From 182f16d2a4f59d6a8420803fc202b6a75285465e Mon Sep 17 00:00:00 2001
From: Athanasios Oikonomou <athoik@gmail.com>
Date: Sun, 26 Apr 2020 16:53:49 +0200
Subject: [PATCH 1/5] Add support for armv7ve

This commit adds support for ARM armv7ve arch.
The extended version of the ARMv7-A architecture with support for virtualization.
---
 make-linux.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/make-linux.mk b/make-linux.mk
index 9fd4f7b95..eff3a50ed 100644
--- a/make-linux.mk
+++ b/make-linux.mk
@@ -205,6 +205,11 @@ ifeq ($(CC_MACH),armv7hl)
 	override DEFS+=-DZT_NO_TYPE_PUNNING
 	ZT_USE_ARM32_NEON_ASM_CRYPTO=1
 endif
+ifeq ($(CC_MACH),armv7ve)
+        ZT_ARCHITECTURE=3
+        override DEFS+=-DZT_NO_TYPE_PUNNING
+        ZT_USE_ARM32_NEON_ASM_CRYPTO=1
+endif
 ifeq ($(CC_MACH),arm64)
 	ZT_ARCHITECTURE=4
 	override DEFS+=-DZT_NO_TYPE_PUNNING

From d2db307bee4891a4b1744ae205c794fd0ce56f98 Mon Sep 17 00:00:00 2001
From: Gleb Panov <gutleib@gmail.com>
Date: Wed, 29 Apr 2020 13:51:28 +0300
Subject: [PATCH 2/5] Add lines to enable Elbrus
 (https://en.wikipedia.org/wiki/Elbrus-8S) microprocessor architecture. No
 changes in code, only in build procedure (recognise relevant ARCH output.

---
 make-linux.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/make-linux.mk b/make-linux.mk
index d48697067..39ffbe73e 100644
--- a/make-linux.mk
+++ b/make-linux.mk
@@ -146,6 +146,9 @@ endif
 ifeq ($(CC_MACH),ppc64el)
 	ZT_ARCHITECTURE=8
 endif
+ifeq ($(CC_MACH),e2k)
+	ZT_ARCHITECTURE=2
+endif
 ifeq ($(CC_MACH),i386)
 	ZT_ARCHITECTURE=1
 endif

From ffebcd247fcc5fec9aee85c26da581cee8a09d72 Mon Sep 17 00:00:00 2001
From: Suad Halilovic <suad.halilovic@marvelsoft.net>
Date: Thu, 16 Jul 2020 18:31:56 +0200
Subject: [PATCH 3/5] 2020/07/16, Minor optmizations

---
 CMakeLists.txt                           |  1 +
 controller/EmbeddedNetworkController.cpp | 14 +++++++-------
 controller/LFDB.cpp                      |  8 ++++----
 node/IncomingPacket.cpp                  |  2 +-
 node/Peer.cpp                            |  2 +-
 node/Topology.cpp                        |  4 ++--
 one.cpp                                  |  8 ++++----
 osdep/Binder.hpp                         |  4 ++--
 osdep/OSUtils.cpp                        |  2 +-
 service/OneService.cpp                   | 18 +++++++++---------
 service/SoftwareUpdater.cpp              |  4 ++--
 11 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fff7808e1..b22ae7d77 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,6 +5,7 @@ project (zerotiercore)
 
 set (PROJ_DIR ${PROJECT_SOURCE_DIR})
 set (ZT_DEFS -std=c++11)
+set (CMAKE_EXPORT_COMPILE_COMMANDS ON)
 
 file(GLOB core_src_glob ${PROJ_DIR}/node/*.cpp)
 add_library(zerotiercore STATIC ${core_src_glob})
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index e0e2a3eae..e5db6eca1 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -97,7 +97,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule)
 			break;
 	}
 
-	if (r.size() == 0) {
+	if (r.empty()) {
 		switch(rt) {
 			case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
 				r["type"] = "MATCH_SOURCE_ZEROTIER_ADDRESS";
@@ -239,7 +239,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule)
 				break;
 		}
 
-		if (r.size() > 0) {
+		if (!r.empty()) {
 			r["not"] = ((rule.t & 0x80) != 0);
 			r["or"] = ((rule.t & 0x40) != 0);
 		}
@@ -554,7 +554,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpGET(
 	std::string &responseBody,
 	std::string &responseContentType)
 {
-	if ((path.size() > 0)&&(path[0] == "network")) {
+	if ((!path.empty())&&(path[0] == "network")) {
 
 		if ((path.size() >= 2)&&(path[1].length() == 16)) {
 			const uint64_t nwid = Utils::hexStrToU64(path[1].c_str());
@@ -1227,11 +1227,11 @@ void EmbeddedNetworkController::_request(
 
