From ee1a008f2d10b6d0f9d25235f32edd0dd6033ab1 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 3 Jun 2015 18:53:54 -0700 Subject: [PATCH 1/6] Product code for 1.0.3 etc. --- ext/installfiles/windows/ZeroTier One.aip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/installfiles/windows/ZeroTier One.aip b/ext/installfiles/windows/ZeroTier One.aip index 234873f87..ff7ee2190 100644 --- a/ext/installfiles/windows/ZeroTier One.aip +++ b/ext/installfiles/windows/ZeroTier One.aip @@ -23,7 +23,7 @@ - + From bd7e4ab6955f838c3119fe1262901875345d8d43 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 3 Jun 2015 19:34:00 -0700 Subject: [PATCH 2/6] VERSION 1.0.3: public preview release After many months of intense development, ZeroTier is proud to release version 1.0.3 of ZeroTier One. This version focuses on under-the-hood and network level improvements to prepare the way for more user-facing improvements in the months to come, as well as new products built around the ZeroTier core. 1.0.3 contains a large number of changes, so we're not going to push it out via our auto-update mechanism yet. We're going to update the download links on the web site and let users try it out for a while first. If problems are found, we'll do a 1.0.4 before we push it out to existing installations. -- Important note for Linux users: we've decided to stop pushing auto-updates for Linux, and this version's official Linux binaries are built without update checking enabled. Linux is used mostly on servers, and based on user feedback we've found that most users don't like anything auto-updating outside of the normal package management channels. Instead, we'll be working over the next few months to get ZeroTier One included in a number of upstream Linux distributions. That way you'll be able to 'apt-get' or 'yum' install it and stay up to date that way. Auto-updates will remain for Macintosh and Windows users until/unless we can move to 'app store' deployment on those platforms. -- Now for the change list. It's a big one! NEW FEATURES and IMPROVEMENTS * Client support is in place for preferred relays on a per-network basis. This allows you to define statically assigned nodes that act as relays for indirect communication and connection setup for communication between peers on a given virtual network. If defined, they'll be used in preference to supernodes for this purpose. If they're offline, ZeroTier will fall back to global supernodes. This will require support on the web control panel for most users to use. * This version sends NAT "keepalive" packets every 20 seconds, which is similar to the behavior of most SIP phones. This should improve reliability behind NATs with short timeouts and certain cheap consumer NAT devices. * Improvements have been made to NAT traversal to traverse more symmetric NAT configurations, and to rate limit traversal attempts to avoid looking like a port scan. * New direct paths are now confirmed prior to use. This should improve reliability in cases where a NAT traversal attempt "half succeeds" by preventing the use of direct links that aren't actually usable. * A new geo-located TCP tunneling fallback implementation should improve performance for heavily firewalled users who can't use UDP. * ZeroTier now uses remotely reported accounts of your external IP address to detect changes in your network connectivity instead of relying on "fingerprinting" of the OS-level local network environment. This should improve reliability in cases where external routers have dynamic IPs or when changing between networks with different external IPs but similar internal addressing schemes. This should also improve reliability for use within virtual machines, since the external link address might change but the VM's link addresses will not. * We've eliminated the old Unix domain socket (or named pipe on Windows) control bus in favor of a local HTTP JSON API. It runs on 127.0.0.1 port 9993 and can be accessed via standard HTTP. This improves interoperability with scripts and other tools and allows us to use HTML5 for the desktop UI component. See README.md in the service/ subfolder of the source tree for JSON API documentation. * The old Qt GUI has been dropped in favor of a React-based HTML5 UI. The code for this is found in ui/, and if ui/ is present in the ZeroTier home folder the JSON API HTTP server will serve it on 127.0.0.1/9993. The Windows and Mac UIs are now web