A bunch of warning removal and LINT cleanliness.

node/Address.hpp

@@ -104,7 +104,7 @@ public:
 	ZT_INLINE bool isReserved() const noexcept { return ((!_a) || ((_a >> 32U) == ZT_ADDRESS_RESERVED_PREFIX)); }
 
 	ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)_a; }
-	ZT_INLINE operator bool() const noexcept { return (_a != 0); }
+	ZT_INLINE operator bool() const noexcept { return (_a != 0); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 
 	ZT_INLINE bool operator==(const Address &a) const noexcept { return _a == a._a; }
 	ZT_INLINE bool operator!=(const Address &a) const noexcept { return _a != a._a; }

node/Buf.hpp

@@ -111,7 +111,7 @@ public:
 		ZT_INLINE Slice(const SharedPtr<Buf> &b_,const unsigned int s_,const unsigned int e_) noexcept : b(b_),s(s_),e(e_) {}
 		ZT_INLINE Slice() noexcept : b(),s(0),e(0) {}
 
-		ZT_INLINE operator bool() const noexcept { return (b); }
+		ZT_INLINE operator bool() const noexcept { return (b); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 		ZT_INLINE unsigned int size() const noexcept { return (e - s); }
 		ZT_INLINE void zero() noexcept { b.zero(); s = 0; e = 0; }
 
@@ -177,19 +177,19 @@ public:
 	/**
 	 * Create a new uninitialized buffer with undefined contents (use clear() to zero if needed)
 	 */
-	ZT_INLINE Buf() noexcept : __nextInPool(0),__refCount(0) {}
+	ZT_INLINE Buf() noexcept : __nextInPool(0),__refCount(0) {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Create a new buffer and copy data into it
 	 */
-	ZT_INLINE Buf(const void *const data,const unsigned int len) noexcept :
+	ZT_INLINE Buf(const void *const data,const unsigned int len) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		__nextInPool(0),
 		__refCount(0)
 	{
 		Utils::copy(unsafeData,data,len);
 	}
 
-	ZT_INLINE Buf(const Buf &b2) noexcept :
+	ZT_INLINE Buf(const Buf &b2) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		__nextInPool(0),
 		__refCount(0)
 	{

node/Capability.hpp

@@ -57,7 +57,7 @@ class Capability : public Credential
 public:
 	static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_CAPABILITY; }
 
-	ZT_INLINE Capability() noexcept { memoryZero(this); }
+	ZT_INLINE Capability() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * @param id Capability ID
@@ -67,7 +67,7 @@ public:
 	 * @param rules Network flow rules for this capability
 	 * @param ruleCount Number of flow rules
 	 */
-	ZT_INLINE Capability(const uint32_t id,const uint64_t nwid,const int64_t ts,const ZT_VirtualNetworkRule *const rules,const unsigned int ruleCount) noexcept :
+	ZT_INLINE Capability(const uint32_t id,const uint64_t nwid,const int64_t ts,const ZT_VirtualNetworkRule *const rules,const unsigned int ruleCount) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_nwid(nwid),
 		_ts(ts),
 		_id(id),

node/CertificateOfMembership.cpp

@@ -15,7 +15,7 @@
 
 namespace ZeroTier {
 
-CertificateOfMembership::CertificateOfMembership(const int64_t timestamp,const int64_t timestampMaxDelta,const uint64_t nwid,const Identity &issuedTo) noexcept :
+CertificateOfMembership::CertificateOfMembership(const int64_t timestamp,const int64_t timestampMaxDelta,const uint64_t nwid,const Identity &issuedTo) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	_timestamp(timestamp),
 	_timestampMaxDelta(timestampMaxDelta),
 	_networkId(nwid),
@@ -155,9 +155,9 @@ int CertificateOfMembership::unmarshal(const uint8_t *data,int len) noexcept
 	for(unsigned int q=0;q<numq;++q) {
 		if ((p + 24) > len)
 			return -1;
-		const uint64_t id = Utils::loadBigEndian<uint64_t>(data + p); p += 8;
+		const uint64_t id = Utils::loadBigEndian<uint64_t>(data + p); p += 8; // NOLINT(hicpp-use-auto,modernize-use-auto)
-		const uint64_t value = Utils::loadBigEndian<uint64_t>(data + p); p += 8;
+		const uint64_t value = Utils::loadBigEndian<uint64_t>(data + p); p += 8; // NOLINT(hicpp-use-auto,modernize-use-auto)
-		const uint64_t delta = Utils::loadBigEndian<uint64_t>(data + p); p += 8;
+		const uint64_t delta = Utils::loadBigEndian<uint64_t>(data + p); p += 8; // NOLINT(hicpp-use-auto,modernize-use-auto)
 		switch(id) {
 			case 0:
 				_timestamp = (int64_t)value;
@@ -191,7 +191,7 @@ int CertificateOfMembership::unmarshal(const uint8_t *data,int len) noexcept
 				break;
 
 			default:
-				if (_additionalQualifiers.size() == _additionalQualifiers.capacity())
+				if (_additionalQualifiers.size() >= ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS)
 					return -1;
 				_additionalQualifiers.push_back(_Qualifier(id,value,delta));
 				break;
@@ -269,7 +269,7 @@ unsigned int CertificateOfMembership::_fillSigningBuf(uint64_t buf[ZT_CERTIFICAT
 		buf[p++] = informational;
 	}
 
-	for(FCV<_Qualifier,ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(_additionalQualifiers.begin());i != _additionalQualifiers.end();++i) {
+	for(FCV<_Qualifier,ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(_additionalQualifiers.begin());i != _additionalQualifiers.end();++i) { // NOLINT(modernize-loop-convert)
 		buf[p++] = Utils::hton(i->id);
 		buf[p++] = Utils::hton(i->value);
 		buf[p++] = Utils::hton(i->delta);

node/CertificateOfMembership.hpp

@@ -111,7 +111,7 @@ public:
 	/**
 	 * Create an empty certificate of membership
 	 */
-	ZT_INLINE CertificateOfMembership() noexcept { memoryZero(this); }
+	ZT_INLINE CertificateOfMembership() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Create from required fields common to all networks
@@ -126,7 +126,7 @@ public:
 	/**
 	 * @return True if there's something here
 	 */
-	ZT_INLINE operator bool() const noexcept { return (_networkId != 0); }
+	ZT_INLINE operator bool() const noexcept { return (_networkId != 0); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 
 	/**
 	 * @return Credential ID, always 0 for COMs

node/CertificateOfOwnership.hpp

@@ -60,9 +60,9 @@ public:
 		THING_IPV6_ADDRESS = 3
 	};
 
-	ZT_INLINE CertificateOfOwnership() noexcept { memoryZero(this); }
+	ZT_INLINE CertificateOfOwnership() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
-	ZT_INLINE CertificateOfOwnership(const uint64_t nwid,const int64_t ts,const Address &issuedTo,const uint32_t id) noexcept
+	ZT_INLINE CertificateOfOwnership(const uint64_t nwid,const int64_t ts,const Address &issuedTo,const uint32_t id) noexcept // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	{
 		memoryZero(this);
 		_networkId = nwid;

node/Endpoint.hpp

@@ -68,25 +68,25 @@ public:
 		PROTO_IP_ZT =       2
 	};
 
-	ZT_INLINE Endpoint() noexcept { memoryZero(this); }
+	ZT_INLINE Endpoint() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
-	explicit Endpoint(const InetAddress &sa,const Protocol proto = PROTO_UDP_ZT) noexcept;
+	explicit Endpoint(const InetAddress &sa,Protocol proto = PROTO_UDP_ZT) noexcept;
 
-	explicit ZT_INLINE Endpoint(const Address &zt,const uint8_t identityHash[ZT_IDENTITY_HASH_SIZE]) noexcept :
+	explicit ZT_INLINE Endpoint(const Address &zt,const uint8_t identityHash[ZT_IDENTITY_HASH_SIZE]) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_t(TYPE_ZEROTIER)
 	{
 		_v.zt.address = zt.toInt();
 		Utils::copy<ZT_IDENTITY_HASH_SIZE>(_v.zt.hash,identityHash);
 	}
 
-	explicit ZT_INLINE Endpoint(const char *name,const int port) noexcept :
+	explicit ZT_INLINE Endpoint(const char *name,const int port) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_t(TYPE_DNSNAME)
 	{
 		_v.dns.port = port;
 		Utils::scopy(_v.dns.name,sizeof(_v.dns.name),name);
 	}
 