 	Utils::hex(nwid,nwids);
 	_db.get(nwid,network,identity.address().toInt(),member,ns);
-	if ((!network.is_object())||(network.size() == 0)) {
+	if ((!network.is_object())||(network.empty())) {
 		_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_OBJECT_NOT_FOUND);
 		return;
 	}
-	const bool newMember = ((!member.is_object())||(member.size() == 0));
+	const bool newMember = ((!member.is_object())||(member.empty()));
 	DB::initMember(member);
 
 	{
@@ -1437,11 +1437,11 @@ void EmbeddedNetworkController::_request(
 			std::map< uint64_t,json * >::const_iterator ctmp = capsById.find(capId);
 			if (ctmp != capsById.end()) {
 				json *cap = ctmp->second;
-				if ((cap)&&(cap->is_object())&&(cap->size() > 0)) {
+				if ((cap)&&(cap->is_object())&&(!cap->empty())) {
 					ZT_VirtualNetworkRule capr[ZT_MAX_CAPABILITY_RULES];
 					unsigned int caprc = 0;
 					json &caprj = (*cap)["rules"];
-					if ((caprj.is_array())&&(caprj.size() > 0)) {
+					if ((caprj.is_array())&&(!caprj.empty())) {
 						for(unsigned long j=0;j<caprj.size();++j) {
 							if (caprc >= ZT_MAX_CAPABILITY_RULES)
 								break;
diff --git a/controller/LFDB.cpp b/controller/LFDB.cpp
index d11b77a07..03265347f 100644
--- a/controller/LFDB.cpp
+++ b/controller/LFDB.cpp
@@ -190,10 +190,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons
 				if (resp) {
 					if (resp->status == 200) {
 						nlohmann::json results(OSUtils::jsonParse(resp->body));
-						if ((results.is_array())&&(results.size() > 0)) {
+						if ((results.is_array())&&(!results.empty())) {
 							for(std::size_t ri=0;ri<results.size();++ri) {
 								nlohmann::json &rset = results[ri];
-								if ((rset.is_array())&&(rset.size() > 0)) {
+								if ((rset.is_array())&&(!rset.empty())) {
 
 									nlohmann::json &result = rset[0];
 									if (result.is_object()) {
@@ -258,10 +258,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons
 				if (resp) {
 					if (resp->status == 200) {
 						nlohmann::json results(OSUtils::jsonParse(resp->body));
-						if ((results.is_array())&&(results.size() > 0)) {
+						if ((results.is_array())&&(!results.empty())) {
 							for(std::size_t ri=0;ri<results.size();++ri) {
 								nlohmann::json &rset = results[ri];
-								if ((rset.is_array())&&(rset.size() > 0)) {
+								if ((rset.is_array())&&(!rset.empty())) {
 
