xbf,0x30,0x00,0x76,0xe6,0x6f,0xab,0x33,0xe2,0x85,0x49,0xa6,0x2e,0xe2,0x06,0x4d,0x18,0x43,0x27,0x3c,0x2c,0x30,0x0b,0xa4,0x5c,0x3f,0x20,0xbe,0xf0,0x2d,0xba,0xd2,0x25,0x72,0x3b,0xb5,0x9a,0x9b,0xb4,0xb1,0x35,0x35,0x73,0x09,0x61,0xae,0xec,0xf5,0xa1,0x63,0xac,0xe4,0x77,0xcc,0xeb,0x07,0x27,0x02,0x5b,0x99,0xac,0x14,0xa5,0x16,0x6a,0x09,0xa3,0x00,0x02,0x04,0xb9,0xb4,0x0d,0x52,0x27,0x09,0x06,0x2a,0x02,0x6e,0xa0,0xc8,0x15,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x27,0x09,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x7d,0x00,0x01,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x33,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x54,0x60,0x01,0x27,0x09,0x04,0x83,0xff,0x06,0x10,0x27,0x09,0x06,0x28,0x03,0xeb,0x80,0x00,0x00,0x00,0x0e,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x02,0x00,0xe0,0x01,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0xb7,0x40,0x01,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x6a,0x30,0x01,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x26,0x70,0x01,0x27,0x09};

447
controller/LFDB.cpp
View file

@ -1,447 +0,0 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
*/
/****/
#include "LFDB.hpp"
#ifdef CMAKE_BUILD
#include "httplib.h"
#else
#include "../ext/cpp-httplib/httplib.h"
#endif
#include "../osdep/OSUtils.hpp"
#include <chrono>
#include <iostream>
#include <sstream>
#include <thread>
namespace ZeroTier {
LFDB::LFDB(const Identity& myId, const char* path, const char* lfOwnerPrivate, const char* lfOwnerPublic, const char* lfNodeHost, int lfNodePort, bool storeOnlineState)
: DB()
, _myId(myId)
, _lfOwnerPrivate((lfOwnerPrivate) ? lfOwnerPrivate : "")
, _lfOwnerPublic((lfOwnerPublic) ? lfOwnerPublic : "")
, _lfNodeHost((lfNodeHost) ? lfNodeHost : "127.0.0.1")
, _lfNodePort(((lfNodePort > 0) && (lfNodePort < 65536)) ? lfNodePort : 9980)
, _running(true)
, _ready(false)
, _storeOnlineState(storeOnlineState)
{
_syncThread = std::thread([this]() {
char controllerAddress[24];
const uint64_t controllerAddressInt = _myId.address().toInt();
_myId.address().toString(controllerAddress);
std::string networksSelectorName("com.zerotier.controller.lfdb:");
networksSelectorName.append(controllerAddress);
networksSelectorName.append("/network");
// LF record masking key is the first 32 bytes of SHA512(controller private key) in hex,
// hiding record values from anything but the controller or someone who has its key.
uint8_t sha512pk[64];
_myId.sha512PrivateKey(sha512pk);
char maskingKey[128];
Utils::hex(sha512pk, 32, maskingKey);
httplib::Client htcli(_lfNodeHost.c_str(), _lfNodePort);
int64_t timeRangeStart = 0;
while (_running.load()) {
{
std::lock_guard<std::mutex> sl(_state_l);
for (auto ns = _state.begin(); ns != _state.end(); ++ns) {
if (ns->second.dirty) {
nlohmann::json network;
if (get(ns->first, network)) {
nlohmann::json newrec, selector0;
selector0["Name"] = networksSelectorName;
selector0["Ordinal"] = ns->first;
newrec["Selectors"].push_back(selector0);
newrec["Value"] = network.dump();
newrec["OwnerPrivate"] = _lfOwnerPrivate;
newrec["MaskingKey"] = maskingKey;
newrec["PulseIfUnchanged"] = true;
try {
auto resp = htcli.Post("/makerecord", newrec.dump(), "application/json");
if (resp) {
if (resp->status == 200) {
ns->second.dirty = false;
// printf("SET network %.16llx %s\n",ns->first,resp->body.c_str());
}
else {
fprintf(stderr, "ERROR: LFDB: %d from node (create/update network): %s" ZT_EOL_S, resp->status, resp->body.c_str());
}
}
else {
fprintf(stderr, "ERROR: LFDB: node is offline" ZT_EOL_S);
}
}
catch (std::exception& e) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update network): %s" ZT_EOL_S, e.what());
}
catch (...) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update network): unknown exception" ZT_EOL_S);
}
}
}
for (auto ms = ns->second.members.begin(); ms != ns->second.members.end(); ++ms) {
if ((_storeOnlineState) && (ms->second.lastOnlineDirty) && (ms->second.lastOnlineAddress)) {
nlohmann::json newrec, selector0, selector1, selectors, ip;
char tmp[1024], tmp2[128];
OSUtils::ztsnprintf(tmp, sizeof(tmp), "com.zerotier.controller.lfdb:%s/network/%.16llx/online", controllerAddress, (unsigned long long)ns->first);
ms->second.lastOnlineAddress.toIpString(tmp2);
selector0["Name"] = tmp;
selector0["Ordinal"] = ms->first;
selector1["Name"] = tmp2;
selector1["Ordinal"] = 0;
selectors.push_back(selector0);
selectors.push_back(selector1);
newrec["Selectors"] = selectors;
const uint8_t* const rawip = (const uint8_t*)ms->second.lastOnlineAddress.rawIpData();
switch (ms->second.lastOnlineAddress.ss_family) {
case AF_INET:
for (int j = 0; j < 4; ++j)
ip.push_back((unsigned int)rawip[j]);
break;
case AF_INET6:
for (int j = 0; j < 16; ++j)
ip.push_back((unsigned int)rawip[j]);
break;
default:
ip = tmp2; // should never happen since only IP transport is currently supported
break;
}
newrec["Value"] = ip;
newrec["OwnerPrivate"] = _lfOwnerPrivate;
newrec["MaskingKey"] = maskingKey;
newrec["Timestamp"] = ms->second.lastOnlineTime;
newrec["PulseIfUnchanged"] = true;
try {
auto resp = htcli.Post("/makerecord", newrec.dump(), "application/json");
if (resp) {
if (resp->status == 200) {
ms->second.lastOnlineDirty = false;
// printf("SET member online %.16llx %.10llx %s\n",ns->first,ms->first,resp->body.c_str());
}
else {
fprintf(stderr, "ERROR: LFDB: %d from node (create/update member online status): %s" ZT_EOL_S, resp->status, resp->body.c_str());
}
}
else {
fprintf(stderr, "ERROR: LFDB: node is offline" ZT_EOL_S);
}
}
catch (std::exception& e) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update member online status): %s" ZT_EOL_S, e.what());
}
catch (...) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update member online status): unknown exception" ZT_EOL_S);
}
}
if (ms->second.dirty) {
nlohmann::json network, member;
if (get(ns->first, network, ms->first, member)) {
nlohmann::json newrec, selector0, selector1, selectors;
selector0["Name"] = networksSelectorName;
selector0["Ordinal"] = ns->first;
selector1["Name"] = "member";
selector1["Ordinal"] = ms->first;
selectors.push_back(selector0);
selectors.push_back(selector1);
newrec["Selectors"] = selectors;
newrec["Value"] = member.dump();
newrec["OwnerPrivate"] = _lfOwnerPrivate;
newrec["MaskingKey"] = maskingKey;
newrec["PulseIfUnchanged"] = true;
try {
auto resp = htcli.Post("/makerecord", newrec.dump(), "application/json");
if (resp) {
if (resp->status == 200) {
ms->second.dirty = false;
// printf("SET member %.16llx %.10llx %s\n",ns->first,ms->first,resp->body.c_str());
}
else {
fprintf(stderr, "ERROR: LFDB: %d from node (create/update member): %s" ZT_EOL_S, resp->status, resp->body.c_str());
}
}
else {
fprintf(stderr, "ERROR: LFDB: node is offline" ZT_EOL_S);
}
}
catch (std::exception& e) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update member): %s" ZT_EOL_S, e.what());
}
catch (...) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (create/update member): unknown exception" ZT_EOL_S);
}
}
}
}
}
}
try {
std::ostringstream query;
query << "{"
"\"Ranges\":[{"
"\"Name\":\""
<< networksSelectorName
<< "\","
"\"Range\":[0,18446744073709551615]"
"}],"
"\"TimeRange\":["
<< timeRangeStart
<< ",9223372036854775807],"
"\"MaskingKey\":\""
<< maskingKey
<< "\","
"\"Owners\":[\""
<< _lfOwnerPublic
<< "\"]"
"}";
auto resp = htcli.Post("/query", query.str(), "application/json");
if (resp) {
if (resp->status == 200) {
nlohmann::json results(OSUtils::jsonParse(resp->body));
if ((results.is_array()) && (! results.empty())) {
for (std::size_t ri = 0; ri < results.size(); ++ri) {
nlohmann::json& rset = results[ri];
if ((rset.is_array()) && (! rset.empty())) {
nlohmann::json& result = rset[0];
if (result.is_object()) {
nlohmann::json& record = result["Record"];
if (record.is_object()) {
const std::string recordValue = result["Value"];
// printf("GET network %s\n",recordValue.c_str());
nlohmann::json network(OSUtils::jsonParse(recordValue));
if (network.is_object()) {
const std::string idstr = network["id"];
const uint64_t id = Utils::hexStrToU64(idstr.c_str());
if ((id >> 24) == controllerAddressInt) { // sanity check
nlohmann::json oldNetwork;
if ((timeRangeStart > 0) && (get(id, oldNetwork))) {
const uint64_t revision = network["revision"];
const uint64_t prevRevision = oldNetwork["revision"];
if (prevRevision < revision) {
_networkChanged(oldNetwork, network, timeRangeStart > 0);
}
}
else {
nlohmann::json nullJson;
_networkChanged(nullJson, network, timeRangeStart > 0);
}
}
}
}
}
}
}
}
}
else {
fprintf(stderr, "ERROR: LFDB: %d from node (check for network updates): %s" ZT_EOL_S, resp->status, resp->body.c_str());
}
}
else {
fprintf(stderr, "ERROR: LFDB: node is offline" ZT_EOL_S);
}
}
catch (std::exception& e) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (check for network updates): %s" ZT_EOL_S, e.what());
}
catch (...) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (check for network updates): unknown exception" ZT_EOL_S);
}
try {
std::ostringstream query;
query << "{"
"\"Ranges\":[{"
"\"Name\":\""
<< networksSelectorName
<< "\","
"\"Range\":[0,18446744073709551615]"
"},{"
"\"Name\":\"member\","
"\"Range\":[0,18446744073709551615]"
"}],"
"\"TimeRange\":["
<< timeRangeStart
<< ",9223372036854775807],"
"\"MaskingKey\":\""
<< maskingKey
<< "\","
"\"Owners\":[\""
<< _lfOwnerPublic
<< "\"]"
"}";
auto resp = htcli.Post("/query", query.str(), "application/json");
if (resp) {
if (resp->status == 200) {
nlohmann::json results(OSUtils::jsonParse(resp->body));
if ((results.is_array()) && (! results.empty())) {
for (std::size_t ri = 0; ri < results.size(); ++ri) {
nlohmann::json& rset = results[ri];
if ((rset.is_array()) && (! rset.empty())) {
nlohmann::json& result = rset[0];
if (result.is_object()) {
nlohmann::json& record = result["Record"];
if (record.is_object()) {
const std::string recordValue = result["Value"];
// printf("GET member %s\n",recordValue.c_str());
nlohmann::json member(OSUtils::jsonParse(recordValue));
if (member.is_object()) {
const std::string nwidstr = member["nwid"];
const std::string idstr = member["id"];
const uint64_t nwid = Utils::hexStrToU64(nwidstr.c_str());
const uint64_t id = Utils::hexStrToU64(idstr.c_str());
if ((id) && ((nwid >> 24) == controllerAddressInt)) { // sanity check
nlohmann::json network, oldMember;
if ((timeRangeStart > 0) && (get(nwid, network, id, oldMember))) {
const uint64_t revision = member["revision"];
const uint64_t prevRevision = oldMember["revision"];
if (prevRevision < revision)
_memberChanged(oldMember, member, timeRangeStart > 0);
}
else if (hasNetwork(nwid)) {
nlohmann::json nullJson;
_memberChanged(nullJson, member, timeRangeStart > 0);
}
}
}
}
}
}
}
}
}
else {
fprintf(stderr, "ERROR: LFDB: %d from node (check for member updates): %s" ZT_EOL_S, resp->status, resp->body.c_str());
}
}
else {
fprintf(stderr, "ERROR: LFDB: node is offline" ZT_EOL_S);
}
}
catch (std::exception& e) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (check for member updates): %s" ZT_EOL_S, e.what());
}
catch (...) {
fprintf(stderr, "ERROR: LFDB: unexpected exception querying node (check for member updates): unknown exception" ZT_EOL_S);
}
timeRangeStart = time(nullptr) - 120; // start next query 2m before now to avoid losing updates
_ready.store(true);
for (int k = 0; k < 4; ++k) { // 2s delay between queries for remotely modified networks or members
if (! _running.load())
return;
std::this_thread::sleep_for(std::chrono::milliseconds(500));
}
}
});
}
LFDB::~LFDB()
{
_running.store(false);
_syncThread.join();
}
bool LFDB::waitForReady()
{
while (! _ready.load()) {
std::this_thread::sleep_for(std::chrono::milliseconds(500));
}
return true;
}
bool LFDB::isReady()
{
return (_ready.load());
}
bool LFDB::save(nlohmann::json& record, bool notifyListeners)
{
bool modified = false;
const std::string objtype = record["objtype"];
if (objtype == "network") {
const uint64_t nwid = OSUtils::jsonIntHex(record["id"], 0ULL);
if (nwid) {
nlohmann::json old;
get(nwid, old);
if ((! old.is_object()) || (! _compareRecords(old, record))) {
record["revision"] = OSUtils::jsonInt(record["revision"], 0ULL) + 1ULL;
_networkChanged(old, record, notifyListeners);
{
std::lock_guard<std::mutex> l(_state_l);
_state[nwid].dirty = true;
}
modified = true;
}
}
}
else if (objtype == "member") {
const uint64_t nwid = OSUtils::jsonIntHex(record["nwid"], 0ULL);
const uint64_t id = OSUtils::jsonIntHex(record["id"], 0ULL);
if ((id) && (nwid)) {
nlohmann::json network, old;
get(nwid, network, id, old);
if ((! old.is_object()) || (! _compareRecords(old, record))) {
record["revision"] = OSUtils::jsonInt(record["revision"], 0ULL) + 1ULL;
_memberChanged(old, record, notifyListeners);
{
std::lock_guard<std::mutex> l(_state_l);
_state[nwid].members[id].dirty = true;
}
modified = true;
}
}
}
return modified;
}
void LFDB::eraseNetwork(const uint64_t networkId)
{
// TODO
}
void LFDB::eraseMember(const uint64_t networkId, const uint64_t memberId)
{
// TODO
}
void LFDB::nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress& physicalAddress, const char* osArch)
{
std::lock_guard<std::mutex> l(_state_l);
auto nw = _state.find(networkId);
if (nw != _state.end()) {
auto m = nw->second.members.find(memberId);
if (m != nw->second.members.end()) {
m->second.lastOnlineTime = OSUtils::now();
if (physicalAddress)
m->second.lastOnlineAddress = physicalAddress;
m->second.lastOnlineDirty = true;
}
}
}
void LFDB::nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress& physicalAddress)
{
this->nodeIsOnline(networkId, memberId, physicalAddress, "unknown/unknown");
}
} // namespace ZeroTier