-	explicit ZT_INLINE Endpoint(const char *url) noexcept :
+	explicit ZT_INLINE Endpoint(const char *url) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_t(TYPE_URL)
 	{
 		Utils::scopy(_v.url,sizeof(_v.url),url);
@@ -137,7 +137,7 @@ public:
 	 */
 	ZT_INLINE Type type() const noexcept { return _t; }
 
-	ZT_INLINE operator bool() const noexcept { return _t != TYPE_NIL; }
+	ZT_INLINE operator bool() const noexcept { return _t != TYPE_NIL; } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 
 	bool operator==(const Endpoint &ep) const noexcept;
 	ZT_INLINE bool operator!=(const Endpoint &ep) const noexcept { return (!(*this == ep)); }

node/Expect.hpp

@@ -47,7 +47,7 @@ namespace ZeroTier {
 class Expect
 {
 public:
-	ZT_INLINE Expect() : _salt(Utils::getSecureRandomU64()) {}
+	ZT_INLINE Expect() : _salt(Utils::getSecureRandomU64()) {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Called by other code when something is sending a packet that may receive an OK response

node/FCV.hpp

@@ -51,8 +51,8 @@ public:
 	 */
 	static constexpr bool isTriviallyCopyable() noexcept { return isTriviallyCopyable(reinterpret_cast<const T *>(0)); }
 
-	ZT_INLINE FCV() noexcept : _s(0) {}
+	ZT_INLINE FCV() noexcept : _s(0) {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	ZT_INLINE FCV(const FCV &v) : _s(0) { *this = v; }
+	ZT_INLINE FCV(const FCV &v) : _s(0) { *this = v; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	ZT_INLINE ~FCV() { this->clear(); }
 

node/Fingerprint.hpp

@@ -86,7 +86,7 @@ public:
 	ZT_INLINE void zero() noexcept { memoryZero(this); }
 	ZT_INLINE unsigned long hashCode() const noexcept { return _fp.address; }
 
-	ZT_INLINE operator bool() const noexcept { return (_fp.address != 0); }
+	ZT_INLINE operator bool() const noexcept { return (_fp.address != 0); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 
 	ZT_INLINE bool operator==(const Fingerprint &h) const noexcept { return ((_fp.address == h._fp.address) && (memcmp(_fp.hash,h._fp.hash,ZT_IDENTITY_HASH_SIZE) == 0)); }
 	ZT_INLINE bool operator!=(const Fingerprint &h) const noexcept { return !(*this == h); }

node/Identity.cpp

@@ -17,15 +17,11 @@
 #include "Salsa20.hpp"
 #include "Utils.hpp"
 #include "Speck128.hpp"
-#include "Poly1305.hpp"
 
 #include <cstring>
 #include <cstdint>
 #include <algorithm>
 
-// This takes around one second on a typical ~2.4ghz x64 machine.
-#define ZT_V1_IDENTITY_MIMC52_VDF_ROUNDS_BASE 1000000
-
 namespace ZeroTier {
 
 namespace {
@@ -401,8 +397,8 @@ bool Identity::fromString(const char *str)
 	}
 
 	int fno = 0;
-	char *saveptr = (char *)0;
+	char *saveptr = nullptr;
-	for(char *f=Utils::stok(tmp,":",&saveptr);((f)&&(fno < 4));f=Utils::stok((char *)0,":",&saveptr)) {
+	for(char *f=Utils::stok(tmp,":",&saveptr);((f)&&(fno < 4));f=Utils::stok(nullptr,":",&saveptr)) {
 		switch(fno++) {
 
 			case 0:
@@ -606,7 +602,7 @@ ZT_Identity *ZT_Identity_new(enum ZT_Identity_Type type)
 	if ((type != ZT_IDENTITY_TYPE_C25519)&&(type != ZT_IDENTITY_TYPE_P384))
 		return nullptr;
 	try {
-		ZeroTier::Identity *const id = new ZeroTier::Identity();
+		ZeroTier::Identity *const id = new ZeroTier::Identity(); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		id->generate((ZeroTier::Identity::Type)type);
 		return reinterpret_cast<ZT_Identity *>(id);
 	} catch ( ... ) {
@@ -619,7 +615,7 @@ ZT_Identity *ZT_Identity_fromString(const char *idStr)
 	if (!idStr)
 		return nullptr;
 	try {
-		ZeroTier::Identity *const id = new ZeroTier::Identity();
+		ZeroTier::Identity *const id = new ZeroTier::Identity(); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		if (!id->fromString(idStr)) {
 			delete id;
 			return nullptr;

node/Identity.hpp

@@ -63,7 +63,7 @@ public:
 	 */
 	static const Identity NIL;
 
-	ZT_INLINE Identity() noexcept
+	ZT_INLINE Identity() noexcept // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	{
 		Utils::memoryLock(this,sizeof(Identity));
 		memoryZero(this);
@@ -77,7 +77,7 @@ public:
 	 *
 	 * @param str Identity in canonical string format
 	 */
-	explicit ZT_INLINE Identity(const char *str)
+	explicit ZT_INLINE Identity(const char *str) // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	{
 		Utils::memoryLock(this,sizeof(Identity));
 		fromString(str);

node/InetAddress.cpp

@@ -68,17 +68,17 @@ InetAddress::IpScope InetAddress::ipScope() const noexcept
 		}	break;
 
 		case AF_INET6: {
-			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-			if ((ip[0] & 0xf0) == 0xf0) {
+			if ((ip[0] & 0xf0U) == 0xf0) {
 				if (ip[0] == 0xff) return IP_SCOPE_MULTICAST;                      // ff00::/8
-				if ((ip[0] == 0xfe)&&((ip[1] & 0xc0) == 0x80)) {
+				if ((ip[0] == 0xfe)&&((ip[1] & 0xc0U) == 0x80)) {
 					unsigned int k = 2;
 					while ((!ip[k])&&(k < 15)) ++k;
 					if ((k == 15)&&(ip[15] == 0x01))
 						return IP_SCOPE_LOOPBACK;                                      // fe80::1/128
 					else return IP_SCOPE_LINK_LOCAL;                                 // fe80::/10
 				}
-				if ((ip[0] & 0xfe) == 0xfc) return IP_SCOPE_PRIVATE;               // fc00::/7
+				if ((ip[0] & 0xfeU) == 0xfc) return IP_SCOPE_PRIVATE;              // fc00::/7
 			}
 			unsigned int k = 0;
 			while ((!ip[k])&&(k < 15)) ++k;
@@ -116,7 +116,7 @@ bool InetAddress::isDefaultRoute() const noexcept
 		case AF_INET:
 			return ( (reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr == 0) && (reinterpret_cast<const struct sockaddr_in *>(this)->sin_port == 0) );
 		case AF_INET6:
-			const uint8_t *ipb = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			const uint8_t *ipb = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
 			for(int i=0;i<16;++i) {
 				if (ipb[i])
 					return false;
@@ -181,13 +181,13 @@ bool InetAddress::fromString(const char *ipSlashPort) noexcept
 	}
 