 									nlohmann::json &result = rset[0];
 									if (result.is_object()) {
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index 331446ced..d6f6d951c 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -427,7 +427,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool
 	if ((planetWorldId)&&(RR->topology->planetWorldTimestamp() > planetWorldTimestamp)&&(planetWorldId == RR->topology->planetWorldId())) {
 		RR->topology->planet().serialize(outp,false);
 	}
-	if (moonIdsAndTimestamps.size() > 0) {
+	if (!moonIdsAndTimestamps.empty()) {
 		std::vector<World> moons(RR->topology->moons());
 		for(std::vector<World>::const_iterator m(moons.begin());m!=moons.end();++m) {
 			for(std::vector< std::pair<uint64_t,uint64_t> >::const_iterator i(moonIdsAndTimestamps.begin());i!=moonIdsAndTimestamps.end();++i) {
diff --git a/node/Peer.cpp b/node/Peer.cpp
index c70e89d71..35b35559f 100644
--- a/node/Peer.cpp
+++ b/node/Peer.cpp
@@ -198,7 +198,7 @@ void Peer::received(
 		if (sinceLastPush >= ((hops == 0) ? ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH : ZT_DIRECT_PATH_PUSH_INTERVAL)) {
 			_lastDirectPathPushSent = now;
 			std::vector<InetAddress> pathsToPush(RR->node->directPaths());
-			if (pathsToPush.size() > 0) {
+			if (!pathsToPush.empty()) {
 				std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
 				while (p != pathsToPush.end()) {
 					Packet *const outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
diff --git a/node/Topology.cpp b/node/Topology.cpp
index 01a81fccc..ab70220a1 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -183,7 +183,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa
 	if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),ztaddr) != _upstreamAddresses.end()) {
 		for(std::vector<World::Root>::const_iterator r(_planet.roots().begin());r!=_planet.roots().end();++r) {
 			if (r->identity.address() == ztaddr) {
-				if (r->stableEndpoints.size() == 0)
+				if (r->stableEndpoints.empty())
 					return false; // no stable endpoints specified, so allow dynamic paths
 				for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
 					if (ipaddr.ipsEqual(*e))
@@ -194,7 +194,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa
 		for(std::vector<World>::const_iterator m(_moons.begin());m!=_moons.end();++m) {
 			for(std::vector<World::Root>::const_iterator r(m->roots().begin());r!=m->roots().end();++r) {
 				if (r->identity.address() == ztaddr) {
-					if (r->stableEndpoints.size() == 0)
+					if (r->stableEndpoints.empty())
 						return false; // no stable endpoints specified, so allow dynamic paths
 					for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
 						if (ipaddr.ipsEqual(*e))
diff --git a/one.cpp b/one.cpp
index 06d56e7ae..88731285a 100644
--- a/one.cpp
+++ b/one.cpp
@@ -739,7 +739,7 @@ static int cli(int argc,char **argv)
 							int addressCountOfType = 0;
 							for (int k = 0; k<std::min(ZT_MAX_ZT_ASSIGNED_ADDRESSES, (int)assignedAddresses.size());++k) {
 								nlohmann::json &addr = assignedAddresses[k];
-								if ((arg2 == "ip4" && addr.get<std::string>().find(".") != std::string::npos)
+								if ((arg2 == "ip4" && addr.get<std::string>().find('.') != std::string::npos)
 									|| ((arg2.find("ip6") == 0) && addr.get<std::string>().find(":") != std::string::npos)
 									|| (arg2 == "ip")
 									) {
@@ -754,19 +754,19 @@ static int cli(int argc,char **argv)
 								if (arg2.find("ip6p") == 0) {
 									if (arg2 == "ip6plane") {
 										if (addr.get<std::string>().find("fc") == 0) {
-											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")));
+											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')));
 											if (k < addressCountOfType-1) aa.append("\n");
 										}
 									}
 									if (arg2 == "ip6prefix") {
 										if (addr.get<std::string>().find("fc") == 0) {
-											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")).substr(0,24));
+											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')).substr(0,24));
 											if (k < addressCountOfType-1) aa.append("\n");
 										}
 									}
 								}
 								else {
-									aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")));
+									aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')));
 									if (k < addressCountOfType-1) aa.append("\n");
 								}
 							}
diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp
index 660e6f0c3..1d703d810 100644
--- a/osdep/Binder.hpp
+++ b/osdep/Binder.hpp
@@ -234,7 +234,7 @@ public:
 			}
 
 			// Get IPv4 addresses for each device
-			if (ifnames.size() > 0) {
+			if (!ifnames.empty()) {
 				const int controlfd = (int)socket(AF_INET,SOCK_DGRAM,0);
 				struct ifconf configuration;
 				configuration.ifc_len = 0;
@@ -276,7 +276,7 @@ public:
 				if (controlfd > 0) close(controlfd);
 			}
 
-			const bool gotViaProc = (localIfAddrs.size() > 0);
+			const bool gotViaProc = (!localIfAddrs.empty());
 #else
 			const bool gotViaProc = false;
 #endif
diff --git a/osdep/OSUtils.cpp b/osdep/OSUtils.cpp
index 0299b12bc..4d9a2bb5e 100644
--- a/osdep/OSUtils.cpp
+++ b/osdep/OSUtils.cpp
@@ -351,7 +351,7 @@ std::vector<std::string> OSUtils::split(const char *s,const char *const sep,cons
 			else if ((buf.size() <= 0)&&((quotTmp = strchr(quot,*s))))
 				quoteState = *quotTmp;
 			else if (strchr(sep,*s)) {
-				if (buf.size() > 0) {
+				if (!buf.empty()) {
 					fields.push_back(buf);
 					buf.clear();
 				} // else skip runs of separators
diff --git a/service/OneService.cpp b/service/OneService.cpp
index 97ba1a362..e5da3eabe 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -1016,7 +1016,7 @@ public:
 		}
 