85
controller/LFDB.hpp
View file

@ -1,85 +0,0 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
*/
/****/
#ifndef ZT_CONTROLLER_LFDB_HPP
#define ZT_CONTROLLER_LFDB_HPP
#include "DB.hpp"
#include <atomic>
#include <mutex>
#include <string>
#include <unordered_map>
namespace ZeroTier {
/**
* DB implementation for controller that stores data in LF
*/
class LFDB : public DB {
public:
/**
* @param myId This controller's identity
* @param path Base path for ZeroTier node itself
* @param lfOwnerPrivate LF owner private in PEM format
* @param lfOwnerPublic LF owner public in @base62 format
* @param lfNodeHost LF node host
* @param lfNodePort LF node http (not https) port
* @param storeOnlineState If true, store online/offline state and IP info in LF (a lot of data, only for private networks!)
*/
LFDB(const Identity& myId, const char* path, const char* lfOwnerPrivate, const char* lfOwnerPublic, const char* lfNodeHost, int lfNodePort, bool storeOnlineState);
virtual ~LFDB();
virtual bool waitForReady();
virtual bool isReady();
virtual bool save(nlohmann::json& record, bool notifyListeners);
virtual void eraseNetwork(const uint64_t networkId);
virtual void eraseMember(const uint64_t networkId, const uint64_t memberId);
virtual void nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress& physicalAddress);
virtual void nodeIsOnline(const uint64_t networkId, const uint64_t memberId, const InetAddress& physicalAddress, const char* osArch);
protected:
const Identity _myId;
std::string _lfOwnerPrivate, _lfOwnerPublic;
std::string _lfNodeHost;
int _lfNodePort;
struct _MemberState {
_MemberState() : lastOnlineAddress(), lastOnlineTime(0), dirty(false), lastOnlineDirty(false)
{
}
InetAddress lastOnlineAddress;
int64_t lastOnlineTime;
bool dirty;
bool lastOnlineDirty;
};
struct _NetworkState {
_NetworkState() : members(), dirty(false)
{
}
std::unordered_map<uint64_t, _MemberState> members;
bool dirty;
};
std::unordered_map<uint64_t, _NetworkState> _state;
std::mutex _state_l;
std::atomic_bool _running;
std::atomic_bool _ready;
std::thread _syncThread;
bool _storeOnlineState;
};
} // namespace ZeroTier
#endif

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
zerotier-one (1.16.0) unstable; urgency=medium
* See RELEASE-NOTES.md for release notes.
-- Adam Ierymenko <adam.ierymenko@zerotier.com> Thu, 21 Aug 2025 01:00:00 -0700
zerotier-one (1.14.2) unstable; urgency=medium
* See RELEASE-NOTES.md for release notes.

182
ext/installfiles/mac/ZeroTier One.pkgproj
View file

@ -1,14 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PACKAGES</key>
<array>
<dict>
<key>MUST-CLOSE-APPLICATION-ITEMS</key>
<array/>
<array />
<key>MUST-CLOSE-APPLICATIONS</key>
<false/>
<false />
<key>PACKAGE_FILES</key>
<dict>
<key>DEFAULT_INSTALL_LOCATION</key>
@ -22,7 +23,7 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>80</integer>
<key>PATH</key>
@ -38,7 +39,7 @@
</dict>
<dict>
<key>BUNDLE_CAN_DOWNGRADE</key>
<false/>
<false />
<key>BUNDLE_POSTINSTALL_PATH</key>
<dict>
<key>PATH_TYPE</key>
@ -50,7 +51,7 @@
<integer>0</integer>
</dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>80</integer>
<key>PATH</key>
@ -92,7 +93,7 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -108,7 +109,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -124,7 +125,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>80</integer>
<key>PATH</key>
@ -140,7 +141,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -156,7 +157,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -214,7 +215,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -230,7 +231,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -246,7 +247,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -262,7 +263,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -278,7 +279,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -294,7 +295,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -310,7 +311,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -329,7 +330,7 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -359,7 +360,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -375,7 +376,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -391,7 +392,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>80</integer>
<key>PATH</key>
@ -407,7 +408,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -423,7 +424,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -439,7 +440,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -455,7 +456,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -471,7 +472,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -487,7 +488,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -503,7 +504,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -519,7 +520,7 @@
</dict>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -555,7 +556,7 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -602,7 +603,7 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
@ -647,13 +648,13 @@
<key>PAYLOAD_TYPE</key>
<integer>0</integer>
<key>PRESERVE_EXTENDED_ATTRIBUTES</key>
<false/>
<false />
<key>SHOW_INVISIBLE</key>
<false/>
<false />
<key>SPLIT_FORKS</key>
<true/>
<true />
<key>TREAT_MISSING_FILES_AS_WARNING</key>
<false/>
<false />
<key>VERSION</key>
<integer>5</integer>
</dict>
@ -674,7 +675,7 @@
<integer>1</integer>
</dict>
<key>RESOURCES</key>
<array/>
<array />
</dict>
<key>PACKAGE_SETTINGS</key>
<dict>
@ -683,7 +684,7 @@
<key>CONCLUSION_ACTION</key>
<integer>0</integer>
<key>FOLLOW_SYMBOLIC_LINKS</key>
<false/>
<false />
<key>IDENTIFIER</key>
<string>com.zerotier.pkg.ZeroTierOne</string>
<key>LOCATION</key>
@ -691,17 +692,17 @@
<key>NAME</key>
<string>ZeroTier One</string>
<key>OVERWRITE_PERMISSIONS</key>
<false/>
<false />
<key>PAYLOAD_SIZE</key>
<integer>-1</integer>
<key>REFERENCE_PATH</key>
<string></string>
<string />
<key>RELOCATABLE</key>
<false/>
<false />
<key>USE_HFS+_COMPRESSION</key>
<false/>
<false />
<key>VERSION</key>
<string>1.14.2</string>
<string>1.16.0</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@ -753,12 +754,12 @@
<key>APPAREANCES</key>
<dict>
<key>DARK_AQUA</key>
<dict/>
<dict />
<key>LIGHT_AQUA</key>
<dict/>
<dict />
</dict>
<key>SHARED_SETTINGS_FOR_ALL_APPAREANCES</key>
<true/>
<true />
</dict>
<key>INSTALLATION TYPE</key>
<dict>
@ -770,20 +771,20 @@
<array>
<dict>
<key>CHILDREN</key>
<array/>
<array />
<key>DESCRIPTION</key>
<array/>
<array />
<key>OPTIONS</key>
<dict>
<key>HIDDEN</key>
<false/>
<false />
<key>STATE</key>
<integer>1</integer>
</dict>
<key>PACKAGE_UUID</key>
<string>1B6AFC3A-9EA5-4401-83D4-37F06CD13CD6</string>
<key>TITLE</key>
<array/>
<array />
<key>TYPE</key>
<integer>0</integer>
<key>UUID</key>
@ -791,7 +792,7 @@
</dict>
</array>
<key>REMOVED</key>
<dict/>
<dict />
</dict>
</dict>
<key>MODE</key>
@ -859,24 +860,24 @@
<key>INTRODUCTION</key>
<dict>
<key>LOCALIZATIONS</key>
<array/>
<array />
</dict>
<key>LICENSE</key>
<dict>
<key>LOCALIZATIONS</key>
<array/>
<array />
<key>MODE</key>
<integer>0</integer>
</dict>
<key>README</key>
<dict>
<key>LOCALIZATIONS</key>
<array/>
<array />
</dict>
<key>TITLE</key>
<dict>
<key>LOCALIZATIONS</key>
<array/>
<array />
</dict>
</dict>
<key>PROJECT_REQUIREMENTS</key>
@ -900,17 +901,17 @@
<key>IDENTIFIER</key>
<string>fr.whitebox.Packages.requirement.os</string>
<key>MESSAGE</key>
<array/>
<array />
<key>NAME</key>
<string>Operating System</string>
<key>STATE</key>
<true/>
<true />
</dict>
</array>
<key>RESOURCES</key>
<array/>
<array />
<key>ROOT_VOLUME_ONLY</key>
<false/>
<false />
</dict>
<key>PROJECT_SETTINGS</key>
<dict>
@ -937,7 +938,7 @@
<array>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.DS_Store</string>
<key>TYPE</key>
@ -945,20 +946,20 @@
</dict>
</array>
<key>PROTECTED</key>
<true/>
<true />
<key>PROXY_NAME</key>
<string>Remove .DS_Store files</string>
<key>PROXY_TOOLTIP</key>
<string>Remove ".DS_Store" files created by the Finder.</string>
<key>STATE</key>
<true/>
<true />
</dict>
<dict>
<key>PATTERNS_ARRAY</key>
<array>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.pbdevelopment</string>
<key>TYPE</key>
@ -966,20 +967,21 @@
</dict>
</array>
<key>PROTECTED</key>
<true/>
<true />
<key>PROXY_NAME</key>
<string>Remove .pbdevelopment files</string>
<key>PROXY_TOOLTIP</key>
<string>Remove ".pbdevelopment" files created by ProjectBuilder or Xcode.</string>
<string
>Remove ".pbdevelopment" files created by ProjectBuilder or Xcode.</string>
<key>STATE</key>
<true/>
<true />
</dict>
<dict>
<key>PATTERNS_ARRAY</key>
<array>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>CVS</string>
<key>TYPE</key>
@ -987,7 +989,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.cvsignore</string>
<key>TYPE</key>
@ -995,7 +997,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.cvspass</string>
<key>TYPE</key>
@ -1003,7 +1005,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.svn</string>
<key>TYPE</key>
@ -1011,7 +1013,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.git</string>
<key>TYPE</key>
@ -1019,7 +1021,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>.gitignore</string>
<key>TYPE</key>
@ -1027,20 +1029,21 @@
</dict>
</array>
<key>PROTECTED</key>
<true/>
<true />
<key>PROXY_NAME</key>
<string>Remove SCM metadata</string>
<key>PROXY_TOOLTIP</key>
<string>Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems.</string>
<string
>Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems.</string>
<key>STATE</key>
<false/>
<false />
</dict>
<dict>
<key>PATTERNS_ARRAY</key>
<array>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>classes.nib</string>
<key>TYPE</key>
@ -1048,7 +1051,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>designable.db</string>
<key>TYPE</key>
@ -1056,7 +1059,7 @@
</dict>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>info.nib</string>
<key>TYPE</key>
@ -1064,20 +1067,21 @@
</dict>
</array>
<key>PROTECTED</key>
<true/>
<true />
<key>PROXY_NAME</key>
<string>Optimize nib files</string>
<key>PROXY_TOOLTIP</key>
<string>Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles.</string>
<string
>Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles.</string>
<key>STATE</key>
<false/>
<false />
</dict>
<dict>
<key>PATTERNS_ARRAY</key>
<array>
<dict>
<key>REGULAR_EXPRESSION</key>
<false/>
<false />
<key>STRING</key>
<string>Resources Disabled</string>
<key>TYPE</key>
@ -1085,31 +1089,31 @@
</dict>
</array>
<key>PROTECTED</key>
<true/>
<true />
<key>PROXY_NAME</key>
<string>Remove Resources Disabled folders</string>
<key>PROXY_TOOLTIP</key>
<string>Remove "Resources Disabled" folders.</string>
<key>STATE</key>
<false/>
<false />
</dict>
<dict>
<key>SEPARATOR</key>
<true/>
<true />
</dict>
</array>
<key>NAME</key>
<string>ZeroTier One</string>
<key>PAYLOAD_ONLY</key>
<false/>
<false />
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
<false/>
<false />
</dict>
</dict>
<key>SHARED_GLOBAL_DATA</key>
<dict>
<key>IC_REQUIREMENT_JAVASCRIPT_SHARED_SOURCE_CODE</key>
<string></string>
<string />
</dict>
<key>TYPE</key>
<integer>0</integer>