 	if (strchr(buf,':')) {
-		struct sockaddr_in6 *const in6 = reinterpret_cast<struct sockaddr_in6 *>(this);
+		struct sockaddr_in6 *const in6 = reinterpret_cast<struct sockaddr_in6 *>(this); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		inet_pton(AF_INET6, buf, &in6->sin6_addr.s6_addr);
 		in6->sin6_family = AF_INET6;
 		in6->sin6_port = Utils::hton((uint16_t)port);
 		return true;
 	} else if (strchr(buf,'.')) {
-		struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this);
+		struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		inet_pton(AF_INET, buf, &in->sin_addr.s_addr);
 		in->sin_family = AF_INET;
 		in->sin_port = Utils::hton((uint16_t)port);
@@ -256,10 +256,10 @@ bool InetAddress::isEqualPrefix(const InetAddress &addr) const noexcept
 			case AF_INET6: {
 				const InetAddress mask(netmask());
 				InetAddress addr_mask(addr.netmask());
-				const uint8_t *n = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr_mask)->sin6_addr.s6_addr);
+				const uint8_t *n = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr_mask)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-				const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr);
+				const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-				const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr);
+				const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-				const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+				const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
 				for(unsigned int i=0;i<16;++i) {
 					if ((a[i] & m[i]) != (b[i] & n[i]))
 						return false;
@@ -286,9 +286,9 @@ bool InetAddress::containsAddress(const InetAddress &addr) const noexcept
 			}
 			case AF_INET6: {
 				const InetAddress mask(netmask());
-				const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr);
+				const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-				const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr);
+				const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
-				const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+				const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
 				for(unsigned int i=0;i<16;++i) {
 					if ((a[i] & m[i]) != b[i])
 						return false;
@@ -306,13 +306,13 @@ unsigned long InetAddress::hashCode() const noexcept
 		return ((unsigned long)reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr + (unsigned long)reinterpret_cast<const struct sockaddr_in *>(this)->sin_port);
 	} else if (_data.ss_family == AF_INET6) {
 		unsigned long tmp = reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port;
-		const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+		const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		for(long i=0;i<16;++i)
 			reinterpret_cast<uint8_t *>(&tmp)[i % sizeof(tmp)] ^= a[i];
 		return tmp;
 	} else {
 		unsigned long tmp = reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port;
-		const uint8_t *a = reinterpret_cast<const uint8_t *>(this);
+		const uint8_t *a = reinterpret_cast<const uint8_t *>(this); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		for(long i=0;i<(long)sizeof(InetAddress);++i)
 			reinterpret_cast<uint8_t *>(&tmp)[i % sizeof(tmp)] ^= a[i];
 		return tmp;
@@ -363,7 +363,7 @@ bool InetAddress::isNetwork() const noexcept
 				return false;
 			if (bits >= 128)
 				return false;
-			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr); // NOLINT(hicpp-use-auto,modernize-use-auto)
 			unsigned int p = bits / 8;
 			if ((ip[p++] & (0xffU >> (bits % 8))) != 0)
 				return false;
@@ -447,14 +447,12 @@ bool InetAddress::operator==(const InetAddress &a) const noexcept
 				return (
 					(reinterpret_cast<const struct sockaddr_in *>(this)->sin_port == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_port)&&
 					(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_addr.s_addr));
-				break;
 			case AF_INET6:
 				return (
 					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_port)&&
 					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_flowinfo == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_flowinfo)&&
 					(memcmp(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr,16) == 0)&&
 					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_scope_id == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_scope_id));
-				break;
 			default:
 				return (memcmp(this,&a,sizeof(InetAddress)) == 0);
 		}
@@ -502,7 +500,7 @@ bool InetAddress::operator<(const InetAddress &a) const noexcept
 InetAddress InetAddress::makeIpv6LinkLocal(const MAC &mac) noexcept
 {
 	InetAddress r;
-	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r);
+	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r); // NOLINT(hicpp-use-auto,modernize-use-auto)
 	sin6->sin6_family = AF_INET6;
 	sin6->sin6_addr.s6_addr[0] = 0xfe;
 	sin6->sin6_addr.s6_addr[1] = 0x80;
@@ -527,7 +525,7 @@ InetAddress InetAddress::makeIpv6LinkLocal(const MAC &mac) noexcept
 InetAddress InetAddress::makeIpv6rfc4193(uint64_t nwid,uint64_t zeroTierAddress) noexcept
 {
 	InetAddress r;
-	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r);
+	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r); // NOLINT(hicpp-use-auto,modernize-use-auto)
 	sin6->sin6_family = AF_INET6;
 	sin6->sin6_addr.s6_addr[0] = 0xfd;
 	sin6->sin6_addr.s6_addr[1] = (uint8_t)(nwid >> 56U);
@@ -553,7 +551,7 @@ InetAddress InetAddress::makeIpv66plane(uint64_t nwid,uint64_t zeroTierAddress)
 {
 	nwid ^= (nwid >> 32U);
 	InetAddress r;
-	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r);
+	sockaddr_in6 *const sin6 = reinterpret_cast<sockaddr_in6 *>(&r); // NOLINT(hicpp-use-auto,modernize-use-auto)
 	sin6->sin6_family = AF_INET6;
 	sin6->sin6_addr.s6_addr[0] = 0xfc;
 	sin6->sin6_addr.s6_addr[1] = (uint8_t)(nwid >> 24U);

node/InetAddress.hpp

@@ -86,19 +86,19 @@ public:
 	// Hasher for unordered sets and maps in C++11
 	struct Hasher { ZT_INLINE std::size_t operator()(const InetAddress &a) const noexcept { return (std::size_t)a.hashCode(); } };
 
-	ZT_INLINE InetAddress() noexcept { memoryZero(this); }
+	ZT_INLINE InetAddress() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	ZT_INLINE InetAddress(const InetAddress &a) noexcept { memoryCopy(this,&a); }
+	ZT_INLINE InetAddress(const InetAddress &a) noexcept { memoryCopy(this,&a); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_storage &ss) noexcept { *this = ss; }
+	explicit ZT_INLINE InetAddress(const sockaddr_storage &ss) noexcept { *this = ss; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_storage *ss) noexcept { *this = ss; }
+	explicit ZT_INLINE InetAddress(const sockaddr_storage *ss) noexcept { *this = ss; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr &sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr &sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr *sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr *sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_in &sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr_in &sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_in *sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr_in *sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_in6 &sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr_in6 &sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const sockaddr_in6 *sa) noexcept { *this = sa; }
+	explicit ZT_INLINE InetAddress(const sockaddr_in6 *sa) noexcept { *this = sa; } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	ZT_INLINE InetAddress(const void *ipBytes,unsigned int ipLen,unsigned int port) noexcept { this->set(ipBytes,ipLen,port); }
+	ZT_INLINE InetAddress(const void *ipBytes,unsigned int ipLen,unsigned int port) noexcept { this->set(ipBytes,ipLen,port); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	ZT_INLINE InetAddress(const uint32_t ipv4,unsigned int port) noexcept { this->set(&ipv4,4,port); }
+	ZT_INLINE InetAddress(const uint32_t ipv4,unsigned int port) noexcept { this->set(&ipv4,4,port); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-	explicit ZT_INLINE InetAddress(const char *ipSlashPort) noexcept { this->fromString(ipSlashPort); }
+	explicit ZT_INLINE InetAddress(const char *ipSlashPort) noexcept { this->fromString(ipSlashPort); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	ZT_INLINE InetAddress &operator=(const InetAddress &a) noexcept
 	{

node/Locator.hpp

@@ -37,7 +37,7 @@ namespace ZeroTier {
 class Locator : public TriviallyCopyable
 {
 public:
-	ZT_INLINE Locator() noexcept { memoryZero(this); }
+	ZT_INLINE Locator() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Zero the Locator data structure

node/Membership.cpp

@@ -17,7 +17,6 @@
 #include "RuntimeEnvironment.hpp"
 #include "Peer.hpp"
 #include "Topology.hpp"
-#include "Node.hpp"
 
 namespace ZeroTier {
 
@@ -29,17 +28,13 @@ Membership::Membership() :
 {
 }
 
-Membership::~Membership()
-{
-}
-
 void Membership::pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const SharedPtr<Peer> &to,const NetworkConfig &nconf)
 {
 	if (!nconf.com) // sanity check
 		return;
 
 	SharedPtr<Buf> outp(new Buf());
-	Protocol::Header &ph = outp->as<Protocol::Header>();
+	Protocol::Header &ph = outp->as<Protocol::Header>(); // NOLINT(hicpp-use-auto,modernize-use-auto)
 
 	unsigned int capPtr = 0,tagPtr = 0,cooPtr = 0;
 	bool sendCom = true;

node/Membership.hpp

@@ -49,7 +49,6 @@ public:
 	};
 
 	Membership();
-	~Membership();
 
 	/**
 	 * Send COM and other credentials to this peer

node/Meter.hpp

@@ -43,7 +43,7 @@ public:
 	 *
 	 * @param now Start time
 	 */
-	ZT_INLINE Meter() noexcept {}
+	ZT_INLINE Meter() noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,hicpp-use-equals-default,modernize-use-equals-default)
 
 	/**
 	 * Add a measurement

node/MulticastGroup.hpp

@@ -64,10 +64,10 @@ public:
 			// multicast address directly from the IP address, and it gives us
 			// 24 bits of uniqueness. Collisions aren't likely to be common enough
 			// to care about.
-			const uint8_t *const a = reinterpret_cast<const uint8_t *>(ip.rawIpData());
+			const uint8_t *const a = reinterpret_cast<const uint8_t *>(ip.rawIpData()); // NOLINT(hicpp-use-auto,modernize-use-auto)
 			return MulticastGroup(MAC(0x33,0x33,0xff,a[13],a[14],a[15]),0);
 		}
-		return MulticastGroup();
+		return MulticastGroup(); // NOLINT(modernize-return-braced-init-list)
 	}
 