control wrappers which access this UI locally and automate the process of token lookup and login. PACKAGING / INSTALLATION IMPROVEMENTS * The Macintosh version is now packaged as a .pkg file instead of the old .app that would download its components and bootstrap itself. Several Mac users had problems with this, so we made it a package instead. * The Windows installer now includes a cleaner driver installation module that installs the driver as part of the main MSI file instead of spawning a subprocess. BUG FIXES * Windows now comes with an updated NDIS6 Ethernet tap device driver. If you still have the old NDIS5 driver installed you'll keep using it, so if you want to switch to the NDIS6 driver uninstall your old version and do a fresh install of the new one. NDIS5 is deprecated, so we are hoping an NDIS6 driver will fix a number of difficult to reproduce issues that some Windows users have reported. It will also likely improve performance. * Fixed a "pseudo" memory leak related to the old auto-update code. The amount of "committed" (but not used) memory would increase over time. Since this was not actual used memory it didn't cause real problems, but the issue is gone now. * A very rare threading deadlock was fixed. * Fix for Linux installer that would falsely recognize systemd on some Ubuntu systems. DEEP UNDER THE HOOD * This version has been heavily refactored at the source code level! The node/ subfolder now contains the core ZeroTier network virtualization engine without any OS-specific or transport-specific code. This is in preparation for future plans around embedded devices, etc. There is now a public C-level API in include/ZeroTierOne.h that defines an interface to the node core. * A new network controller implementation is in 1.0.3 based on SQLite and the local JSON API control bus. IT HAS NOT BEEN HEAVILY TESTED YET, so we do not recommend using it in production until the next version. You are welcome to experiment with it. From e5e11c1b24191bb0258e7aa29ecc02f1e2f78eca Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 4 Jun 2015 11:58:49 -0700 Subject: [PATCH 3/6] Update AUTHORS, change to MarkDown. --- AUTHORS.md | 38 ++++++++++++++++++++++++++++++++++++++ AUTHORS.txt | 27 --------------------------- 2 files changed, 38 insertions(+), 27 deletions(-) create mode 100644 AUTHORS.md delete mode 100644 AUTHORS.txt diff --git a/AUTHORS.md b/AUTHORS.md new file mode 100644 index 000000000..149362c31 --- /dev/null +++ b/AUTHORS.md @@ -0,0 +1,38 @@ +## Authors + + * ZeroTier protocol design and core network virtualization engine, ZeroTier One service, React web UI, packaging for most platforms, kitchen sink...
+ Adam Ierymenko / adam.ierymenko@zerotier.com + + * Java JNI Interface to enable Android application development, and Android app itself (code for that is elsewhere)
+ Grant Limberg / glimberg@gmail.com + +## Contributors + + * Debugging and testing, OpenWRT support fixes.
+ Moritz Warning / moritzwarning@web.de + + * Several others made smaller contributions, which GitHub tracks here:
+ https://github.com/zerotier/ZeroTierOne/graphs/contributors + +## Third Party Code + + * LZ4 compression algorithm by Yann Collet (BSD license)
+ http://code.google.com/p/lz4/ + + * http-parser by many authors (MIT license)
+ https://github.com/joyent/http-parser + + * json-parser by James McLaughlin (BSD license)
+ https://github.com/udp/json-parser + + * TunTapOSX by Mattias Nissler (BSD license)
+ http://tuntaposx.sourceforge.net + + * tap-windows and tap-windows6 by the OpenVPN project (GPL)
+ https://github.com/OpenVPN/tap-windows
+ https://github.com/OpenVPN/tap-windows6 + + * Salsa20 stream cipher, Curve25519 elliptic curve cipher, Ed25519 + digital signature algorithm, and Poly1305 MAC algorithm, all by + Daniel J. Bernstein (public domain)