12
ext/installfiles/windows/ZeroTier One.aip
View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DOCUMENT Type="Advanced Installer" CreateVersion="10.9" version="22.8" Modules="enterprise" RootPath="." Language="en" Id="{DC564647-6BF0-4550-87F4-89C938D0159C}">
<DOCUMENT Type="Advanced Installer" CreateVersion="10.9" version="22.9.1" Modules="enterprise" RootPath="." Language="en" Id="{DC564647-6BF0-4550-87F4-89C938D0159C}">
<COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
<ROW Property="AI_BITMAP_DISPLAY_MODE" Value="0"/>
<ROW Property="AI_EXTERNALUIUNINSTALLERNAME" MultiBuildValue="DefaultBuild:aiui"/>
@ -21,10 +21,10 @@
<ROW Property="AiFeatIcoZeroTierOne" Value="ZeroTierIcon.exe" Type="8"/>
<ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
<ROW Property="Manufacturer" Value="ZeroTier, Inc."/>
<ROW Property="ProductCode" Value="1033:{0143A36C-46C6-458D-AB9B-C8843E089323} " Type="16"/>
<ROW Property="ProductCode" Value="1033:{C74EC20B-386F-439B-9665-AE5FD40EC62F} " Type="16"/>
<ROW Property="ProductLanguage" Value="1033"/>
<ROW Property="ProductName" Value="ZeroTier One"/>
<ROW Property="ProductVersion" Value="1.14.2" Options="32"/>
<ROW Property="ProductVersion" Value="1.16.0" Options="32"/>
<ROW Property="REBOOT" MultiBuildValue="DefaultBuild:ReallySuppress"/>
<ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND;AI_SETUPEXEPATH;SETUPEXEDIR"/>
<ROW Property="UpgradeCode" Value="{B0E2A5F3-88B6-4E77-B922-CB4739B4C4C8}"/>
@ -62,7 +62,7 @@
<ROW Directory="regid.201001.com.zerotier_Dir" Directory_Parent="CommonAppDataFolder" DefaultDir="REGID2~1.ZER|regid.2010-01.com.zerotier" DirectoryOptions="12"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
<ROW Component="AI_CustomARPName" ComponentId="{DFE7A60C-C2B9-41F6-9171-8955BA30E556}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
<ROW Component="AI_CustomARPName" ComponentId="{A3752E9B-9B23-4433-B186-24C3C5C4BC4A}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
<ROW Component="AI_DisableModify" ComponentId="{46FFA8C5-A0CB-4E05-9AD3-911D543DE8CA}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
<ROW Component="AI_ExePath" ComponentId="{8E02B36C-7A19-429B-A93E-77A9261AC918}" Directory_="APPDIR" Attributes="4" KeyPath="AI_ExePath"/>
<ROW Component="APPDIR" ComponentId="{4DD7907D-D7FE-4CD6-B1A0-B5C1625F5133}" Directory_="APPDIR" Attributes="0"/>
@ -515,10 +515,10 @@
<ROW XmlAttribute="xsischemaLocation" XmlElement="swidsoftware_identification_tag" Name="xsi:schemaLocation" Flags="14" Order="3" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd software_identification_tag.xsd"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
<ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="2" UpdateIndexInParent="0"/>
<ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="0" UpdateIndexInParent="0"/>
<ROW XmlElement="swidentitlement_required_indicator" ParentElement="swidsoftware_identification_tag" Name="swid:entitlement_required_indicator" Condition="1" Order="0" Flags="14" Text="false" UpdateIndexInParent="0"/>
<ROW XmlElement="swidmajor" ParentElement="swidnumeric" Name="swid:major" Condition="1" Order="0" Flags="14" Text="1" UpdateIndexInParent="0"/>
<ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="14" UpdateIndexInParent="0"/>
<ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="16" UpdateIndexInParent="0"/>
<ROW XmlElement="swidname" ParentElement="swidproduct_version" Name="swid:name" Condition="1" Order="0" Flags="14" Text="[ProductVersion]" UpdateIndexInParent="0"/>
<ROW XmlElement="swidname_1" ParentElement="swidsoftware_creator" Name="swid:name" Condition="1" Order="0" Flags="14" Text="ZeroTier, Inc." UpdateIndexInParent="0"/>
<ROW XmlElement="swidname_2" ParentElement="swidsoftware_licensor" Name="swid:name" Condition="1" Order="0" Flags="14" Text="ZeroTier, Inc." UpdateIndexInParent="0"/>

35
include/ZeroTierDebug.h
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
/**
* @file
@ -29,20 +24,20 @@
#include <string.h>
#define ZT_MSG_INFO true
#define ZT_COLOR true
#define ZT_COLOR true
// Debug output colors
#if defined(__APPLE__)
#include "TargetConditionals.h"
#endif
#if defined(ZT_COLOR) && ! defined(_WIN32) && ! defined(__ANDROID__) && ! defined(TARGET_OS_IPHONE) && ! defined(TARGET_IPHONE_SIMULATOR) && ! defined(__APP_FRAMEWORK__)
#define ZT_RED "\x1B[31m"
#define ZT_GRN "\x1B[32m"
#define ZT_YEL "\x1B[33m"
#define ZT_BLU "\x1B[34m"
#define ZT_MAG "\x1B[35m"
#define ZT_CYN "\x1B[36m"
#define ZT_WHT "\x1B[37m"
#define ZT_RED "\x1B[31m"
#define ZT_GRN "\x1B[32m"
#define ZT_YEL "\x1B[33m"
#define ZT_BLU "\x1B[34m"
#define ZT_MAG "\x1B[35m"
#define ZT_CYN "\x1B[36m"
#define ZT_WHT "\x1B[37m"
#define ZT_RESET "\x1B[0m"
#else
#define ZT_RED
@ -90,7 +85,7 @@
#else
#define DEBUG_INFO(fmt, args...)
#endif
#else // blank
#else // blank
#if defined(_WIN32)
#define DEBUG_INFO(...)
#else
@ -98,4 +93,4 @@
#endif
#endif
#endif // _H
#endif // _H

2001
include/ZeroTierOne.h
View file

File diff suppressed because it is too large Load diff

13
make-bsd.mk
View file

@ -1,12 +1,21 @@
# This requires GNU make, which is typically "gmake" on BSD systems
INCLUDES=-isystem ext -Iext/prometheus-cpp-lite-1.0/core/include -Iext/prometheus-cpp-lite-1.0/simpleapi/include
INCLUDES=-isystem ext -Iext/prometheus-cpp-lite-1.0/core/include -Iext/prometheus-cpp-lite-1.0/simpleapi/include -Iext/opentelemetry-cpp-api-only/include
DEFS=
LIBS=
include objects.mk
ONE_OBJS+=osdep/BSDEthernetTap.o ext/http-parser/http_parser.o
ifeq ($(ZT_CONTROLLER),1)
ZT_NONFREE=1
endif
ifeq ($(ZT_NONFREE),1)
include objects-nonfree.mk
ONE_OBJS+=$(CONTROLLER_OBJS)
override DEFS += -DZT_NONFREE_CONTROLLER
endif
ifeq ($(OSTYPE),FreeBSD)
# Auto-detect miniupnpc and nat-pmp as well and use ports libs if present,
# otherwise build into binary as done on Mac and Windows.
@ -181,7 +190,7 @@ selftest: $(CORE_OBJS) $(ONE_OBJS) selftest.o
zerotier-selftest: selftest
clean:
rm -rf *.a *.o node/*.o controller/*.o osdep/*.o service/*.o ext/http-parser/*.o build-* zerotier-one zerotier-idtool zerotier-selftest zerotier-cli $(ONE_OBJS) $(CORE_OBJS)
rm -rf *.a *.o node/*.o nonfree/controller/*.o osdep/*.o service/*.o ext/http-parser/*.o build-* zerotier-one zerotier-idtool zerotier-selftest zerotier-cli $(ONE_OBJS) $(CORE_OBJS)
debug: FORCE
$(MAKE) -j ZT_DEBUG=1

20
make-linux.mk
View file

@ -17,6 +17,16 @@ EXTRA_DEPS?=
ZT_CARGO_FLAGS?=
include objects.mk
ifeq ($(ZT_CONTROLLER),1)
ZT_NONFREE=1
endif
ifeq ($(ZT_NONFREE),1)
include objects-nonfree.mk
ONE_OBJS+=$(CONTROLLER_OBJS)
override DEFS += -DZT_NONFREE_CONTROLLER
endif
ifeq ($(ZT_EXTOSDEP),1)
ONE_OBJS+=osdep/ExtOsdep.o
override DEFS += -DZT_EXTOSDEP
@ -57,7 +67,7 @@ ifeq ($(ZT_RULES_ENGINE_DEBUGGING),1)
endif
ifeq ($(ZT_DEBUG_TRACE),1)
DEFS+=-DZT_DEBUG_TRACE
override DEFS+=-DZT_DEBUG_TRACE
endif
# Build with address sanitization library for advanced debugging (clang)
@ -94,10 +104,6 @@ ifeq ($(ZT_SYNOLOGY), 1)
ZT_EMBEDDED=1
endif
ifeq ($(ZT_DISABLE_COMPRESSION), 1)
override DEFS+=-DZT_DISABLE_COMPRESSION
endif
ifeq ($(ZT_TRACE),1)
override DEFS+=-DZT_TRACE
endif
@ -115,7 +121,7 @@ ifeq ($(ZT_VAULT_SUPPORT),1)
override LDLIBS+=-lcurl
endif
# Determine system build architecture from compiler target
# Determine system build architecture from compiler target. This is hairy due to "ARM wrestling."
CC_MACH=$(shell $(CC) -dumpmachine | cut -d '-' -f 1)
ZT_ARCHITECTURE=999
ifeq ($(CC_MACH),x86_64)
@ -441,7 +447,7 @@ endif
ext/${OTEL_INSTALL_DIR}/include/opentelemetry/version.h: otel
clean: FORCE
rm -rf *.a *.so *.o node/*.o controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/miniupnpc/*.o ext/libnatpmp/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-cli zerotier-selftest build-* ZeroTierOneInstaller-* *.deb *.rpm .depend debian/files debian/zerotier-one*.debhelper debian/zerotier-one.substvars debian/*.log debian/zerotier-one doc/node_modules ext/misc/*.o debian/.debhelper debian/debhelper-build-stamp docker/zerotier-one rustybits/target ext/opentelemetry-cpp-${OTEL_VERSION}/localinstall ext/opentelemetry-cpp-${OTEL_VERSION}/build
rm -rf *.a *.so *.o node/*.o nonfree/controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/miniupnpc/*.o ext/libnatpmp/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-cli zerotier-selftest build-* ZeroTierOneInstaller-* *.deb *.rpm .depend debian/files debian/zerotier-one*.debhelper debian/zerotier-one.substvars debian/*.log debian/zerotier-one doc/node_modules ext/misc/*.o debian/.debhelper debian/debhelper-build-stamp docker/zerotier-one rustybits/target ext/opentelemetry-cpp-${OTEL_VERSION}/localinstall ext/opentelemetry-cpp-${OTEL_VERSION}/build
distclean: clean