 	/**

node/Mutex.hpp

@@ -28,7 +28,7 @@ namespace ZeroTier {
 class Mutex
 {
 public:
-	ZT_INLINE Mutex() noexcept { pthread_mutex_init(&_mh,0); }
+	ZT_INLINE Mutex() noexcept { pthread_mutex_init(&_mh,nullptr); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ZT_INLINE ~Mutex() noexcept { pthread_mutex_destroy(&_mh); }
 
 	ZT_INLINE void lock() const noexcept { pthread_mutex_lock(&((const_cast <Mutex *> (this))->_mh)); }
@@ -37,15 +37,15 @@ public:
 	class Lock
 	{
 	public:
-		ZT_INLINE Lock(Mutex &m) noexcept : _m(&m) { m.lock(); }
+		explicit ZT_INLINE Lock(Mutex &m) noexcept : _m(&m) { m.lock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-		ZT_INLINE Lock(const Mutex &m) noexcept : _m(const_cast<Mutex *>(&m)) { _m->lock(); }
+		explicit ZT_INLINE Lock(const Mutex &m) noexcept : _m(const_cast<Mutex *>(&m)) { _m->lock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		ZT_INLINE ~Lock() { _m->unlock(); }
 	private:
 		Mutex *const _m;
 	};
 
 private:
-	ZT_INLINE Mutex(const Mutex &) noexcept {}
+	ZT_INLINE Mutex(const Mutex &) noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ZT_INLINE const Mutex &operator=(const Mutex &) noexcept { return *this; }
 
 	pthread_mutex_t _mh;
@@ -54,7 +54,7 @@ private:
 class RWMutex
 {
 public:
-	ZT_INLINE RWMutex() noexcept { pthread_rwlock_init(&_mh,0); }
+	ZT_INLINE RWMutex() noexcept { pthread_rwlock_init(&_mh,nullptr); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ZT_INLINE ~RWMutex() noexcept { pthread_rwlock_destroy(&_mh); }
 
 	ZT_INLINE void lock() const noexcept { pthread_rwlock_wrlock(&((const_cast <RWMutex *> (this))->_mh)); }
@@ -68,8 +68,8 @@ public:
 	class RLock
 	{
 	public:
-		ZT_INLINE RLock(RWMutex &m) noexcept : _m(&m) { m.rlock(); }
+		explicit ZT_INLINE RLock(RWMutex &m) noexcept : _m(&m) { m.rlock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-		ZT_INLINE RLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->rlock(); }
+		explicit ZT_INLINE RLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->rlock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		ZT_INLINE ~RLock() { _m->runlock(); }
 	private:
 		RWMutex *const _m;
@@ -81,8 +81,8 @@ public:
 	class Lock
 	{
 	public:
-		ZT_INLINE Lock(RWMutex &m) noexcept : _m(&m) { m.lock(); }
+		explicit ZT_INLINE Lock(RWMutex &m) noexcept : _m(&m) { m.lock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-		ZT_INLINE Lock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->lock(); }
+		explicit ZT_INLINE Lock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->lock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		ZT_INLINE ~Lock() { _m->unlock(); }
 	private:
 		RWMutex *const _m;
@@ -97,8 +97,8 @@ public:
 	class RMaybeWLock
 	{
 	public:
-		ZT_INLINE RMaybeWLock(RWMutex &m) noexcept : _m(&m),_w(false) { m.rlock(); }
+		explicit ZT_INLINE RMaybeWLock(RWMutex &m) noexcept : _m(&m),_w(false) { m.rlock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
-		ZT_INLINE RMaybeWLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)),_w(false) { _m->rlock(); }
+		explicit ZT_INLINE RMaybeWLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)),_w(false) { _m->rlock(); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		ZT_INLINE void writing() noexcept { if (!_w) { _w = true; _m->runlock(); _m->lock(); } }
 		ZT_INLINE void reading() noexcept { if (_w) { _w = false; _m->unlock(); _m->rlock(); } }
 		ZT_INLINE ~RMaybeWLock() { if (_w) _m->unlock(); else _m->runlock(); }
@@ -108,7 +108,7 @@ public:
 	};
 
 private:
-	ZT_INLINE RWMutex(const RWMutex &) noexcept {}
+	ZT_INLINE RWMutex(const RWMutex &) noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ZT_INLINE const RWMutex &operator=(const RWMutex &) noexcept { return *this; }
 
 	pthread_rwlock_t _mh;

node/Network.hpp

@@ -300,7 +300,7 @@ public:
 	 * @param to Destination peer
 	 * @param now Current time
 	 */
-	void pushCredentials(void *tPtr,const SharedPtr<Peer> &to,const int64_t now);
+	void pushCredentials(void *tPtr,const SharedPtr<Peer> &to,int64_t now);
 
 	/**
 	 * Destroy this network
@@ -326,7 +326,7 @@ public:
 	ZT_INLINE void eachMember(F f)
 	{
 		Mutex::Lock ml(_memberships_l);
-		for(Map<Address,Membership>::iterator i(_memberships.begin());i!=_memberships.end();++i) {
+		for(Map<Address,Membership>::iterator i(_memberships.begin());i!=_memberships.end();++i) { // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
 			if (!f(i->first,i->second))
 				break;
 		}

node/NetworkConfig.hpp

@@ -159,7 +159,7 @@ namespace ZeroTier {
  */
 struct NetworkConfig : TriviallyCopyable
 {
-	ZT_INLINE NetworkConfig() noexcept { memoryZero(this); }
+	ZT_INLINE NetworkConfig() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Write this network config to a dictionary for transport
@@ -211,7 +211,7 @@ struct NetworkConfig : TriviallyCopyable
 		return false;
 	}
 
-	ZT_INLINE operator bool() const noexcept { return (networkId != 0); }
+	ZT_INLINE operator bool() const noexcept { return (networkId != 0); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 	ZT_INLINE bool operator==(const NetworkConfig &nc) const noexcept { return (memcmp(this,&nc,sizeof(NetworkConfig)) == 0); }
 	ZT_INLINE bool operator!=(const NetworkConfig &nc) const noexcept { return (!(*this == nc)); }
 
@@ -233,7 +233,7 @@ struct NetworkConfig : TriviallyCopyable
 			if (capabilities[i].id() == id)
 				return &(capabilities[i]);
 		}
-		return (Capability *)0;
+		return nullptr;
 	}
 
 	ZT_INLINE const Tag *tag(const uint32_t id) const
@@ -242,7 +242,7 @@ struct NetworkConfig : TriviallyCopyable
 			if (tags[i].id() == id)
 				return &(tags[i]);
 		}
-		return (Tag *)0;
+		return nullptr;
 	}
 
 	/**

node/Node.cpp

@@ -281,7 +281,7 @@ ZT_ResultCode Node::processBackgroundTasks(void *tPtr, int64_t now, volatile int
 			// or trust nodes without doing an extra cert check.
 			{
 				_localControllerAuthorizations_m.lock();
-				for(Map<_LocalControllerAuth,int64_t>::iterator i(_localControllerAuthorizations.begin());i!=_localControllerAuthorizations.end();) {
+				for(Map<_LocalControllerAuth,int64_t>::iterator i(_localControllerAuthorizations.begin());i!=_localControllerAuthorizations.end();) { // NOLINT(hicpp-use-auto,modernize-use-auto)
 					if ((i->second - now) > (ZT_NETWORK_AUTOCONF_DELAY * 3))
 						_localControllerAuthorizations.erase(i++);
 					else ++i;
@@ -306,7 +306,7 @@ ZT_ResultCode Node::processBackgroundTasks(void *tPtr, int64_t now, volatile int
 	std::vector<Address> bzzt;
 	{
 		RWMutex::RMaybeWLock l(_peerAlarms_l);
-		for(std::map<Address,int64_t>::iterator a(_peerAlarms.begin());a!=_peerAlarms.end();) {
+		for(std::map<Address,int64_t>::iterator a(_peerAlarms.begin());a!=_peerAlarms.end();) { // NOLINT(hicpp-use-auto,modernize-use-auto)
 			if (now >= a->second) {
 				bzzt.push_back(a->first);
 				l.writing();
@@ -318,7 +318,7 @@ ZT_ResultCode Node::processBackgroundTasks(void *tPtr, int64_t now, volatile int
 			}
 		}
 	}
-	for(std::vector<Address>::iterator a(bzzt.begin());a!=bzzt.end();++a) {
+	for(std::vector<Address>::iterator a(bzzt.begin());a!=bzzt.end();++a) { // NOLINT(hicpp-use-auto,modernize-use-auto,modernize-loop-convert)
 		const SharedPtr<Peer> p(RR->topology->peer(tPtr,*a,false));
 		if (p)
 			p->alarm(tPtr,now);
@@ -353,7 +353,7 @@ ZT_ResultCode Node::leave(uint64_t nwid,void **uptr,void *tptr)
 	ZT_VirtualNetworkConfig ctmp;
 