+ http://cr.yp.to/ diff --git a/AUTHORS.txt b/AUTHORS.txt deleted file mode 100644 index 4ac870f1e..000000000 --- a/AUTHORS.txt +++ /dev/null @@ -1,27 +0,0 @@ -ZeroTier One is designed and written by Adam Ierymenko, with a few bug -fixes and other contributions from other users. Information about all -contributors can be found on the GitHub home page at: - -https://github.com/zerotier/ZeroTierOne - -ZeroTier One includes the following third party code: - - * LZ4 compression algorithm by Yann Collet (BSD license) - http://code.google.com/p/lz4/ - - * http-parser by many authors (MIT license) - https://github.com/joyent/http-parser - - * json-parser by James McLaughlin (BSD license) - https://github.com/udp/json-parser - - * TunTapOSX by Mattias Nissler (forked for ZT1) (BSD license) - http://tuntaposx.sourceforge.net - - * tap-windows by the OpenVPN project (forked for ZT1) (GPL) - https://github.com/OpenVPN/tap-windows - - * Salsa20 stream cipher, Curve25519 elliptic curve cipher, Ed25519 - digital signature algorithm, and Poly1305 MAC algorithm, all by - Daniel J. Bernstein (public domain) - http://cr.yp.to/ From ab720a6f1e375b9a79d32e8dec013c64deabff20 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 5 Jun 2015 13:48:33 -0700 Subject: [PATCH 4/6] Fix for poll() in Phy<> with no sockets open. Only affects tcp-proxy. --- osdep/Phy.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/osdep/Phy.hpp b/osdep/Phy.hpp index 23fd2ee24..02ea56f90 100644 --- a/osdep/Phy.hpp +++ b/osdep/Phy.hpp @@ -620,7 +620,7 @@ public: #endif } - bool atEnd = false; + bool atEnd = _socks.empty(); for(typename std::list::iterator s(_socks.begin()),nexts;(!atEnd);s=nexts) { nexts = s; ++nexts; // we can delete the linked list item, so traverse now atEnd = (nexts == _socks.end()); // if we delete the last element, s!=_socks.end() will no longer terminate our loop From 17ca5be4c18f630313ed87e572b53dd07511e97c Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 9 Jun 2015 16:27:11 +0200 Subject: [PATCH 5/6] Rework Phy<> to clean up _socks entries only in poll() to fix instability in proxy. --- osdep/Phy.hpp | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/osdep/Phy.hpp b/osdep/Phy.hpp index 02ea56f90..8287a7800 100644 --- a/osdep/Phy.hpp +++ b/osdep/Phy.hpp @@ -123,12 +123,13 @@ private: enum PhySocketType { - ZT_PHY_SOCKET_TCP_OUT_PENDING = 0x00, - ZT_PHY_SOCKET_TCP_OUT_CONNECTED = 0x01, - ZT_PHY_SOCKET_TCP_IN = 0x02, - ZT_PHY_SOCKET_TCP_LISTEN = 0x03, - ZT_PHY_SOCKET_RAW = 0x04, - ZT_PHY_SOCKET_UDP = 0x05 + ZT_PHY_SOCKET_CLOSED = 0x00, // socket is closed, will be removed on next poll() + ZT_PHY_SOCKET_TCP_OUT_PENDING = 0x01, + ZT_PHY_SOCKET_TCP_OUT_CONNECTED = 0x02, + ZT_PHY_SOCKET_TCP_IN = 0x03, + ZT_PHY_SOCKET_TCP_LISTEN = 0x04, + ZT_PHY_SOCKET_RAW = 0x05, + ZT_PHY_SOCKET_UDP = 0x06 }; struct PhySocketImpl @@ -205,8 +206,10 @@ public: ~Phy() { - while (!_socks.empty()) - this->close((PhySocket *)&(_socks.front()),true); + for(typename std::list::const_iterator s(_socks.begin());s!=_socks.end();++s) { + if (s->type != ZT_PHY_SOCKET_CLOSED) + this->close((PhySocket *)&(*s),true); + } ZT_PHY_CLOSE_SOCKET(_whackReceiveSocket); ZT_PHY_CLOSE_SOCKET(_whackSendSocket); } @@ -620,11 +623,7 @@ public: #endif } - bool atEnd = _socks.empty(); - for(typename std::list::iterator s(_socks.begin()),nexts;(!atEnd);s=nexts) { - nexts = s; ++nexts; // we can delete the linked list item, so traverse now - atEnd = (nexts == _socks.end()); // if we delete the last element, s!=_socks.end() will no longer terminate our loop - + for(typename std::list::iterator s(_socks.begin());s!=_socks.end();) { switch (s->type) { case ZT_PHY_SOCKET_TCP_OUT_PENDING: @@ -724,6 +723,10 @@ public: break; } + + if (s->type == ZT_PHY_SOCKET_CLOSED) + _socks.erase(s++); + else ++s; } } @@ -765,21 +768,15 @@ public: break; } - long oldSock = (long)sws.sock; + // Causes entry to be deleted from list in poll(), ignored elsewhere + sws.type = ZT_PHY_SOCKET_CLOSED; - for(typename std::list::iterator s(_socks.begin());s!=_socks.end();++s) { - if (reinterpret_cast(&(*s)) == sock) { - _socks.erase(s); - break; - } - } - - if (oldSock >= _nfds) { + if (sws.sock >= _nfds) { long nfds = (long)_whackSendSocket; if ((long)_whackReceiveSocket > nfds) nfds = (long)_whackReceiveSocket; for(typename std::list::iterator s(_socks.begin());s!=_socks.end();++s) { - if ((long)s->sock > nfds) + if ((s->type != ZT_PHY_SOCKET_CLOSED)&&((long)s->sock > nfds)) nfds = (long)s->sock; } _nfds = nfds; From 00aa115898e88f1a979fa3074bbcb25ac8b3ab4c Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 9 Jun 2015 16:30:44 +0200 Subject: [PATCH 6/6] Allow double-close just in case in Phy<> --- osdep/Phy.hpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/osdep/Phy.hpp b/osdep/Phy.hpp index 8287a7800..ec01625ba 100644 --- a/osdep/Phy.hpp +++ b/osdep/Phy.hpp @@ -739,6 +739,8 @@ public: if (!sock) return; PhySocketImpl &sws = *(reinterpret_cast(sock)); + if (sws.type == ZT_PHY_SOCKET_CLOSED) + return; FD_CLR(sws.sock,&_readfds); FD_CLR(sws.sock,&_writefds);