40
make-mac.mk
View file

@ -5,7 +5,7 @@ TOPDIR=$(shell pwd)
INCLUDES=-I$(shell pwd)/rustybits/target -isystem $(TOPDIR)/ext -I$(TOPDIR)/ext/prometheus-cpp-lite-1.0/core/include -I$(TOPDIR)/ext-prometheus-cpp-lite-1.0/3rdparty/http-client-lite/include -I$(TOPDIR)/ext/prometheus-cpp-lite-1.0/simpleapi/include
DEFS=
LIBS=
ARCH_FLAGS=-arch x86_64 -arch arm64
ARCH_FLAGS=-arch x86_64 -arch arm64
CODESIGN=echo
PRODUCTSIGN=echo
@ -33,9 +33,7 @@ LIBS+=-framework CoreServices -framework SystemConfiguration -framework CoreFoun
EXTRA_CARGO_FLAGS?=
# Official releases are signed with our Apple cert and apply software updates by default
ifeq ($(ZT_OFFICIAL_RELEASE),1)
DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"apply\""
ZT_USE_MINIUPNPC=1
CODESIGN=codesign
PRODUCTSIGN=productsign
@ -44,23 +42,21 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1)
NOTARIZE=xcrun notarytool
NOTARIZE_APPLE_ID="adam.ierymenko@gmail.com"
NOTARIZE_TEAM_ID="8ZD9JUCZ4V"
else
DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"download\""
endif
# Use fast ASM Salsa20/12 for x64 processors
DEFS+=-DZT_USE_X64_ASM_SALSA2012
override DEFS+=-DZT_USE_X64_ASM_SALSA2012
CORE_OBJS+=ext/x64-salsa2012-asm/salsa2012.o
CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++
# Build miniupnpc and nat-pmp as included libraries -- extra defs are required for these sources
DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
override DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
ONE_OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o osdep/PortMapper.o
ifeq ($(ZT_CONTROLLER),1)
MACOS_VERSION_MIN=10.15
override CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++
LIBS+=-L/opt/homebrew/lib -L/usr/local/opt/libpqxx/lib -L/usr/local/opt/libpq/lib -L/usr/local/opt/openssl/lib/ -lpqxx -lpq -lssl -lcrypto -lgssapi_krb5 ext/redis-plus-plus-1.1.1/install/macos/lib/libredis++.a ext/hiredis-0.14.1/lib/macos/libhiredis.a rustybits/target/librustybits.a
DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER
override DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER
INCLUDES+=-I/opt/homebrew/include -I/opt/homebrew/opt/libpq/include -I/usr/local/opt/libpq/include -I/usr/local/opt/libpqxx/include -Iext/hiredis-0.14.1/include/ -Iext/redis-plus-plus-1.1.1/install/macos/include/sw/ -Irustybits/target/
EXTRA_CARGO_FLAGS+=-F ztcontroller
else
@ -69,10 +65,10 @@ endif
# Build with address sanitization library for advanced debugging (clang)
ifeq ($(ZT_SANITIZE),1)
DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
override DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
endif
ifeq ($(ZT_DEBUG_TRACE),1)
DEFS+=-DZT_DEBUG_TRACE
override DEFS+=-DZT_DEBUG_TRACE
endif
# Debug mode -- dump trace output, build binary with -g
ifeq ($(ZT_DEBUG),1)
@ -93,22 +89,22 @@ else
endif
ifeq ($(ZT_TRACE),1)
DEFS+=-DZT_TRACE
override DEFS+=-DZT_TRACE
endif
ifeq ($(ZT_DEBUG),1)
DEFS+=-DZT_DEBUG
override DEFS+=-DZT_DEBUG
endif
ifeq ($(ZT_VAULT_SUPPORT),1)
DEFS+=-DZT_VAULT_SUPPORT=1
override DEFS+=-DZT_VAULT_SUPPORT=1
LIBS+=-lcurl
endif
OTEL_VERSION=1.21.0
ifeq (${ZT_OTEL},1)
OTEL_INSTALL_DIR=ext/opentelemetry-cpp-${OTEL_VERSION}/localinstall
DEFS+=-DZT_OTEL
override DEFS+=-DZT_OTEL
INCLUDES+=-I${OTEL_INSTALL_DIR}/include
LIBS+=-L${OTEL_INSTALL_DIR}/lib -lopentelemetry_exporter_in_memory_metric -lopentelemetry_exporter_in_memory -lopentelemetry_exporter_ostream_logs -lopentelemetry_exporter_ostream_metrics -lopentelemetry_exporter_ostream_span -lopentelemetry_trace -lopentelemetry_common -lopentelemetry_resources -lopentelemetry_logs -lopentelemetry_metrics -lopentelemetry_version
else
@ -126,7 +122,7 @@ mac-agent: FORCE
$(CODESIGN) -f --options=runtime -s $(CODESIGN_APP_CERT) MacEthernetTapAgent
osdep/MacDNSHelper.o: osdep/MacDNSHelper.mm
$(CXX) $(CXXFLAGS) -c osdep/MacDNSHelper.mm -o osdep/MacDNSHelper.o
$(CXX) $(CXXFLAGS) -c osdep/MacDNSHelper.mm -o osdep/MacDNSHelper.o
ifeq ($(ZT_CONTROLLER),1)
one: otel rustybits $(CORE_OBJS) $(ONE_OBJS) one.o mac-agent
@ -163,10 +159,6 @@ libzerotiercore.a: $(CORE_OBJS)
core: libzerotiercore.a
#cli: FORCE
# $(CXX) $(CXXFLAGS) -o zerotier cli/zerotier.cpp osdep/OSUtils.cpp node/InetAddress.cpp node/Utils.cpp node/Salsa20.cpp node/Identity.cpp node/SHA512.cpp node/C25519.cpp -lcurl
# $(STRIP) zerotier
selftest: $(CORE_OBJS) $(ONE_OBJS) selftest.o
$(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(CORE_OBJS) $(ONE_OBJS) $(LIBS) rustybits/target/librustybits.a
$(STRIP) zerotier-selftest
@ -183,8 +175,8 @@ mac-dist-pkg: FORCE
rm -f "ZeroTier One Signed.pkg"
$(PRODUCTSIGN) --sign $(CODESIGN_INSTALLER_CERT) "ZeroTier One.pkg" "ZeroTier One Signed.pkg"
if [ -f "ZeroTier One Signed.pkg" ]; then mv -f "ZeroTier One Signed.pkg" "ZeroTier One.pkg"; fi
rm -f zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_*
cat ext/installfiles/mac-update/updater.tmpl.sh "ZeroTier One.pkg" >zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_$(ZT_VERSION_MAJOR).$(ZT_VERSION_MINOR).$(ZT_VERSION_REV)_$(ZT_VERSION_BUILD).exe
#rm -f zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_*
#cat ext/installfiles/mac-update/updater.tmpl.sh "ZeroTier One.pkg" >zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_$(ZT_VERSION_MAJOR).$(ZT_VERSION_MINOR).$(ZT_VERSION_REV)_$(ZT_VERSION_BUILD).exe
$(NOTARIZE) submit --apple-id "adam.ierymenko@gmail.com" --team-id "8ZD9JUCZ4V" --wait "ZeroTier One.pkg"
echo '*** When Apple notifies that the app is notarized, run: xcrun stapler staple "ZeroTier One.pkg"'
@ -214,13 +206,13 @@ central-controller-docker: _buildx FORCE
centralv2-controller-docker: _buildx FORCE
docker buildx build --platform linux/amd64,linux/arm64 --no-cache -t us-central1-docker.pkg.dev/zerotier-d648c7/central-v2/ztcentral-controller:${TIMESTAMP} -f ext/central-controller-docker/Dockerfile --build-arg git_branch=`git name-rev --name-only HEAD` . --push
@echo Image: us-central1-docker.pkg.dev/zerotier-d648c7/central-v2/ztcentral-controller:${TIMESTAMP}
@echo Image: us-central1-docker.pkg.dev/zerotier-d648c7/central-v2/ztcentral-controller:${TIMESTAMP}
docker-release: _buildx
docker buildx build --platform linux/386,linux/amd64,linux/arm/v7,linux/arm64,linux/mips64le,linux/ppc64le,linux/s390x -t zerotier/zerotier:${RELEASE_DOCKER_TAG} -t zerotier/zerotier:latest --build-arg VERSION=${RELEASE_VERSION} -f Dockerfile.release . --push
clean:
rm -rf MacEthernetTapAgent *.dSYM build-* *.a *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier doc/node_modules zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_* rustybits/target/ ext/opentelemetry-cpp-${OTEL_VERSION}/localinstall ext/opentelemetry-cpp-${OTEL_VERSION}/build
rm -rf MacEthernetTapAgent *.dSYM build-* *.a *.pkg *.dmg *.o node/*.o nonfree/controller/*.o service/*.o osdep/*.o ext/http-parser/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier doc/node_modules zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_* rustybits/target/ ext/opentelemetry-cpp-${OTEL_VERSION}/localinstall ext/opentelemetry-cpp-${OTEL_VERSION}/build
ifeq (${ZT_OTEL},1)
otel:

13
make-netbsd.mk
View file

@ -1,13 +1,22 @@
CC=gcc
CXX=g++
INCLUDES=
INCLUDES=-Iext/opentelemetry-cpp-api-only/include
DEFS=
LIBS=
include objects.mk
OBJS+=osdep/NetBSDEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o
ifeq ($(ZT_CONTROLLER),1)
ZT_NONFREE=1
endif
ifeq ($(ZT_NONFREE),1)
include objects-nonfree.mk
ONE_OBJS+=$(CONTROLLER_OBJS)
override DEFS += -DZT_NONFREE_CONTROLLER
endif
# "make official" is a shortcut for this
ifeq ($(ZT_OFFICIAL_RELEASE),1)
DEFS+=-DZT_OFFICIAL_RELEASE
@ -53,7 +62,7 @@ selftest: $(OBJS) selftest.o
# ./buildinstaller.sh
clean:
rm -rf *.o node/*.o controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o build-* zerotier-one zerotier-idtool zerotier-selftest zerotier-cli ZeroTierOneInstaller-*
rm -rf *.o node/*.o nonfree/controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o build-* zerotier-one zerotier-idtool zerotier-selftest zerotier-cli ZeroTierOneInstaller-*
debug: FORCE
make -j 4 ZT_DEBUG=1

15
node/AES.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "AES.hpp"

16
node/AES.hpp
View file

@ -1,21 +1,15 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_AES_HPP
#define ZT_AES_HPP
#include "Constants.hpp"
#include "SHA512.hpp"
#include "Utils.hpp"
// Uncomment to disable all hardware acceleration (usually for testing)

15
node/AES_aesni.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "AES.hpp"
#include "Constants.hpp"

15
node/AES_armcrypto.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "AES.hpp"
#include "Constants.hpp"

17
node/Address.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_ADDRESS_HPP
#define ZT_ADDRESS_HPP
@ -21,8 +16,6 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <string>
namespace ZeroTier {

17
node/AtomicCounter.hpp
View file

@ -1,21 +1,14 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_ATOMICCOUNTER_HPP
#define ZT_ATOMICCOUNTER_HPP
#include "Constants.hpp"
#ifndef __GNUC__
#include <atomic>
#endif

20
node/Bond.cpp
View file

@ -1,23 +1,19 @@
/*
* Copyright (c)2013-2021 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Bond.hpp"
#include "Constants.hpp"
#include "Node.hpp"
#include "Switch.hpp"
#include <cinttypes> // for PRId64, etc. macros
#include <cmath>
#include <cstdio>
#include <string>
// FIXME: remove this suppression and actually fix warnings
@ -899,7 +895,7 @@ void Bond::sendQOS_MEASUREMENT(void* tPtr, int pathIdx, int64_t localSocket, con
RR->node->putPacket(tPtr, localSocket, atAddress, outp.data(), outp.size());
}
else {
RR->sw->send(tPtr, outp, false);
RR->sw->send(tPtr, outp, false, 0, ZT_QOS_NO_FLOW);
}
Metrics::pkt_qos_out++;
_paths[pathIdx].packetsReceivedSinceLastQoS = 0;

16
node/Bond.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2021 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_BOND_HPP
#define ZT_BOND_HPP
@ -23,7 +18,6 @@
#include <cstdarg>
#include <deque>
#include <list>
#include <map>
/**

18
node/Buffer.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_BUFFER_HPP
#define ZT_BUFFER_HPP
@ -18,11 +13,8 @@
#include "Utils.hpp"
#include <algorithm>
#include <stdexcept>
#include <stdint.h>
#include <string.h>
#include <string>
#include <utility>
#if defined(__GNUC__) && (! defined(ZT_NO_TYPE_PUNNING))
#define ZT_VAR_MAY_ALIAS __attribute__((__may_alias__))

15
node/Capability.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Capability.hpp"

16
node/Capability.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_CAPABILITY_HPP
#define ZT_CAPABILITY_HPP
@ -21,7 +16,6 @@
#include "Credential.hpp"
#include "ECC.hpp"
#include "Identity.hpp"
#include "Utils.hpp"
#include <stdio.h>
#include <stdlib.h>

15
node/CertificateOfMembership.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "CertificateOfMembership.hpp"

15
node/CertificateOfMembership.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_CERTIFICATEOFMEMBERSHIP_HPP
#define ZT_CERTIFICATEOFMEMBERSHIP_HPP

15
node/CertificateOfOwnership.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "CertificateOfOwnership.hpp"

15
node/CertificateOfOwnership.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_CERTIFICATEOFOWNERSHIP_HPP
#define ZT_CERTIFICATEOFOWNERSHIP_HPP

15
node/Constants.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_CONSTANTS_HPP
#define ZT_CONSTANTS_HPP

15
node/Credential.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_CREDENTIAL_HPP
#define ZT_CREDENTIAL_HPP

15
node/DNS.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_DNS_HPP
#define ZT_DNS_HPP

15
node/Dictionary.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_DICTIONARY_HPP
#define ZT_DICTIONARY_HPP

15
node/ECC.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
/*
* This file defines the elliptic curve crypto used for ZeroTier V1. The normal

17
node/Hashtable.hpp
View file

@ -1,23 +1,16 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_HASHTABLE_HPP
#define ZT_HASHTABLE_HPP
#include "Constants.hpp"
#include <algorithm>
#include <stdexcept>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

15
node/Identity.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Identity.hpp"

15
node/Identity.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_IDENTITY_HPP
#define ZT_IDENTITY_HPP

17
node/IncomingPacket.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "IncomingPacket.hpp"
@ -27,8 +22,6 @@
#include "Peer.hpp"
#include "Revocation.hpp"
#include "RuntimeEnvironment.hpp"
#include "SHA512.hpp"
#include "Salsa20.hpp"
#include "SelfAwareness.hpp"
#include "Switch.hpp"
#include "Tag.hpp"

15
node/IncomingPacket.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_INCOMINGPACKET_HPP
#define ZT_INCOMINGPACKET_HPP

16
node/InetAddress.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "InetAddress.hpp"
@ -19,7 +14,6 @@
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <string>
namespace ZeroTier {

15
node/InetAddress.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_INETADDRESS_HPP
#define ZT_INETADDRESS_HPP

15
node/MAC.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_MAC_HPP
#define ZT_MAC_HPP

18
node/Membership.cpp
View file

@ -1,18 +1,14 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Membership.hpp"
#include "Constants.hpp"
#include "Node.hpp"
#include "Packet.hpp"
#include "Peer.hpp"
@ -93,7 +89,7 @@ void Membership::pushCredentials(const RuntimeEnvironment* RR, void* tPtr, const
outp.setAt(cooCountAt, (uint16_t)thisPacketCooCount);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, nconf.networkId, ZT_QOS_NO_FLOW);
Metrics::pkt_network_credentials_out++;
}

15
node/Membership.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_MEMBERSHIP_HPP
#define ZT_MEMBERSHIP_HPP

14
node/Metrics.cpp
View file

@ -1,13 +1,9 @@
/*
* Copyright (c)2013-2023 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
// clang-format off

15
node/Metrics.hpp
View file

@ -1,14 +1,11 @@
/*
* Copyright (c)2013-2023 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
#ifndef METRICS_H_
#define METRICS_H_