 	_networks_m.lock();
-	Map< uint64_t,SharedPtr<Network> >::iterator nwi(_networks.find(nwid));
+	Map< uint64_t,SharedPtr<Network> >::iterator nwi(_networks.find(nwid)); // NOLINT(hicpp-use-auto,modernize-use-auto)
 	if (nwi == _networks.end()) {
 		_networks_m.unlock();
 		return ZT_RESULT_OK;
@@ -436,14 +436,14 @@ ZT_PeerList *Node::peers() const
 
 	char *buf = (char *)::malloc(sizeof(ZT_PeerList) + (sizeof(ZT_Peer) * peers.size()) + (sizeof(Identity) * peers.size()));
 	if (!buf)
-		return (ZT_PeerList *)0;
+		return nullptr;
-	ZT_PeerList *pl = (ZT_PeerList *)buf;
+	ZT_PeerList *pl = (ZT_PeerList *)buf; // NOLINT(modernize-use-auto,hicpp-use-auto)
 	pl->peers = (ZT_Peer *)(buf + sizeof(ZT_PeerList));
-	Identity *identities = (Identity *)(buf + sizeof(ZT_PeerList) + (sizeof(ZT_Peer) * peers.size()));
+	Identity *identities = (Identity *)(buf + sizeof(ZT_PeerList) + (sizeof(ZT_Peer) * peers.size())); // NOLINT(modernize-use-auto,hicpp-use-auto)
 
 	const int64_t now = _now;
 	pl->peerCount = 0;
-	for(std::vector< SharedPtr<Peer> >::iterator pi(peers.begin());pi!=peers.end();++pi) {
+	for(std::vector< SharedPtr<Peer> >::iterator pi(peers.begin());pi!=peers.end();++pi) { // NOLINT(modernize-use-auto,modernize-loop-convert,hicpp-use-auto)
 		ZT_Peer *p = &(pl->peers[pl->peerCount]);
 
 		p->address = (*pi)->address().toInt();
@@ -469,7 +469,7 @@ ZT_PeerList *Node::peers() const
 		std::vector< SharedPtr<Path> > paths;
 		(*pi)->getAllPaths(paths);
 		p->pathCount = 0;
-		for(std::vector< SharedPtr<Path> >::iterator path(paths.begin());path!=paths.end();++path) {
+		for(std::vector< SharedPtr<Path> >::iterator path(paths.begin());path!=paths.end();++path) { // NOLINT(modernize-use-auto,modernize-loop-convert,hicpp-use-auto)
 			Utils::copy<sizeof(sockaddr_storage)>(&(p->paths[p->pathCount].address),&((*path)->address()));
 			p->paths[p->pathCount].lastSend = (*path)->lastOut();
 			p->paths[p->pathCount].lastReceive = (*path)->lastIn();
@@ -489,7 +489,7 @@ ZT_VirtualNetworkConfig *Node::networkConfig(uint64_t nwid) const
 {
 	SharedPtr<Network> nw(network(nwid));
 	if (nw) {
-		ZT_VirtualNetworkConfig *const nc = (ZT_VirtualNetworkConfig *)::malloc(sizeof(ZT_VirtualNetworkConfig));
+		ZT_VirtualNetworkConfig *const nc = (ZT_VirtualNetworkConfig *)::malloc(sizeof(ZT_VirtualNetworkConfig)); // NOLINT(modernize-use-auto,hicpp-use-auto)
 		nw->externalConfig(nc);
 		return nc;
 	}
@@ -502,12 +502,12 @@ ZT_VirtualNetworkList *Node::networks() const
 
 	char *const buf = (char *)::malloc(sizeof(ZT_VirtualNetworkList) + (sizeof(ZT_VirtualNetworkConfig) * _networks.size()));
 	if (!buf)
-		return (ZT_VirtualNetworkList *)0;
+		return nullptr;
-	ZT_VirtualNetworkList *nl = (ZT_VirtualNetworkList *)buf;
+	ZT_VirtualNetworkList *nl = (ZT_VirtualNetworkList *)buf; // NOLINT(modernize-use-auto,hicpp-use-auto)
 	nl->networks = (ZT_VirtualNetworkConfig *)(buf + sizeof(ZT_VirtualNetworkList));
 
 	nl->networkCount = 0;
-	for(Map< uint64_t,SharedPtr<Network> >::const_iterator i(_networks.begin());i!=_networks.end();++i)
+	for(Map< uint64_t,SharedPtr<Network> >::const_iterator i(_networks.begin());i!=_networks.end();++i) // NOLINT(modernize-use-auto,modernize-loop-convert,hicpp-use-auto)
 		i->second->externalConfig(&(nl->networks[nl->networkCount++]));
 
 	return nl;
@@ -596,7 +596,7 @@ bool Node::shouldUsePathForZeroTierTraffic(void *tPtr,const Identity &id,const i
 {
 	{
 		RWMutex::RLock l(_networks_m);
-		for (Map< uint64_t,SharedPtr<Network> >::iterator i(_networks.begin()); i != _networks.end(); ++i) {
+		for(Map< uint64_t,SharedPtr<Network> >::iterator i(_networks.begin());i!=_networks.end();++i) { // NOLINT(hicpp-use-auto,modernize-use-auto,modernize-loop-convert)
 			for (unsigned int k = 0,j = i->second->config().staticIpCount; k < j; ++k) {
 				if (i->second->config().staticIps[k].containsAddress(remoteAddress))
 					return false;
@@ -710,7 +710,7 @@ void Node::ncSendRevocation(const Address &destination,const Revocation &rev)
 	if (destination == RR->identity.address()) {
 		SharedPtr<Network> n(network(rev.networkId()));
 		if (!n) return;
-		n->addCredential((void *)0,RR->identity,rev);
+		n->addCredential(nullptr,RR->identity,rev);
 	} else {
 		// TODO
 		/*

node/Node.hpp

@@ -226,7 +226,7 @@ public:
 	 * @param id Object ID
 	 * @return Vector containing data or empty vector if not found or empty
 	 */
-	std::vector<uint8_t> stateObjectGet(void *const tPtr,ZT_StateObjectType type,const uint64_t id[2]);
+	std::vector<uint8_t> stateObjectGet(void *tPtr,ZT_StateObjectType type,const uint64_t id[2]);
 
 	/**
 	 * Store a state object
@@ -253,7 +253,7 @@ public:
 	ZT_INLINE void stateObjectDelete(void *const tPtr,ZT_StateObjectType type,const uint64_t id[2]) noexcept
 	{
 		if (_cb.statePutFunction)
-			_cb.statePutFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,tPtr,type,id,(const void *)0,-1);
+			_cb.statePutFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,tPtr,type,id,nullptr,-1);
 	}
 
 	/**
@@ -329,9 +329,9 @@ public:
 	bool localControllerHasAuthorized(int64_t now,uint64_t nwid,const Address &addr) const;
 