15
node/MulticastGroup.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_MULTICASTGROUP_HPP
#define ZT_MULTICASTGROUP_HPP

37
node/Multicaster.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Multicaster.hpp"
@ -186,9 +181,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
outp.append((uint32_t)mg.adi());
outp.append((uint16_t)etherType);
outp.append(data, len);
if (! network->config().disableCompression()) {
outp.compress();
}
outp.compress();
outp.armor(bestMulticastReplicator->key(), true, false, bestMulticastReplicator->aesKeysIfSupported(), bestMulticastReplicator->identity());
Metrics::pkt_multicast_frame_out++;
bestMulticastReplicatorPath->send(RR, tPtr, outp.data(), outp.size(), now);
@ -232,7 +225,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
RR,
now,
network->id(),
network->config().disableCompression(),
false,
limit,
1, // we'll still gather a little from peers to keep multicast list fresh
src,
@ -272,7 +265,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
Address explicitGatherPeers[16];
unsigned int numExplicitGatherPeers = 0;
SharedPtr<Peer> bestRoot(RR->topology->getUpstreamPeer());
SharedPtr<Peer> bestRoot(RR->topology->getUpstreamPeer(network->id()));
if (bestRoot) {
explicitGatherPeers[numExplicitGatherPeers++] = bestRoot->address();
}
@ -300,16 +293,6 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
}
}
std::vector<Address> anchors(network->config().anchors());
for (std::vector<Address>::const_iterator a(anchors.begin()); a != anchors.end(); ++a) {
if (*a != RR->identity.address()) {
explicitGatherPeers[numExplicitGatherPeers++] = *a;
if (numExplicitGatherPeers == 16) {
break;
}
}
}
for (unsigned int k = 0; k < numExplicitGatherPeers; ++k) {
const CertificateOfMembership* com = (network) ? ((network->config().com) ? &(network->config().com) : (const CertificateOfMembership*)0) : (const CertificateOfMembership*)0;
Packet outp(explicitGatherPeers[k], RR->identity.address(), Packet::VERB_MULTICAST_GATHER);
@ -322,7 +305,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
com->serialize(outp);
}
RR->node->expectReplyTo(outp.packetId());
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, network->id(), ZT_QOS_NO_FLOW);
Metrics::pkt_multicast_gather_out++;
}
}
@ -330,7 +313,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
gs.txQueue.push_back(OutboundMulticast());
OutboundMulticast& out = gs.txQueue.back();
out.init(RR, now, network->id(), network->config().disableCompression(), limit, gatherLimit, src, mg, etherType, data, len);
out.init(RR, now, network->id(), false, limit, gatherLimit, src, mg, etherType, data, len);
if (origin) {
out.logAsSent(origin);

15
node/Multicaster.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_MULTICASTER_HPP
#define ZT_MULTICASTER_HPP

16
node/Mutex.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_MUTEX_HPP
#define ZT_MUTEX_HPP
@ -19,7 +14,6 @@
#ifdef __UNIX_LIKE__
#include <pthread.h>
#include <stdint.h>
#include <stdlib.h>
namespace ZeroTier {

60
node/Network.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Network.hpp"
@ -31,7 +26,6 @@
#include "Trace.hpp"
#include <math.h>
#include <set>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -807,8 +801,7 @@ bool Network::filterOutgoingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, ccLength2);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
break;
@ -845,8 +838,7 @@ bool Network::filterOutgoingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, ccLength);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
if ((ztDest != ztFinalDest) && (ztFinalDest)) {
@ -857,8 +849,7 @@ bool Network::filterOutgoingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, frameLen);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
if (_config.remoteTraceTarget) {
RR->t->networkFilter(
@ -984,8 +975,7 @@ int Network::filterIncomingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, ccLength2);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
break;
}
@ -1017,8 +1007,7 @@ int Network::filterIncomingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, ccLength);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
if ((ztDest != ztFinalDest) && (ztFinalDest)) {
@ -1029,8 +1018,7 @@ int Network::filterIncomingPacket(
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData, frameLen);
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
if (_config.remoteTraceTarget) {
RR->t->networkFilter(tPtr, *this, rrl, (c) ? &crrl : (Trace::RuleResultLog*)0, c, sourcePeer->address(), ztDest, macSource, macDest, frameData, frameLen, etherType, vlanId, false, true, 0);
@ -1160,7 +1148,7 @@ uint64_t Network::handleConfigChunk(void* tPtr, const uint64_t packetId, const A
if ((*a != source) && (*a != controller())) {
Packet outp(*a, RR->identity.address(), Packet::VERB_NETWORK_CONFIG);
outp.append(reinterpret_cast<const uint8_t*>(chunk.data()) + start, chunk.size() - start);
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
}
}
@ -1471,7 +1459,7 @@ void Network::requestConfiguration(void* tPtr)
}
outp.compress();
RR->node->expectReplyTo(outp.packetId());
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
bool Network::gate(void* tPtr, const SharedPtr<Peer>& peer)
@ -1628,7 +1616,7 @@ Membership::AddCredentialResult Network::addCredential(void* tPtr, const Address
outp.append((uint16_t)1); // one revocation!
rev.serialize(outp);
outp.append((uint16_t)0); // no certificates of ownership
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
}
}
@ -1758,19 +1746,17 @@ void Network::_sendUpdatesToMembers(void* tPtr, const MulticastGroup* const newM
std::sort(alwaysAnnounceTo.begin(), alwaysAnnounceTo.end());
for (std::vector<Address>::const_iterator a(alwaysAnnounceTo.begin()); a != alwaysAnnounceTo.end(); ++a) {
/*
// push COM to non-members so they can do multicast request auth
if ( (_config.com) && (!_memberships.contains(*a)) && (*a != RR->identity.address()) ) {
Packet outp(*a,RR->identity.address(),Packet::VERB_NETWORK_CREDENTIALS);
if ((_config.com) && (! _memberships.contains(*a)) && (*a != RR->identity.address())) {
Packet outp(*a, RR->identity.address(), Packet::VERB_NETWORK_CREDENTIALS);
_config.com.serialize(outp);
outp.append((uint8_t)0x00);
outp.append((uint16_t)0); // no capabilities
outp.append((uint16_t)0); // no tags
outp.append((uint16_t)0); // no revocations
outp.append((uint16_t)0); // no certificates of ownership
RR->sw->send(tPtr,outp,true);
outp.append((uint16_t)0); // no capabilities
outp.append((uint16_t)0); // no tags
outp.append((uint16_t)0); // no revocations
outp.append((uint16_t)0); // no certificates of ownership
RR->sw->send(tPtr, outp, true, _id, ZT_QOS_NO_FLOW);
}
*/
_announceMulticastGroupsTo(tPtr, *a, groups);
}
}
@ -1798,7 +1784,7 @@ void Network::_announceMulticastGroupsTo(void* tPtr, const Address& peer, const
for (std::vector<MulticastGroup>::const_iterator mg(allMulticastGroups.begin()); mg != allMulticastGroups.end(); ++mg) {
if ((outp->size() + 24) >= ZT_PROTO_MAX_PACKET_LENGTH) {
outp->compress();
RR->sw->send(tPtr, *outp, true);
RR->sw->send(tPtr, *outp, true, _id, ZT_QOS_NO_FLOW);
outp->reset(peer, RR->identity.address(), Packet::VERB_MULTICAST_LIKE);
}
@ -1810,7 +1796,7 @@ void Network::_announceMulticastGroupsTo(void* tPtr, const Address& peer, const
if (outp->size() > ZT_PROTO_MIN_PACKET_LENGTH) {
outp->compress();
RR->sw->send(tPtr, *outp, true);
RR->sw->send(tPtr, *outp, true, _id, ZT_QOS_NO_FLOW);
}
delete outp;

15
node/Network.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_NETWORK_HPP
#define ZT_NETWORK_HPP

65
node/NetworkConfig.cpp
View file

@ -1,23 +1,68 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "NetworkConfig.hpp"
#include "DNS.hpp"
#include <algorithm>
#include <stdint.h>
namespace ZeroTier {
NetworkConfig::NetworkConfig()
: networkId(0)
, timestamp(0)
, credentialTimeMaxDelta(0)
, revision(0)
, issuedTo()
, remoteTraceTarget()
, flags(0)
, remoteTraceLevel(Trace::LEVEL_NORMAL)
, mtu(0)
, multicastLimit(0)
, specialistCount(0)
, routeCount(0)
, staticIpCount(0)
, ruleCount(0)
, capabilityCount(0)
, tagCount(0)
, certificateOfOwnershipCount(0)
, capabilities()
, tags()
, certificatesOfOwnership()
, type(ZT_NETWORK_TYPE_PRIVATE)
, dnsCount(0)
, ssoEnabled(false)
, authenticationURL()
, authenticationExpiryTime(0)
, issuerURL()
, centralAuthURL()
, ssoNonce()
, ssoState()
, ssoClientID()
{
name[0] = 0;
memset(specialists, 0, sizeof(uint64_t) * ZT_MAX_NETWORK_SPECIALISTS);
memset(routes, 0, sizeof(ZT_VirtualNetworkRoute) * ZT_MAX_NETWORK_ROUTES);
memset(staticIps, 0, sizeof(InetAddress) * ZT_MAX_ZT_ASSIGNED_ADDRESSES);
memset(rules, 0, sizeof(ZT_VirtualNetworkRule) * ZT_MAX_NETWORK_RULES);
memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS));
memset(authenticationURL, 0, sizeof(authenticationURL));
memset(issuerURL, 0, sizeof(issuerURL));
memset(centralAuthURL, 0, sizeof(centralAuthURL));
memset(ssoNonce, 0, sizeof(ssoNonce));
memset(ssoState, 0, sizeof(ssoState));
memset(ssoClientID, 0, sizeof(ssoClientID));
strncpy(ssoProvider, "default", sizeof(ssoProvider));
ssoProvider[sizeof(ssoProvider) - 1] = 0;
}
bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY>& d, bool includeLegacy) const
{
Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY>* tmp = new Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY>();

131
node/NetworkConfig.hpp
View file

@ -1,41 +1,27 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_NETWORKCONFIG_HPP
#define ZT_NETWORKCONFIG_HPP
#include "../include/ZeroTierOne.h"
#include "Address.hpp"
#include "Buffer.hpp"
#include "Capability.hpp"
#include "CertificateOfMembership.hpp"
#include "CertificateOfOwnership.hpp"
#include "Constants.hpp"
#include "DNS.hpp"
#include "Dictionary.hpp"
#include "Hashtable.hpp"
#include "Identity.hpp"
#include "InetAddress.hpp"
#include "MulticastGroup.hpp"
#include "Tag.hpp"
#include "Trace.hpp"
#include "Utils.hpp"
#include <algorithm>
#include <stdexcept>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <vector>
/**
@ -69,7 +55,7 @@
#define ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH 0x0000000000000008ULL
/**
* Flag: disable frame compression
* Flag: disable frame compression (unused, now always disabled)
*/
#define ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION 0x0000000000000010ULL
@ -78,16 +64,18 @@
*/
#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE 0x0000020000000000ULL
/**
* Anchors are stable devices on this network that can act like roots when none are up
*/
#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR 0x0000040000000000ULL
/**
* Designated multicast replicators replicate multicast in place of sender-side replication
*
* This is currently not really used.
*/
#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR 0x0000080000000000ULL
/**
* Designated per-network relays
*/
#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_RELAY 0x0000100000000000ULL
namespace ZeroTier {
// Dictionary capacity needed for max size network config
@ -250,51 +238,15 @@ namespace ZeroTier {
*/
class NetworkConfig {
public:
NetworkConfig()
: networkId(0)
, timestamp(0)
, credentialTimeMaxDelta(0)
, revision(0)
, issuedTo()
, remoteTraceTarget()
, flags(0)
, remoteTraceLevel(Trace::LEVEL_NORMAL)
, mtu(0)
, multicastLimit(0)
, specialistCount(0)
, routeCount(0)
, staticIpCount(0)
, ruleCount(0)
, capabilityCount(0)
, tagCount(0)
, certificateOfOwnershipCount(0)
, capabilities()
, tags()
, certificatesOfOwnership()
, type(ZT_NETWORK_TYPE_PRIVATE)
, dnsCount(0)
, ssoEnabled(false)
, authenticationURL()
, authenticationExpiryTime(0)
, issuerURL()
, centralAuthURL()
, ssoNonce()
, ssoState()
, ssoClientID()
NetworkConfig();
inline bool operator==(const NetworkConfig& nc) const
{
name[0] = 0;
memset(specialists, 0, sizeof(uint64_t) * ZT_MAX_NETWORK_SPECIALISTS);
memset(routes, 0, sizeof(ZT_VirtualNetworkRoute) * ZT_MAX_NETWORK_ROUTES);
memset(staticIps, 0, sizeof(InetAddress) * ZT_MAX_ZT_ASSIGNED_ADDRESSES);
memset(rules, 0, sizeof(ZT_VirtualNetworkRule) * ZT_MAX_NETWORK_RULES);
memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS));
memset(authenticationURL, 0, sizeof(authenticationURL));
memset(issuerURL, 0, sizeof(issuerURL));
memset(centralAuthURL, 0, sizeof(centralAuthURL));
memset(ssoNonce, 0, sizeof(ssoNonce));
memset(ssoState, 0, sizeof(ssoState));
memset(ssoClientID, 0, sizeof(ssoClientID));
strncpy(ssoProvider, "default", sizeof(ssoProvider));
return (memcmp(this, &nc, sizeof(NetworkConfig)) == 0);
}
inline bool operator!=(const NetworkConfig& nc) const
{
return (! (*this == nc));
}
/**
@ -330,22 +282,6 @@ class NetworkConfig {
return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION) != 0);
}
/**
* @return True if frames should not be compressed
*/
inline bool disableCompression() const
{
#ifndef ZT_DISABLE_COMPRESSION
return ((this->flags & ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION) != 0);
#else
/* Compression is disabled for libzt builds since it causes non-obvious chaotic
interference with lwIP's TCP congestion algorithm. Compression is also disabled
for some NAS builds due to the usage of low-performance processors in certain
older and budget models. */
return false;
#endif
}
/**
* @return Network type is public (no access control)
*/
@ -397,17 +333,6 @@ class NetworkConfig {
return false;
}
inline std::vector<Address> anchors() const
{
std::vector<Address> r;
for (unsigned int i = 0; i < specialistCount; ++i) {
if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR) != 0) {
r.push_back(Address(specialists[i]));
}
}
return r;
}
inline std::vector<Address> multicastReplicators() const
{
std::vector<Address> r;
@ -444,7 +369,7 @@ class NetworkConfig {
{
std::vector<Address> r;
for (unsigned int i = 0; i < specialistCount; ++i) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_RELAY | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
r.push_back(Address(specialists[i]));
}
}
@ -455,7 +380,7 @@ class NetworkConfig {
{
unsigned int c = 0;
for (unsigned int i = 0; i < specialistCount; ++i) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_RELAY | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
ac[c++] = specialists[i];
}
}
@ -465,7 +390,7 @@ class NetworkConfig {
inline void alwaysContactAddresses(Hashtable<Address, std::vector<InetAddress> >& a) const
{
for (unsigned int i = 0; i < specialistCount; ++i) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_RELAY | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) {
a[Address(specialists[i])];
}
}
@ -489,14 +414,6 @@ class NetworkConfig {
{
return (networkId != 0);
}
inline bool operator==(const NetworkConfig& nc) const
{
return (memcmp(this, &nc, sizeof(NetworkConfig)) == 0);
}
inline bool operator!=(const NetworkConfig& nc) const
{
return (! (*this == nc));
}
/**
* Add a specialist or mask flags if already present

15
node/NetworkController.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_NETWORKCONFIGMASTER_HPP
#define ZT_NETWORKCONFIGMASTER_HPP

38
node/Node.cpp
View file

@ -1,21 +1,15 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Node.hpp"
#include "../version.h"
#include "Address.hpp"
#include "Buffer.hpp"
#include "Constants.hpp"
#include "ECC.hpp"
#include "Identity.hpp"
@ -49,7 +43,7 @@ namespace ZeroTier {
/* Public Node interface (C++, exposed via CAPI bindings) */
/****************************************************************************/
Node::Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
Node::Node(void* uptr, void* tptr, const struct ZT_Node_Config* config, const struct ZT_Node_Callbacks* callbacks, int64_t now)
: _RR(this)
, RR(&_RR)
, _uPtr(uptr)
@ -65,6 +59,7 @@ Node::Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, in
throw ZT_EXCEPTION_INVALID_ARGUMENT;
}
memcpy(&_cb, callbacks, sizeof(ZT_Node_Callbacks));
memcpy(&_config, config, sizeof(ZT_Node_Config));
// Initialize non-cryptographic PRNG from a good random source
Utils::getSecureRandom((void*)_prngState, sizeof(_prngState));
@ -184,6 +179,7 @@ Node::~Node()
Mutex::Lock _l(_networks_m);
_networks.clear(); // destroy all networks before shutdown
}
// Explicitly call destructors then free memory for all other objects.
if (RR->sa) {
RR->sa->~SelfAwareness();
}
@ -251,7 +247,7 @@ class _PingPeersThatNeedPing {
, _tPtr(tPtr)
, _alwaysContact(alwaysContact)
, _now(now)
, _bestCurrentUpstream(RR->topology->getUpstreamPeer())
, _bestCurrentUpstream(RR->topology->getUpstreamPeer(0))
{
}
@ -340,9 +336,9 @@ ZT_ResultCode Node::processBackgroundTasks(void* tptr, int64_t now, volatile int
try {
_lastPingCheck = now;
// Get designated VL1 upstreams
// Get designated VL1 upstreams (roots)
Hashtable<Address, std::vector<InetAddress> > alwaysContact;
RR->topology->getUpstreamsToContact(alwaysContact);
RR->topology->getRootsToContact(alwaysContact);
// Uncomment to dump stats
/*
@ -699,7 +695,7 @@ int Node::sendUserMessage(void* tptr, uint64_t dest, uint64_t typeId, const void
outp.append(typeId);
outp.append(data, len);
outp.compress();
RR->sw->send(tptr, outp, true);
RR->sw->send(tptr, outp, true, 0, ZT_QOS_NO_FLOW);
return 1;
}
}
@ -825,7 +821,7 @@ void Node::ncSendConfig(uint64_t nwid, uint64_t requestPacketId, const Address&
outp.append(sig.data, ZT_ECC_SIGNATURE_LEN);
outp.compress();
RR->sw->send((void*)0, outp, true);
RR->sw->send((void*)0, outp, true, nwid, ZT_QOS_NO_FLOW);
chunkIndex += chunkLen;
}
}
@ -855,7 +851,7 @@ void Node::ncSendRevocation(const Address& destination, const Revocation& rev)
outp.append((uint16_t)1);
rev.serialize(outp);
outp.append((uint16_t)0);
RR->sw->send((void*)0, outp, true);
RR->sw->send((void*)0, outp, true, rev.networkId(), ZT_QOS_NO_FLOW);
}
}
@ -911,7 +907,7 @@ void Node::ncSendError(uint64_t nwid, uint64_t requestPacketId, const Address& d
outp.append(errorData, errorDataSize);
}
RR->sw->send((void*)0, outp, true);
RR->sw->send((void*)0, outp, true, nwid, ZT_QOS_NO_FLOW);
} // else we can't send an ERROR() in response to nothing, so discard
}
@ -923,11 +919,11 @@ void Node::ncSendError(uint64_t nwid, uint64_t requestPacketId, const Address& d
extern "C" {
enum ZT_ResultCode ZT_Node_new(ZT_Node** node, void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
enum ZT_ResultCode ZT_Node_new(ZT_Node** node, const struct ZT_Node_Config* config, void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now)
{
*node = (ZT_Node*)0;
try {
*node = reinterpret_cast<ZT_Node*>(new ZeroTier::Node(uptr, tptr, callbacks, now));
*node = reinterpret_cast<ZT_Node*>(new ZeroTier::Node(uptr, tptr, config, callbacks, now));
return ZT_RESULT_OK;
}
catch (std::bad_alloc& exc) {

35
node/Node.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_NODE_HPP
#define ZT_NODE_HPP
@ -25,13 +20,10 @@
#include "NetworkController.hpp"
#include "Path.hpp"
#include "RuntimeEnvironment.hpp"
#include "Salsa20.hpp"
#include "SelfAwareness.hpp"
#include <map>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <vector>
// Bit mask for "expecting reply" hash
@ -49,7 +41,7 @@ class World;
*/
class Node : public NetworkController::Sender {
public:
Node(void* uptr, void* tptr, const struct ZT_Node_Callbacks* callbacks, int64_t now);
Node(void* uptr, void* tptr, const struct ZT_Node_Config* config, const struct ZT_Node_Callbacks* callbacks, int64_t now);
virtual ~Node();
// Get rid of alignment warnings on 32-bit Windows and possibly improve performance
@ -290,12 +282,22 @@ class Node : public NetworkController::Sender {
inline void setLowBandwidthMode(bool isEnabled)
{
_lowBandwidthMode = isEnabled;
_config.lowBandwidthMode = (int)isEnabled;
}
inline void setEncryptedHelloEnabled(bool isEnabled)
{
_config.enableEncryptedHello = (int)isEnabled;
}
inline bool lowBandwidthModeEnabled()
{
return _lowBandwidthMode;
return _config.lowBandwidthMode != 0;
}
inline bool encryptedHelloEnabled()
{
return _config.enableEncryptedHello != 0;
}
void initMultithreading(unsigned int concurrency, bool cpuPinningEnabled);
@ -305,6 +307,7 @@ class Node : public NetworkController::Sender {
RuntimeEnvironment* RR;
void* _uPtr; // _uptr (lower case) is reserved in Visual Studio :P
ZT_Node_Callbacks _cb;
ZT_Node_Config _config;
// For tracking packet IDs to filter out OK/ERROR replies to packets we did not send
uint8_t _expectingRepliesToBucketPtr[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1];

18
node/OutboundMulticast.cpp
View file

@ -1,22 +1,16 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "OutboundMulticast.hpp"
#include "Constants.hpp"
#include "Network.hpp"
#include "Node.hpp"
#include "Peer.hpp"
#include "RuntimeEnvironment.hpp"
#include "Switch.hpp"
#include "Topology.hpp"
@ -87,7 +81,7 @@ void OutboundMulticast::sendOnly(const RuntimeEnvironment* RR, void* tPtr, const
_packet.setDestination(toAddr);
RR->node->expectReplyTo(_packet.packetId());
_tmp = _packet;
RR->sw->send(tPtr, _tmp, true);
RR->sw->send(tPtr, _tmp, true, _nwid, ZT_QOS_NO_FLOW);
}
}

15
node/OutboundMulticast.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_OUTBOUNDMULTICAST_HPP
#define ZT_OUTBOUNDMULTICAST_HPP

15
node/Packet.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Packet.hpp"

15
node/Packet.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_N_PACKET_HPP
#define ZT_N_PACKET_HPP

17
node/PacketMultiplexer.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2021 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "PacketMultiplexer.hpp"
@ -119,4 +114,4 @@ void PacketMultiplexer::setUpPostDecodeReceiveThreads(unsigned int concurrency,
}
}
} // namespace ZeroTier
} // namespace ZeroTier

17
node/PacketMultiplexer.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2021 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_PACKET_MULTIPLEXER_HPP
#define ZT_PACKET_MULTIPLEXER_HPP
@ -62,4 +57,4 @@ class PacketMultiplexer {
} // namespace ZeroTier
#endif // ZT_PACKET_MULTIPLEXER_HPP
#endif // ZT_PACKET_MULTIPLEXER_HPP

15
node/Path.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Path.hpp"

15
node/Path.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_PATH_HPP
#define ZT_PATH_HPP

21
node/Peer.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Peer.hpp"
@ -19,8 +14,8 @@
#include "InetAddress.hpp"
#include "Metrics.hpp"
#include "Network.hpp"
#include "Node.hpp"
#include "Packet.hpp"
#include "RingBuffer.hpp"
#include "SelfAwareness.hpp"
#include "Switch.hpp"
#include "Trace.hpp"
@ -464,13 +459,13 @@ void Peer::sendHELLO(void* tPtr, const int64_t localSocket, const InetAddress& a
Metrics::pkt_hello_out++;
if (atAddress) {
outp.armor(_key, false, true, nullptr, _id);
outp.armor(_key, false, RR->node->encryptedHelloEnabled(), nullptr, _id);
RR->node->expectReplyTo(outp.packetId());
RR->node->putPacket(tPtr, RR->node->lowBandwidthModeEnabled() ? localSocket : -1, atAddress, outp.data(), outp.size());
}
else {
RR->node->expectReplyTo(outp.packetId());
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, 0, ZT_QOS_NO_FLOW);
}
}

17
node/Peer.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_PEER_HPP
#define ZT_PEER_HPP
@ -20,12 +15,10 @@
#include "AtomicCounter.hpp"
#include "Bond.hpp"
#include "Constants.hpp"
#include "Hashtable.hpp"
#include "Identity.hpp"
#include "InetAddress.hpp"
#include "Metrics.hpp"
#include "Mutex.hpp"
#include "Node.hpp"
#include "Packet.hpp"
#include "Path.hpp"
#include "RuntimeEnvironment.hpp"

15
node/Poly1305.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_POLY1305_HPP
#define ZT_POLY1305_HPP

15
node/Revocation.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Revocation.hpp"

15
node/Revocation.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_REVOCATION_HPP
#define ZT_REVOCATION_HPP

15
node/RingBuffer.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_RINGBUFFER_H
#define ZT_RINGBUFFER_H

15
node/RuntimeEnvironment.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_RUNTIMEENVIRONMENT_HPP
#define ZT_RUNTIMEENVIRONMENT_HPP

15
node/SHA512.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_SHA512_HPP
#define ZT_SHA512_HPP

15
node/SelfAwareness.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "SelfAwareness.hpp"

15
node/SelfAwareness.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_SELFAWARENESS_HPP
#define ZT_SELFAWARENESS_HPP

15
node/SharedPtr.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_SHAREDPTR_HPP
#define ZT_SHAREDPTR_HPP