 	// Implementation of NetworkController::Sender interface
-	virtual void ncSendConfig(uint64_t nwid,uint64_t requestPacketId,const Address &destination,const NetworkConfig &nc,bool sendLegacyFormatConfig);
+	virtual void ncSendConfig(uint64_t nwid,uint64_t requestPacketId,const Address &destination,const NetworkConfig &nc,bool sendLegacyFormatConfig); // NOLINT(cppcoreguidelines-explicit-virtual-functions,hicpp-use-override,modernize-use-override)
-	virtual void ncSendRevocation(const Address &destination,const Revocation &rev);
+	virtual void ncSendRevocation(const Address &destination,const Revocation &rev); // NOLINT(cppcoreguidelines-explicit-virtual-functions,hicpp-use-override,modernize-use-override)
-	virtual void ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &destination,NetworkController::ErrorCode errorCode);
+	virtual void ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &destination,NetworkController::ErrorCode errorCode); // NOLINT(cppcoreguidelines-explicit-virtual-functions,hicpp-use-override,modernize-use-override)
 
 private:
 	RuntimeEnvironment _RR;

node/OS.hpp

@@ -17,10 +17,10 @@
 #ifndef ZT_OS_HPP
 #define ZT_OS_HPP
 
-#include <stdint.h>
+#include <stdint.h> // NOLINT(modernize-deprecated-headers,hicpp-deprecated-headers)
-#include <stdlib.h>
+#include <stdlib.h> // NOLINT(modernize-deprecated-headers,hicpp-deprecated-headers)
-#include <string.h>
+#include <string.h> // NOLINT(modernize-deprecated-headers,hicpp-deprecated-headers)
-#include <stdio.h>
+#include <stdio.h> // NOLINT(modernize-deprecated-headers,hicpp-deprecated-headers)
 
 #if defined(_WIN32) || defined(_WIN64)
 #ifdef _MSC_VER

node/Path.hpp

@@ -47,7 +47,7 @@ class Path
 	friend class Defragmenter;
 
 public:
-	ZT_INLINE Path(const int64_t l,const InetAddress &r) noexcept :
+	ZT_INLINE Path(const int64_t l,const InetAddress &r) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_localSocket(l),
 		_lastIn(0),
 		_lastOut(0),

node/Peer.hpp

@@ -379,7 +379,7 @@ private:
 	// Queue of batches of one or more physical addresses to try at some point in the future (for NAT traversal logic)
 	struct _ContactQueueItem
 	{
-		ZT_INLINE _ContactQueueItem() {}
+		ZT_INLINE _ContactQueueItem() {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,hicpp-use-equals-default,modernize-use-equals-default)
 		ZT_INLINE _ContactQueueItem(const InetAddress &a,const uint16_t *pstart,const uint16_t *pend,const unsigned int apt) :
 			address(a),
 			ports(pstart,pend),

node/Poly1305.hpp

@@ -16,8 +16,8 @@
 
 namespace ZeroTier {
 
-#define ZT_POLY1305_KEY_LEN 32
+#define ZT_POLY1305_KEY_SIZE 32
-#define ZT_POLY1305_MAC_LEN 16
+#define ZT_POLY1305_MAC_SIZE 16
 
 /**
  * Compute a one-time authentication code

node/Protocol.cpp

@@ -51,8 +51,8 @@ void armor(Buf &pkt,int packetSize,const uint8_t key[ZT_PEER_SECRET_KEY_LENGTH],
 			salsa2012DeriveKey(key,perPacketKey,pkt,packetSize);
 			Salsa20 s20(perPacketKey,&ph.packetId);
 
-			uint8_t macKey[ZT_POLY1305_KEY_LEN];
+			uint8_t macKey[ZT_POLY1305_KEY_SIZE];
-			s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_LEN);
+			s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
 
 			// only difference here is that we don't encrypt the payload
 
@@ -66,8 +66,8 @@ void armor(Buf &pkt,int packetSize,const uint8_t key[ZT_PEER_SECRET_KEY_LENGTH],
 			salsa2012DeriveKey(key,perPacketKey,pkt,packetSize);
 			Salsa20 s20(perPacketKey,&ph.packetId);
 
-			uint8_t macKey[ZT_POLY1305_KEY_LEN];
+			uint8_t macKey[ZT_POLY1305_KEY_SIZE];
-			s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_LEN);
+			s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
 
 			const unsigned int encLen = packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START;
 			s20.crypt12(pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,encLen);

node/Revocation.hpp

@@ -47,7 +47,7 @@ class Revocation : public Credential
 public:
 	static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_REVOCATION; }
 
-	ZT_INLINE Revocation() noexcept { memoryZero(this); }
+	ZT_INLINE Revocation() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * @param i ID (arbitrary for revocations, currently random)
@@ -58,7 +58,7 @@ public:
 	 * @param tgt Target node whose credential(s) are being revoked
 	 * @param ct Credential type being revoked
 	 */
-	ZT_INLINE Revocation(const uint32_t i,const uint64_t nwid,const uint32_t cid,const uint64_t thr,const uint64_t fl,const Address &tgt,const ZT_CredentialType ct) noexcept :
+	ZT_INLINE Revocation(const uint32_t i,const uint64_t nwid,const uint32_t cid,const uint64_t thr,const uint64_t fl,const Address &tgt,const ZT_CredentialType ct) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_id(i),
 		_credentialId(cid),
 		_networkId(nwid),

node/RuntimeEnvironment.hpp

@@ -40,7 +40,7 @@ class Expect;
 class RuntimeEnvironment
 {
 public:
-	ZT_INLINE RuntimeEnvironment(Node *n) noexcept :
+	ZT_INLINE RuntimeEnvironment(Node *n) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,google-explicit-constructor,hicpp-explicit-conversions)
 		node(n),
 		localNetworkController(nullptr),
 		rtmem(nullptr),

node/SHA512.hpp

@@ -20,9 +20,8 @@
 #include <CommonCrypto/CommonDigest.h>
 #endif
 
-#define ZT_SHA512_DIGEST_LEN 64
+#define ZT_SHA512_DIGEST_SIZE 64
-#define ZT_SHA384_DIGEST_LEN 48
+#define ZT_SHA384_DIGEST_SIZE 48
-
 #define ZT_SHA512_BLOCK_SIZE 128
 #define ZT_SHA384_BLOCK_SIZE 128
 

node/Salsa20.hpp

@@ -43,14 +43,14 @@ public:
 	static constexpr bool accelerated() noexcept { return false; }
 #endif
 
-	ZT_INLINE Salsa20() noexcept {}
+	ZT_INLINE Salsa20() noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,hicpp-use-equals-default,modernize-use-equals-default)
 	ZT_INLINE ~Salsa20() { Utils::burn(&_state,sizeof(_state)); }
 
 	/**
 	 * @param key 256-bit (32 byte) key
 	 * @param iv 64-bit initialization vector
 	 */
-	ZT_INLINE Salsa20(const void *key,const void *iv) noexcept { init(key,iv); }
+	ZT_INLINE Salsa20(const void *key,const void *iv) noexcept { init(key,iv); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * Initialize cipher

node/ScopedPtr.hpp

@@ -49,7 +49,7 @@ public:
 	ZT_INLINE bool operator!=(T *const p) const noexcept { return (_p != p); }
 
 private:
-	ZT_INLINE ScopedPtr() noexcept {}
+	ZT_INLINE ScopedPtr() noexcept {} // NOLINT(hicpp-use-equals-default,hicpp-use-equals-delete,modernize-use-equals-default)
 	ZT_INLINE ScopedPtr(const ScopedPtr &p) noexcept : _p(nullptr) {}
 	ZT_INLINE ScopedPtr &operator=(const ScopedPtr &p) noexcept { return *this; }
 

node/SelfAwareness.hpp

@@ -72,7 +72,7 @@ private:
 		InetAddress reporterPhysicalAddress;
 		InetAddress::IpScope scope;
 
-		ZT_INLINE PhySurfaceKey() noexcept {}
+		ZT_INLINE PhySurfaceKey() noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,hicpp-use-equals-default,modernize-use-equals-default)
 		ZT_INLINE PhySurfaceKey(const Address &r,const int64_t rol,const InetAddress &ra,InetAddress::IpScope s) noexcept : reporter(r),receivedOnLocalSocket(rol),reporterPhysicalAddress(ra),scope(s) {}
 
 		ZT_INLINE unsigned long hashCode() const noexcept { return ((unsigned long)reporter.toInt() + (unsigned long)receivedOnLocalSocket + (unsigned long)scope); }

node/SharedPtr.hpp

@@ -109,7 +109,7 @@ public:
 		from._ptr = nullptr;
 	}
 
-	ZT_INLINE operator bool() const noexcept { return (_ptr != nullptr); }
+	ZT_INLINE operator bool() const noexcept { return (_ptr != nullptr); } // NOLINT(google-explicit-constructor,hicpp-explicit-conversions)
 
 	ZT_INLINE T &operator*() const noexcept { return *_ptr; }
 	ZT_INLINE T *operator->() const noexcept { return _ptr; }

node/Speck128.hpp

@@ -38,14 +38,14 @@ public:
 	/**
 	 * Create an uninitialized instance, init() must be called to set up.
 	 */
-	ZT_INLINE Speck128() noexcept {}
+	ZT_INLINE Speck128() noexcept {} // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,hicpp-use-equals-default,modernize-use-equals-default)
 