82
node/Switch.cpp
View file

@ -1,20 +1,14 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Switch.hpp"
#include "../include/ZeroTierOne.h"
#include "../version.h"
#include "Constants.hpp"
#include "InetAddress.hpp"
#include "Metrics.hpp"
@ -27,14 +21,12 @@
#include "Trace.hpp"
#include <algorithm>
#include <stdexcept>
#include <stdio.h>
#include <stdlib.h>
#include <utility>
namespace ZeroTier {
Switch::Switch(const RuntimeEnvironment* renv) : RR(renv), _lastBeaconResponse(0), _lastCheckedQueues(0), _lastUniteAttempt(8) // only really used on root servers and upstreams, and it'll grow there just fine
Switch::Switch(const RuntimeEnvironment* renv) : RR(renv), _lastBeaconResponse(0), _lastCheckedQueues(0), _lastUniteAttempt(8)
{
}
@ -86,6 +78,7 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
const Address destination(fragment.destination());
if (destination != RR->identity.address()) {
// RELAY: fragment is for a different node, so maybe send it there if we should relay.
if ((! RR->topology->amUpstream()) && (! path->trustEstablished(now))) {
return;
}
@ -98,7 +91,7 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
SharedPtr<Peer> relayTo = RR->topology->getPeer(tPtr, destination);
if ((! relayTo) || (! relayTo->sendDirect(tPtr, fragment.data(), fragment.size(), now, false))) {
// Don't know peer or no direct path -- so relay via someone upstream
relayTo = RR->topology->getUpstreamPeer();
relayTo = RR->topology->getUpstreamPeer(0);
if (relayTo) {
relayTo->sendDirect(tPtr, fragment.data(), fragment.size(), now, true);
}
@ -106,7 +99,8 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
}
}
else {
// Fragment looks like ours
// RECEIVE: fragment appears to be ours (this is validated in cryptographic auth after assembly)
const uint64_t fragmentPacketId = fragment.packetId();
const unsigned int fragmentNumber = fragment.fragmentNumber();
const unsigned int totalFragments = fragment.totalFragments();
@ -167,6 +161,8 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
}
if (destination != RR->identity.address()) {
// RELAY: packet head is for a different node, so maybe send it there if we should relay.
if ((! RR->topology->amUpstream()) && (! path->trustEstablished(now)) && (source != RR->identity.address())) {
return;
}
@ -185,7 +181,7 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
}
}
else {
relayTo = RR->topology->getUpstreamPeer();
relayTo = RR->topology->getUpstreamPeer(0);
if ((relayTo) && (relayTo->address() != source)) {
if (relayTo->sendDirect(tPtr, packet.data(), packet.size(), now, true)) {
const SharedPtr<Peer> sourcePeer(RR->topology->getPeer(tPtr, source));
@ -198,7 +194,7 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
}
}
else if ((reinterpret_cast<const uint8_t*>(data)[ZT_PACKET_IDX_FLAGS] & ZT_PROTO_FLAG_FRAGMENTED) != 0) {
// Packet is the head of a fragmented packet series
// RECEIVE: packet head appears to be ours (this is validated in cryptographic auth after assembly)
const uint64_t packetId =
((((uint64_t)reinterpret_cast<const uint8_t*>(data)[0]) << 56) | (((uint64_t)reinterpret_cast<const uint8_t*>(data)[1]) << 48) | (((uint64_t)reinterpret_cast<const uint8_t*>(data)[2]) << 40)
@ -243,7 +239,8 @@ void Switch::onRemotePacket(void* tPtr, const int64_t localSocket, const InetAdd
} // else this is a duplicate head, ignore
}
else {
// Packet is unfragmented, so just process it
// RECEIVE: unfragmented packet appears to be ours (this is validated in cryptographic auth after assembly)
IncomingPacket packet(data, len, path, now);
if (! packet.tryDecode(RR, tPtr, flowId)) {
RXQueueEntry* const rq = _nextRXQueueEntry();
@ -550,10 +547,7 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
outp.append(network->id());
outp.append((uint16_t)etherType);
outp.append(data, len);
// 1.4.8: disable compression for unicast as it almost never helps
// if (!network->config().disableCompression())
// outp.compress();
aqm_enqueue(tPtr, network, outp, true, qosBucket, flowId);
aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
}
else {
Packet outp(toZT, RR->identity.address(), Packet::VERB_EXT_FRAME);
@ -563,10 +557,7 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
from.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(data, len);
// 1.4.8: disable compression for unicast as it almost never helps
// if (!network->config().disableCompression())
// outp.compress();
aqm_enqueue(tPtr, network, outp, true, qosBucket, flowId);
aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
}
}
else {
@ -627,10 +618,7 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
from.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(data, len);
// 1.4.8: disable compression for unicast as it almost never helps
// if (!network->config().disableCompression())
// outp.compress();
aqm_enqueue(tPtr, network, outp, true, qosBucket, flowId);
aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
}
else {
RR->t->outgoingNetworkFrameDropped(tPtr, network, from, to, etherType, vlanId, len, "filter blocked (bridge replication)");
@ -639,10 +627,10 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
}
}
void Switch::aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet& packet, bool encrypt, int qosBucket, int32_t flowId)
void Switch::aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet& packet, const bool encrypt, const int qosBucket, const uint64_t nwid, const int32_t flowId)
{
if (! network->qosEnabled()) {
send(tPtr, packet, encrypt, flowId);
send(tPtr, packet, encrypt, nwid, flowId);
return;
}
NetworkQoSControlBlock* nqcb = _netQueueControlBlock[network->id()];
@ -657,7 +645,7 @@ void Switch::aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet&
}
// Don't apply QoS scheduling to ZT protocol traffic
if (packet.verb() != Packet::VERB_FRAME && packet.verb() != Packet::VERB_EXT_FRAME) {
send(tPtr, packet, encrypt, flowId);
send(tPtr, packet, encrypt, nwid, flowId);
}
_aqm_m.lock();
@ -665,7 +653,7 @@ void Switch::aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet&
// Enqueue packet and move queue to appropriate list
const Address dest(packet.destination());
TXQueueEntry* txEntry = new TXQueueEntry(dest, RR->node->now(), packet, encrypt, flowId);
TXQueueEntry* txEntry = new TXQueueEntry(dest, nwid, RR->node->now(), packet, encrypt, flowId);
ManagedQueue* selectedQueue = nullptr;
for (size_t i = 0; i < ZT_AQM_NUM_BUCKETS; i++) {
@ -845,7 +833,7 @@ void Switch::aqm_dequeue(void* tPtr)
queueAtFrontOfList->byteCredit -= len;
// Send the packet!
queueAtFrontOfList->q.pop_front();
send(tPtr, entryToEmit->packet, entryToEmit->encrypt, entryToEmit->flowId);
send(tPtr, entryToEmit->packet, entryToEmit->encrypt, entryToEmit->nwid, entryToEmit->flowId);
(*nqcb).second->_currEnqueuedPackets--;
}
if (queueAtFrontOfList) {
@ -878,7 +866,7 @@ void Switch::aqm_dequeue(void* tPtr)
queueAtFrontOfList->byteLength -= len;
queueAtFrontOfList->byteCredit -= len;
queueAtFrontOfList->q.pop_front();
send(tPtr, entryToEmit->packet, entryToEmit->encrypt, entryToEmit->flowId);
send(tPtr, entryToEmit->packet, entryToEmit->encrypt, entryToEmit->nwid, entryToEmit->flowId);
(*nqcb).second->_currEnqueuedPackets--;
}
if (queueAtFrontOfList) {
@ -902,20 +890,20 @@ void Switch::removeNetworkQoSControlBlock(uint64_t nwid)
}
}
void Switch::send(void* tPtr, Packet& packet, bool encrypt, int32_t flowId)
void Switch::send(void* tPtr, Packet& packet, const bool encrypt, const uint64_t nwid, const int32_t flowId)
{
const Address dest(packet.destination());
if (dest == RR->identity.address()) {
return;
}
_recordOutgoingPacketMetrics(packet);
if (! _trySend(tPtr, packet, encrypt, flowId)) {
if (! _trySend(tPtr, packet, encrypt, nwid, flowId)) {
{
Mutex::Lock _l(_txQueue_m);
if (_txQueue.size() >= ZT_TX_QUEUE_SIZE) {
_txQueue.pop_front();
}
_txQueue.push_back(TXQueueEntry(dest, RR->node->now(), packet, encrypt, flowId));
_txQueue.push_back(TXQueueEntry(dest, nwid, RR->node->now(), packet, encrypt, flowId));
}
if (! RR->topology->getPeer(tPtr, dest)) {
requestWhois(tPtr, RR->node->now(), dest);
@ -940,12 +928,12 @@ void Switch::requestWhois(void* tPtr, const int64_t now, const Address& addr)
}
}
const SharedPtr<Peer> upstream(RR->topology->getUpstreamPeer());
const SharedPtr<Peer> upstream(RR->topology->getUpstreamPeer(0));
if (upstream) {
int32_t flowId = ZT_QOS_NO_FLOW;
Packet outp(upstream->address(), RR->identity.address(), Packet::VERB_WHOIS);
addr.appendTo(outp);
send(tPtr, outp, true, flowId);
send(tPtr, outp, true, 0, flowId);
}
}
@ -971,7 +959,7 @@ void Switch::doAnythingWaitingForPeer(void* tPtr, const SharedPtr<Peer>& peer)
Mutex::Lock _l(_txQueue_m);
for (std::list<TXQueueEntry>::iterator txi(_txQueue.begin()); txi != _txQueue.end();) {
if (txi->dest == peer->address()) {
if (_trySend(tPtr, txi->packet, txi->encrypt, txi->flowId)) {
if (_trySend(tPtr, txi->packet, txi->encrypt, txi->nwid, txi->flowId)) {
_txQueue.erase(txi++);
}
else {
@ -998,7 +986,7 @@ unsigned long Switch::doTimerTasks(void* tPtr, int64_t now)
Mutex::Lock _l(_txQueue_m);
for (std::list<TXQueueEntry>::iterator txi(_txQueue.begin()); txi != _txQueue.end();) {
if (_trySend(tPtr, txi->packet, txi->encrypt, txi->flowId)) {
if (_trySend(tPtr, txi->packet, txi->encrypt, 0, txi->flowId)) {
_txQueue.erase(txi++);
}
else if ((now - txi->creationTime) > ZT_TRANSMIT_QUEUE_TIMEOUT) {
@ -1070,7 +1058,7 @@ bool Switch::_shouldUnite(const int64_t now, const Address& source, const Addres
return false;
}
bool Switch::_trySend(void* tPtr, Packet& packet, bool encrypt, int32_t flowId)
bool Switch::_trySend(void* tPtr, Packet& packet, bool encrypt, const uint64_t nwid, const int32_t flowId)
{
SharedPtr<Path> viaPath;
const int64_t now = RR->node->now();
@ -1079,7 +1067,7 @@ bool Switch::_trySend(void* tPtr, Packet& packet, bool encrypt, int32_t flowId)
const SharedPtr<Peer> peer(RR->topology->getPeer(tPtr, destination));
if (peer) {
if ((peer->bondingPolicy() == ZT_BOND_POLICY_BROADCAST) && (packet.verb() == Packet::VERB_FRAME || packet.verb() == Packet::VERB_EXT_FRAME)) {
const SharedPtr<Peer> relay(RR->topology->getUpstreamPeer());
const SharedPtr<Peer> relay(RR->topology->getUpstreamPeer(nwid));
Mutex::Lock _l(peer->_paths_m);
for (int i = 0; i < ZT_MAX_PEER_NETWORK_PATHS; ++i) {
if (peer->_paths[i].p && peer->_paths[i].p->alive(now)) {
@ -1093,7 +1081,7 @@ bool Switch::_trySend(void* tPtr, Packet& packet, bool encrypt, int32_t flowId)
viaPath = peer->getAppropriatePath(now, false, flowId);
if (! viaPath) {
peer->tryMemorizedPath(tPtr, now); // periodically attempt memorized or statically defined paths, if any are known
const SharedPtr<Peer> relay(RR->topology->getUpstreamPeer());
const SharedPtr<Peer> relay(RR->topology->getUpstreamPeer(nwid));
if ((! relay) || (! (viaPath = relay->getAppropriatePath(now, false, flowId)))) {
if (! (viaPath = peer->getAppropriatePath(now, true, flowId))) {
return false;

27
node/Switch.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2013-2020 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_N_SWITCH_HPP
#define ZT_N_SWITCH_HPP
@ -24,11 +19,9 @@
#include "Packet.hpp"
#include "SharedPtr.hpp"
#include "Topology.hpp"
#include "Utils.hpp"
#include <list>
#include <map>
#include <set>
#include <vector>
/* Ethernet frame types that might be relevant to us */
@ -124,7 +117,7 @@ class Switch {
* @param encrypt Encrypt packet payload? (always true except for HELLO)
* @param qosBucket Which bucket the rule-system determined this packet should fall into
*/
void aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet& packet, bool encrypt, int qosBucket, int32_t flowId = ZT_QOS_NO_FLOW);
void aqm_enqueue(void* tPtr, const SharedPtr<Network>& network, Packet& packet, const bool encrypt, const int qosBucket, const uint64_t nwid, const int32_t flowId /* = ZT_QOS_NO_FLOW*/);
/**
* Performs a single AQM cycle and dequeues and transmits all eligible packets on all networks
@ -169,8 +162,9 @@ class Switch {
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
* @param packet Packet to send (buffer may be modified)
* @param encrypt Encrypt packet payload? (always true except for HELLO)
* @param nwid Network ID to which this packet is related or 0 if none
*/
void send(void* tPtr, Packet& packet, bool encrypt, int32_t flowId = ZT_QOS_NO_FLOW);
void send(void* tPtr, Packet& packet, const bool encrypt, const uint64_t nwid, const int32_t flowId /* = ZT_QOS_NO_FLOW*/);
/**
* Request WHOIS on a given address
@ -205,7 +199,7 @@ class Switch {
private:
bool _shouldUnite(const int64_t now, const Address& source, const Address& destination);
bool _trySend(void* tPtr, Packet& packet, bool encrypt, int32_t flowId = ZT_QOS_NO_FLOW); // packet is modified if return is true
bool _trySend(void* tPtr, Packet& packet, bool encrypt, const uint64_t nwid, const int32_t flowId /* = ZT_QOS_NO_FLOW*/);
void _sendViaSpecificPath(void* tPtr, SharedPtr<Peer> peer, SharedPtr<Path> viaPath, uint16_t userSpecifiedMtu, int64_t now, Packet& packet, bool encrypt, int32_t flowId);
void _recordOutgoingPacketMetrics(const Packet& p);
@ -260,11 +254,12 @@ class Switch {
TXQueueEntry()
{
}
TXQueueEntry(Address d, uint64_t ct, const Packet& p, bool enc, int32_t fid) : dest(d), creationTime(ct), packet(p), encrypt(enc), flowId(fid)
TXQueueEntry(Address d, uint64_t nwid, uint64_t ct, const Packet& p, bool enc, int32_t fid) : dest(d), nwid(nwid), creationTime(ct), packet(p), encrypt(enc), flowId(fid)
{
}
Address dest;
uint64_t nwid;
uint64_t creationTime;
Packet packet; // unencrypted/unMAC'd packet -- this is done at send time
bool encrypt;