 	/**
 	 * Initialize Speck from a 128-bit key
 	 *
 	 * @param k 128-bit / 16 byte key
 	 */
-	ZT_INLINE Speck128(const void *k) noexcept { this->init(k); }
+	ZT_INLINE Speck128(const void *k) noexcept { this->init(k); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init,google-explicit-constructor,hicpp-explicit-conversions)
 
 	ZT_INLINE ~Speck128() { Utils::burn(_k,sizeof(_k)); }
 
@@ -161,8 +161,8 @@ public:
 	 */
 	ZT_INLINE void encrypt(const void *const in,void *const out) const noexcept
 	{
-		uint64_t x = Utils::loadLittleEndian<uint64_t>(in);
+		uint64_t x = Utils::loadLittleEndian<uint64_t>(in); // NOLINT(hicpp-use-auto,modernize-use-auto)
-		uint64_t y = Utils::loadLittleEndian<uint64_t>(reinterpret_cast<const uint8_t *>(in) + 8);
+		uint64_t y = Utils::loadLittleEndian<uint64_t>(reinterpret_cast<const uint8_t *>(in) + 8); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		encryptXY(x,y);
 		Utils::storeLittleEndian<uint64_t>(out,x);
 		Utils::storeLittleEndian<uint64_t>(reinterpret_cast<uint8_t *>(out) + 8,y);
@@ -176,8 +176,8 @@ public:
 	 */
 	ZT_INLINE void decrypt(const void *const in,void *const out) const noexcept
 	{
-		uint64_t x = Utils::loadLittleEndian<uint64_t>(in);
+		uint64_t x = Utils::loadLittleEndian<uint64_t>(in); // NOLINT(hicpp-use-auto,modernize-use-auto)
-		uint64_t y = Utils::loadLittleEndian<uint64_t>(reinterpret_cast<const uint8_t *>(in) + 8);
+		uint64_t y = Utils::loadLittleEndian<uint64_t>(reinterpret_cast<const uint8_t *>(in) + 8); // NOLINT(hicpp-use-auto,modernize-use-auto)
 		decryptXY(x,y);
 		Utils::storeLittleEndian<uint64_t>(out,x);
 		Utils::storeLittleEndian<uint64_t>(reinterpret_cast<uint8_t *>(out) + 8,y);

node/Tag.hpp

@@ -55,7 +55,7 @@ class Tag : public Credential
 public:
 	static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_TAG; }
 
-	ZT_INLINE Tag() noexcept { memoryZero(this); }
+	ZT_INLINE Tag() noexcept { memoryZero(this); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 
 	/**
 	 * @param nwid Network ID
@@ -64,7 +64,7 @@ public:
 	 * @param id Tag ID
 	 * @param value Tag value
 	 */
-	ZT_INLINE Tag(const uint64_t nwid,const int64_t ts,const Address &issuedTo,const uint32_t id,const uint32_t value) noexcept :
+	ZT_INLINE Tag(const uint64_t nwid,const int64_t ts,const Address &issuedTo,const uint32_t id,const uint32_t value) noexcept : // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		_id(id),
 		_value(value),
 		_networkId(nwid),

node/Topology.hpp

@@ -179,7 +179,7 @@ public:
 	ZT_INLINE void eachPeer(F f) const
 	{
 		RWMutex::RLock l(_peers_l);
-		for(Map< Address,SharedPtr<Peer> >::const_iterator i(_peers.begin());i!=_peers.end();++i)
+		for(Map< Address,SharedPtr<Peer> >::const_iterator i(_peers.begin());i!=_peers.end();++i) // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
 			f(i->second);
 	}
 
@@ -199,12 +199,12 @@ public:
 
 		std::vector<uintptr_t> rootPeerPtrs;
 		rootPeerPtrs.reserve(_rootPeers.size());
-		for(std::vector< SharedPtr<Peer> >::const_iterator rp(_rootPeers.begin());rp!=_rootPeers.end();++rp)
+		for(std::vector< SharedPtr<Peer> >::const_iterator rp(_rootPeers.begin());rp!=_rootPeers.end();++rp) // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
 			rootPeerPtrs.push_back((uintptr_t)rp->ptr());
 		std::sort(rootPeerPtrs.begin(),rootPeerPtrs.end());
 
 		try {
-			for(Map< Address,SharedPtr<Peer> >::const_iterator i(_peers.begin());i!=_peers.end();++i)
+			for(Map< Address,SharedPtr<Peer> >::const_iterator i(_peers.begin());i!=_peers.end();++i) // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
 				f(i->second,std::binary_search(rootPeerPtrs.begin(),rootPeerPtrs.end(),(uintptr_t)i->second.ptr()));
 		} catch ( ... ) {} // should not throw
 	}
@@ -219,7 +219,7 @@ public:
 	ZT_INLINE void eachPath(F f) const
 	{
 		RWMutex::RLock l(_paths_l);
-		for(Map< uint64_t,SharedPtr<Path> >::const_iterator i(_paths.begin());i!=_paths.end();++i)
+		for(Map< uint64_t,SharedPtr<Path> >::const_iterator i(_paths.begin());i!=_paths.end();++i) // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
 			f(i->second);
 	}
 

node/Trace.cpp

@@ -70,7 +70,7 @@ void Trace::unexpectedError(
 	...)
 {
 	va_list ap;
-	ZT_TraceEvent_UNEXPECTED_ERROR ev;
+	ZT_TraceEvent_UNEXPECTED_ERROR ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_UNEXPECTED_ERROR);
 	ev.codeLocation = codeLocation;
@@ -90,7 +90,7 @@ void Trace::_resettingPathsInScope(
 	const InetAddress &newExternal,
 	const InetAddress::IpScope scope)
 {
-	ZT_TraceEvent_VL1_RESETTING_PATHS_IN_SCOPE ev;
+	ZT_TraceEvent_VL1_RESETTING_PATHS_IN_SCOPE ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL1_RESETTING_PATHS_IN_SCOPE);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -112,7 +112,7 @@ void Trace::_tryingNewPath(
 	const Identity &triggeringPeer,
 	const ZT_TraceTryingNewPathReason reason)
 {
-	ZT_TraceEvent_VL1_TRYING_NEW_PATH ev;
+	ZT_TraceEvent_VL1_TRYING_NEW_PATH ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL1_TRYING_NEW_PATH);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -134,7 +134,7 @@ void Trace::_learnedNewPath(
 	const InetAddress &physicalAddress,
 	const InetAddress &replaced)
 {
-	ZT_TraceEvent_VL1_LEARNED_NEW_PATH ev;
+	ZT_TraceEvent_VL1_LEARNED_NEW_PATH ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL1_LEARNED_NEW_PATH);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -157,7 +157,7 @@ void Trace::_incomingPacketDropped(
 	const uint8_t verb,
 	const ZT_TracePacketDropReason reason)
 {
-	ZT_TraceEvent_VL1_INCOMING_PACKET_DROPPED ev;
+	ZT_TraceEvent_VL1_INCOMING_PACKET_DROPPED ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL1_INCOMING_PACKET_DROPPED);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -183,7 +183,7 @@ void Trace::_outgoingNetworkFrameDropped(
 	const uint8_t *frameData,
 	const ZT_TraceFrameDropReason reason)
 {
-	ZT_TraceEvent_VL2_OUTGOING_FRAME_DROPPED ev;
+	ZT_TraceEvent_VL2_OUTGOING_FRAME_DROPPED ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL2_OUTGOING_FRAME_DROPPED);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -197,7 +197,7 @@ void Trace::_outgoingNetworkFrameDropped(
 		if (l > sizeof(ev.frameHead))
 			l = sizeof(ev.frameHead);
 		Utils::copy(ev.frameHead,frameData,l);
-		Utils::copy(ev.frameHead + l,0,sizeof(ev.frameHead) - l);
+		Utils::zero(ev.frameHead + l,sizeof(ev.frameHead) - l);
 	}
 	ev.reason = (uint8_t)reason;
 
@@ -219,7 +219,7 @@ void Trace::_incomingNetworkFrameDropped(
 	const bool credentialRequestSent,
 	const ZT_TraceFrameDropReason reason)
 {
-	ZT_TraceEvent_VL2_INCOMING_FRAME_DROPPED ev;
+	ZT_TraceEvent_VL2_INCOMING_FRAME_DROPPED ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL2_INCOMING_FRAME_DROPPED);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -235,7 +235,7 @@ void Trace::_incomingNetworkFrameDropped(
 		if (l > sizeof(ev.frameHead))
 			l = sizeof(ev.frameHead);
 		Utils::copy(ev.frameHead,frameData,l);
-		Utils::copy(ev.frameHead + l,0,sizeof(ev.frameHead) - l);
+		Utils::zero(ev.frameHead + l,sizeof(ev.frameHead) - l);
 	}
 	ev.verb = verb;
 	ev.credentialRequestSent = (uint8_t)credentialRequestSent;
@@ -249,7 +249,7 @@ void Trace::_networkConfigRequestSent(
 	const uint32_t codeLocation,
 	const uint64_t networkId)
 {
-	ZT_TraceEvent_VL2_NETWORK_CONFIG_REQUESTED ev;
+	ZT_TraceEvent_VL2_NETWORK_CONFIG_REQUESTED ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL2_NETWORK_CONFIG_REQUESTED);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -277,7 +277,7 @@ void Trace::_networkFilter(
 	const bool inbound,
 	const int accept)
 {
-	ZT_TraceEvent_VL2_NETWORK_FILTER ev;
+	ZT_TraceEvent_VL2_NETWORK_FILTER ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL2_NETWORK_FILTER);
 	ev.codeLocation = Utils::hton(codeLocation);
@@ -298,7 +298,7 @@ void Trace::_networkFilter(
 		if (l > sizeof(ev.frameHead))
 			l = sizeof(ev.frameHead);
 		Utils::copy(ev.frameHead,frameData,l);
-		Utils::copy(ev.frameHead + l,0,sizeof(ev.frameHead) - l);
+		Utils::zero(ev.frameHead + l,sizeof(ev.frameHead) - l);
 	}
 	ev.etherType = Utils::hton(etherType);
 	ev.vlanId = Utils::hton(vlanId);
@@ -319,7 +319,7 @@ void Trace::_credentialRejected(
 	const uint8_t credentialType,
 	const ZT_TraceCredentialRejectionReason reason)
 {
-	ZT_TraceEvent_VL2_CREDENTIAL_REJECTED ev;
+	ZT_TraceEvent_VL2_CREDENTIAL_REJECTED ev; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 	ev.evSize = ZT_CONST_TO_BE_UINT16(sizeof(ev));
 	ev.evType = ZT_CONST_TO_BE_UINT16(ZT_TRACE_VL2_NETWORK_FILTER);
 	ev.codeLocation = Utils::hton(codeLocation);

node/Trace.hpp

@@ -82,7 +82,7 @@ public:
 	template<unsigned int C>
 	struct Str
 	{
-		ZT_INLINE Str() { Utils::zero<sizeof(s)>(s); }
+		ZT_INLINE Str() { Utils::zero<sizeof(s)>(s); } // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 		constexpr static unsigned int capacity() { return C; }
 		char s[C];
 	};

node/TriviallyCopyable.hpp

@@ -29,32 +29,6 @@ namespace ZeroTier {
  */
 ZT_PACKED_STRUCT(struct TriviallyCopyable
 {
-	/**
-	 * Be absolutely sure a TriviallyCopyable object is zeroed using Utils::burn()
-	 *
-	 * @tparam T Automatically inferred type of object
-	 * @param obj Any TriviallyCopyable object
-	 */
-	template<typename T>
-	static ZT_INLINE void memoryBurn(T *obj) noexcept
-	{
-		TriviallyCopyable *const tmp = obj;
-		Utils::burn(tmp,sizeof(T));
-	}
-
-	/**
-	 * Be absolutely sure a TriviallyCopyable object is zeroed using Utils::burn()
-	 *
-	 * @tparam T Automatically inferred type of object
-	 * @param obj Any TriviallyCopyable object
-	 */
-	template<typename T>
-	static ZT_INLINE void memoryBurn(T &obj) noexcept
-	{
-		TriviallyCopyable *const tmp = &obj;
-		Utils::burn(tmp,sizeof(T));
-	}
-
 	/**
 	 * Zero a TriviallyCopyable object
 	 *

node/Utils.cpp

@@ -36,7 +36,7 @@ namespace ZeroTier {
 namespace Utils {
 
 #ifdef ZT_ARCH_X64
-CPUIDRegisters::CPUIDRegisters()
+CPUIDRegisters::CPUIDRegisters() noexcept // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
 {
 #ifdef __WINDOWS__
 	int regs[4];
@@ -212,7 +212,7 @@ unsigned int unhex(const char *h,unsigned int hlen,void *buf,unsigned int buflen
 		hc = *(reinterpret_cast<const uint8_t *>(h++));
 		if (!hc) break;
 
-		c <<= 4;
+		c <<= 4U;
 		if ((hc >= 48)&&(hc <= 57))
 			c |= hc - 48;
 		else if ((hc >= 97)&&(hc <= 102))
@@ -294,7 +294,7 @@ void getSecureRandom(void *const buf,const unsigned int bytes) noexcept
 #ifdef ZT_ARCH_X64
 				if (CPUID.rdrand) {
 					uint64_t tmp = 0;
-					for(int k=0;k<ZT_GETSECURERANDOM_STATE_SIZE;++k) {
+					for(int k=0;k<ZT_GETSECURERANDOM_STATE_SIZE;++k) { // NOLINT(modernize-loop-convert)
 						_rdrand64_step((unsigned long long *)&tmp);
 						randomState[k] ^= tmp;
 					}

node/Utils.hpp

@@ -50,10 +50,10 @@ namespace Utils {
 #ifdef ZT_ARCH_X64
 struct CPUIDRegisters
 {
+	CPUIDRegisters() noexcept;
 	uint32_t eax,ebx,ecx,edx;
 	bool rdrand;
 	bool aes;
-	CPUIDRegisters();
 };
 extern const CPUIDRegisters CPUID;
 #endif

node/VL1.cpp

@@ -226,9 +226,9 @@ void VL1::onRemotePacket(void *const tPtr,const int64_t localSocket,const InetAd
 
 					// Generate one-time-use MAC key using Salsa20.
 					uint8_t perPacketKey[ZT_PEER_SECRET_KEY_LENGTH];
-					uint8_t macKey[ZT_POLY1305_KEY_LEN];
+					uint8_t macKey[ZT_POLY1305_KEY_SIZE];
 					Protocol::salsa2012DeriveKey(peer->key(),perPacketKey,*pktv[0].b,packetSize);
-					Salsa20(perPacketKey,&ph->packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_LEN);
+					Salsa20(perPacketKey,&ph->packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
 
 					// Verify packet MAC.
 					uint64_t mac[2];
@@ -249,8 +249,8 @@ void VL1::onRemotePacket(void *const tPtr,const int64_t localSocket,const InetAd
 					Salsa20 s20(perPacketKey,&ph->packetId);
 
 					// Do one Salsa20 block to generate the one-time-use Poly1305 key.
-					uint8_t macKey[ZT_POLY1305_KEY_LEN];
+					uint8_t macKey[ZT_POLY1305_KEY_SIZE];
-					s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_LEN);
+					s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
 
 					// Get a buffer to store the decrypted and fully contiguous packet.
 					pkt.b.set(new Buf());
@@ -516,9 +516,9 @@ bool VL1::_HELLO(void *tPtr,const SharedPtr<Path> &path,SharedPtr<Peer> &peer,Bu
 
 	if ((!peer)||(!authenticated)) {
 		uint8_t perPacketKey[ZT_PEER_SECRET_KEY_LENGTH];
-		uint8_t macKey[ZT_POLY1305_KEY_LEN];
+		uint8_t macKey[ZT_POLY1305_KEY_SIZE];
 		Protocol::salsa2012DeriveKey(peer->key(),perPacketKey,pkt,packetSize);
-		Salsa20(perPacketKey,&p.h.packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_LEN);
+		Salsa20(perPacketKey,&p.h.packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
 		uint64_t mac[2];
 		poly1305(mac,pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,macKey);
 		if (p.h.mac != mac[0]) {

node/VL2.hpp

@@ -35,7 +35,7 @@ class VL2
 	friend class VL1;
 
 public:
-	VL2(const RuntimeEnvironment *renv);
+	explicit VL2(const RuntimeEnvironment *renv);
 	~VL2();
 
 	/**