15
node/Tag.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Tag.hpp"

15
node/Tag.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_TAG_HPP
#define ZT_TAG_HPP

90
node/Topology.cpp
View file

@ -1,25 +1,19 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Topology.hpp"
#include "Buffer.hpp"
#include "Constants.hpp"
#include "Network.hpp"
#include "NetworkConfig.hpp"
#include "Node.hpp"
#include "RuntimeEnvironment.hpp"
#include "Switch.hpp"
#include "Trace.hpp"
namespace ZeroTier {
@ -146,30 +140,42 @@ Identity Topology::getIdentity(void* tPtr, const Address& zta)
return Identity();
}
SharedPtr<Peer> Topology::getUpstreamPeer()
SharedPtr<Peer> Topology::getUpstreamPeer(const uint64_t nwid)
{
const int64_t now = RR->node->now();
unsigned int bestq = ~((unsigned int)0);
const SharedPtr<Peer>* best = (const SharedPtr<Peer>*)0;
Mutex::Lock _l2(_peers_m);
Mutex::Lock _l1(_upstreams_m);
/*
// If this is related to a network, check for a network specific relay.
if (nwid) {
SharedPtr<Network> network = RR->node->network(nwid);
if (network) {
//
}
}
*/
for (std::vector<Address>::const_iterator a(_upstreamAddresses.begin()); a != _upstreamAddresses.end(); ++a) {
const SharedPtr<Peer>* p = _peers.get(*a);
if (p) {
const unsigned int q = (*p)->relayQuality(now);
if (q <= bestq) {
bestq = q;
best = p;
// If this is unrelated to a network OR there is no network-specific relay, send via a root.
{
Mutex::Lock _l2(_peers_m);
Mutex::Lock _l1(_upstreams_m);
for (std::vector<Address>::const_iterator a(_upstreamAddresses.begin()); a != _upstreamAddresses.end(); ++a) {
const SharedPtr<Peer>* p = _peers.get(*a);
if (p) {
const unsigned int q = (*p)->relayQuality(now);
if (q <= bestq) {
bestq = q;
best = p;
}
}
}
if (best) {
return *best;
}
}
if (! best) {
return SharedPtr<Peer>();
}
return *best;
return SharedPtr<Peer>();
}
bool Topology::isUpstream(const Identity& id) const
@ -245,6 +251,38 @@ bool Topology::isProhibitedEndpoint(const Address& ztaddr, const InetAddress& ip
return false;
}
void Topology::getRootsToContact(Hashtable<Address, std::vector<InetAddress> >& eps) const
{
Mutex::Lock _l(_upstreams_m);
for (std::vector<World::Root>::const_iterator i(_planet.roots().begin()); i != _planet.roots().end(); ++i) {
if (i->identity != RR->identity) {
std::vector<InetAddress>& ips = eps[i->identity.address()];
for (std::vector<InetAddress>::const_iterator j(i->stableEndpoints.begin()); j != i->stableEndpoints.end(); ++j) {
if (std::find(ips.begin(), ips.end(), *j) == ips.end()) {
ips.push_back(*j);
}
}
}
}
for (std::vector<World>::const_iterator m(_moons.begin()); m != _moons.end(); ++m) {
for (std::vector<World::Root>::const_iterator i(m->roots().begin()); i != m->roots().end(); ++i) {
if (i->identity != RR->identity) {
std::vector<InetAddress>& ips = eps[i->identity.address()];
for (std::vector<InetAddress>::const_iterator j(i->stableEndpoints.begin()); j != i->stableEndpoints.end(); ++j) {
if (std::find(ips.begin(), ips.end(), *j) == ips.end()) {
ips.push_back(*j);
}
}
}
}
}
for (std::vector<std::pair<uint64_t, Address> >::const_iterator m(_moonSeeds.begin()); m != _moonSeeds.end(); ++m) {
eps[m->second];
}
}
bool Topology::addWorld(void* tPtr, const World& newWorld, bool alwaysAcceptNew)
{
if ((newWorld.type() != World::TYPE_PLANET) && (newWorld.type() != World::TYPE_MOON)) {

51
node/Topology.hpp
View file

@ -1,22 +1,16 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_TOPOLOGY_HPP
#define ZT_TOPOLOGY_HPP
#include "../include/ZeroTierOne.h"
#include "Address.hpp"
#include "Constants.hpp"
#include "Hashtable.hpp"
#include "Identity.hpp"
#include "InetAddress.hpp"
@ -26,9 +20,7 @@
#include "World.hpp"
#include <algorithm>
#include <stdexcept>
#include <stdio.h>
#include <string.h>
#include <utility>
#include <vector>
@ -112,9 +104,10 @@ class Topology {
/**
* Get the current best upstream peer
*
* @param nwid Network ID or 0 if this is to send something unrelated to a specific network
* @return Upstream or NULL if none available
*/
SharedPtr<Peer> getUpstreamPeer();
SharedPtr<Peer> getUpstreamPeer(const uint64_t nwid);
/**
* @param id Identity to check
@ -155,35 +148,7 @@ class Topology {
*
* @param eps Hash table to fill with addresses and their stable endpoints
*/
inline void getUpstreamsToContact(Hashtable<Address, std::vector<InetAddress> >& eps) const
{
Mutex::Lock _l(_upstreams_m);
for (std::vector<World::Root>::const_iterator i(_planet.roots().begin()); i != _planet.roots().end(); ++i) {
if (i->identity != RR->identity) {
std::vector<InetAddress>& ips = eps[i->identity.address()];
for (std::vector<InetAddress>::const_iterator j(i->stableEndpoints.begin()); j != i->stableEndpoints.end(); ++j) {
if (std::find(ips.begin(), ips.end(), *j) == ips.end()) {
ips.push_back(*j);
}
}
}
}
for (std::vector<World>::const_iterator m(_moons.begin()); m != _moons.end(); ++m) {
for (std::vector<World::Root>::const_iterator i(m->roots().begin()); i != m->roots().end(); ++i) {
if (i->identity != RR->identity) {
std::vector<InetAddress>& ips = eps[i->identity.address()];
for (std::vector<InetAddress>::const_iterator j(i->stableEndpoints.begin()); j != i->stableEndpoints.end(); ++j) {
if (std::find(ips.begin(), ips.end(), *j) == ips.end()) {
ips.push_back(*j);
}
}
}
}
}
for (std::vector<std::pair<uint64_t, Address> >::const_iterator m(_moonSeeds.begin()); m != _moonSeeds.end(); ++m) {
eps[m->second];
}
}
void getRootsToContact(Hashtable<Address, std::vector<InetAddress> >& eps) const;
/**
* @return Vector of active upstream addresses (including roots)

19
node/Trace.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
// #define ZT_TRACE
@ -19,13 +14,13 @@
#include "Capability.hpp"
#include "CertificateOfMembership.hpp"
#include "CertificateOfOwnership.hpp"
#include "Constants.hpp"
#include "Dictionary.hpp"
#include "Node.hpp"
#include "Revocation.hpp"
#include "RuntimeEnvironment.hpp"
#include "Switch.hpp"
#include "Tag.hpp"
#include "Utils.hpp"
#include <stdarg.h>
#include <stdio.h>
@ -632,7 +627,7 @@ void Trace::_send(void* const tPtr, const Dictionary<ZT_MAX_REMOTE_TRACE_SIZE>&
Packet outp(dest, RR->identity.address(), Packet::VERB_REMOTE_TRACE);
outp.appendCString(d.data());
outp.compress();
RR->sw->send(tPtr, outp, true);
RR->sw->send(tPtr, outp, true, 0, ZT_QOS_NO_FLOW);
}
void Trace::_spamToAllNetworks(void* const tPtr, const Dictionary<ZT_MAX_REMOTE_TRACE_SIZE>& d, const Level level)

15
node/Trace.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_TRACE_HPP
#define ZT_TRACE_HPP

15
node/Utils.cpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#include "Constants.hpp"

15
node/Utils.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_UTILS_HPP
#define ZT_UTILS_HPP

15
node/World.hpp
View file

@ -1,15 +1,10 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2026-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
* (c) ZeroTier, Inc.
* https://www.zerotier.com/
*/
/****/
#ifndef ZT_WORLD_HPP
#define ZT_WORLD_HPP

3
nonfree/CMakeLists.txt Normal file
View file

@ -0,0 +1,3 @@
cmake_minimum_required(VERSION 3.13)
add_subdirectory(controller)

103
nonfree/LICENSE.md Normal file
View file

@ -0,0 +1,103 @@
# ZeroTier SOURCE-AVAILABLE LICENSE
Version 1.0
Copyright (c) 2025 ZeroTier, Inc.
## DEFINITIONS
"Software" means ZeroTier and all associated documentation, source code, object code, and any derivatives thereof.
"Non-Commercial Use" means use of the Software solely for:
- Personal, non-commercial purposes, in a non-commercial environment
- Educational or academic research purposes (for students, not for organizational use)
- Evaluation purposes for a period not exceeding 30 days
"Commercial Use" includes, but is not limited to:
- Any use of the Software by or for the benefit of a for-profit company
- Any use of the Software by or for the benefit of a government or military entity
- Any use of the Software by or for the benefit of a non-profit organization, or registered charity
- Use in a production, staging, or development environment for business purposes
- Offering paid or unpaid services powered by the Software
- Incorporation of the Software into any paid or unpaid product, platform, distribution or service
## LICENSE STRUCTURE
This software distribution includes components governed by different license terms:
- The "ZeroTier Agent" component is licensed under the Mozilla Public License 2.0 (MPL-2.0). See the LICENSE-MPL.txt file in project root for details.
- The "Controller" and other related components, located in the “nonfree” source directory, are licensed under this Source-Available License for Non-Commercial Use. Use of any of these components for Commercial Use requires a separate commercial license agreement with ZeroTier, Inc.
## GRANT OF LICENSE
### Non-Commercial License Grant
Permission is hereby granted, free of charge, to any person obtaining a copy of this Software, to use, copy, modify, and distribute the Software for Non-Commercial Use only, subject to the following conditions:
1. The above copyright notice and this license shall be included in all copies, modified versions and redistributions, in whole or in part of the Software.
2. The Software may not be used for Commercial Use without obtaining a separate commercial license.
3. Any modifications to the Software must be clearly noted in both the source code and documentation as such and must not be misrepresented as the original Software.
4. If you distribute the Software or any derivative works, you must retain all copyright, trademark, attribution notices, and this license text.
### Commercial License Requirement
ANY COMMERCIAL USE OF THIS SOFTWARE REQUIRES A SEPARATE COMMERCIAL LICENSE.
To obtain a commercial license, please contact:
sales@zerotier.com
https://www.zerotier.com/
## RESTRICTIONS
You may NOT:
- Use the Software for Commercial Use without a commercial license
- Remove or alter any proprietary notices, copyright or trademark statements, headers, metadata, logos, branding or other identifying information in the Software
- Use the trademarks, service marks, trade names, logos, or other brand identifiers of the copyright holder in a manner likely to cause confusion about the source, sponsorship, or endorsement of the Software without prior written permission
- Imply endorsement by the copyright holder, directly or indirectly, without written permission
## RESERVATION OF RIGHTS
All rights not expressly granted herein are reserved by the copyright holder. No rights or licenses are granted by implication, estoppel, or otherwise.
## NO PATENT LICENSE
This License does not grant any rights under any patent owned or controlled by the copyright holder. To inquire about patent licensing, please contact: legal@zerotier.com
## CONTRIBUTIONS
If you contribute any code, bug fixes, or enhancements to the Software, you grant the copyright holder a perpetual, worldwide, royalty-free license to use, modify, reproduce, sublicense, and distribute such contributions for any purpose, including Commercial Use.
## DISCLAIMER
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
## COMPLIANCE AND VERIFICATION
To ensure compliance with this License, you agree to provide, upon request, reasonable documentation demonstrating that your use of the Software qualifies as Non-Commercial Use. Failure to provide such documentation within 30 days may result in termination of this License.
## TERMINATION
This license automatically terminates if you:
- Use the Software for Commercial Use without obtaining a commercial license
- Fail to comply with any of the terms and conditions stated herein
- Initiate legal action against the copyright holder related to the Software
Upon termination, you must cease all use of the Software and destroy all copies in your possession.
## GOVERNING LAW
This License shall be governed by the laws of California, USA, without regard to conflict of law principles.
## ENFORCEMENT
The copyright holder reserves the right to enforce this License through legal or equitable remedies, including injunctive relief, in the event of a violation of its terms.
## ENTIRE AGREEMENT
This License constitutes the entire agreement between the parties concerning the use of the Software for Non-Commercial Use and supersedes all prior or contemporaneous agreements regarding such use.
---
## NOTICE TO USERS
This Software is source-available, but it is not “open source” as defined by the Open Source Initiative.
The "ZeroTier Agent" component is licensed under the Mozilla Public License 2.0 (MPL-2.0).
The "Controller" and related components, located in the “nonfree” source directory, are licensed under this Source-Available License.
Commercial use, as defined above, requires a paid commercial license.
For inquiries, please contact:
sales@zerotier.com
Or visit: https://www.zerotier.com/

Some files were not shown because too many files have changed in this diff Show more