 		// Set trusted paths if there are any
-		if (ppc.size() > 0) {
+		if (!ppc.empty()) {
 			for(std::map<InetAddress,ZT_PhysicalPathConfiguration>::iterator i(ppc.begin());i!=ppc.end();++i)
 				_node->setPhysicalPathConfiguration(reinterpret_cast<const struct sockaddr_storage *>(&(i->first)),&(i->second));
 		}
@@ -1132,7 +1132,7 @@ public:
 		 * URL encoding, and /'s in URL args will screw it up. But the only URL args
 		 * it really uses in ?jsonp=funcionName, and otherwise it just takes simple
 		 * paths to simply-named resources. */
-		if (ps.size() > 0) {
+		if (!ps.empty()) {
 			std::size_t qpos = ps[ps.size() - 1].find('?');
 			if (qpos != std::string::npos) {
 				std::string args(ps[ps.size() - 1].substr(qpos + 1));
@@ -1165,12 +1165,12 @@ public:
 		// Authenticate via Synology's built-in cgi script
 		if (!isAuth) {
 			int synotoken_pos = path.find("SynoToken");
-			int argpos = path.find("?");
+			int argpos = path.find('?');
 			if(synotoken_pos != std::string::npos && argpos != std::string::npos) {
 				std::string cookie = path.substr(argpos+1, synotoken_pos-(argpos+1));
 				std::string synotoken = path.substr(synotoken_pos);
-				std::string cookie_val = cookie.substr(cookie.find("=")+1);
-				std::string synotoken_val = synotoken.substr(synotoken.find("=")+1);
+				std::string cookie_val = cookie.substr(cookie.find('=')+1);
+				std::string synotoken_val = synotoken.substr(synotoken.find('=')+1);
 				// Set necessary env for auth script
 				std::map<std::string,std::string>::const_iterator ah2(headers.find("x-forwarded-for"));
 				setenv("HTTP_COOKIE", cookie_val.c_str(), true);
@@ -1661,7 +1661,7 @@ public:
 		if (!n.settings.allowManaged)
 			return false;
 
-		if (n.settings.allowManagedWhitelist.size() > 0) {
+		if (!n.settings.allowManagedWhitelist.empty()) {
 			bool allowed = false;
 			for (InetAddress addr : n.settings.allowManagedWhitelist) {
 				if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) {
@@ -1932,7 +1932,7 @@ public:
 							bool allow;
 							{
 								Mutex::Lock _l(_localConfig_m);
-								if (_allowManagementFrom.size() == 0) {
+								if (_allowManagementFrom.empty()) {
 									allow = (tc->remoteAddr.ipScope() == InetAddress::IP_SCOPE_LOOPBACK);
 								} else {
 									allow = false;
@@ -2113,7 +2113,7 @@ public:
 							Dictionary<4096> nc;
 							nc.load(nlcbuf.c_str());
 							Buffer<1024> allowManaged;
-							if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) {
+							if (nc.get("allowManaged", allowManaged) && !allowManaged.empty()) {
 								std::string addresses (allowManaged.begin(), allowManaged.size());
 								if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility
 									if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') {
@@ -2671,7 +2671,7 @@ public:
 			lh = &_v6Hints;
 		else return 0;
 		const std::vector<InetAddress> *l = lh->get(ztaddr);
-		if ((l)&&(l->size() > 0)) {
+		if ((l)&&(!l->empty())) {
 			memcpy(result,&((*l)[(unsigned long)_node->prng() % l->size()]),sizeof(struct sockaddr_storage));
 			return 1;
 		} else return 0;
diff --git a/service/SoftwareUpdater.cpp b/service/SoftwareUpdater.cpp
index 5800f860f..cec2c6c5c 100644
--- a/service/SoftwareUpdater.cpp
+++ b/service/SoftwareUpdater.cpp
@@ -161,7 +161,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
 
 					if (v == VERB_GET_LATEST) {
 
-						if (_dist.size() > 0) {
+						if (!_dist.empty()) {
 							const nlohmann::json *latest = (const nlohmann::json *)0;
 							const std::string expectedSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],"");
 							unsigned int bestVMaj = rvMaj;
@@ -241,7 +241,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
 			}	break;
 
 			case VERB_GET_DATA:
-				if ((len >= 21)&&(_dist.size() > 0)) {
+				if ((len >= 21)&&(!_dist.empty())) {
 					unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
 					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
 					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;

From c1f4168d2f847161ca051b047c9fec91bbd10599 Mon Sep 17 00:00:00 2001
From: Suad Halilovic <suad.halilovic@marvelsoft.net>
Date: Thu, 16 Jul 2020 18:38:04 +0200
Subject: [PATCH 4/5] 2020/07/16, Minor optmizations

---
 CMakeLists.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b22ae7d77..fff7808e1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,6 @@ project (zerotiercore)
 
 set (PROJ_DIR ${PROJECT_SOURCE_DIR})
 set (ZT_DEFS -std=c++11)
-set (CMAKE_EXPORT_COMPILE_COMMANDS ON)
 
 file(GLOB core_src_glob ${PROJ_DIR}/node/*.cpp)
 add_library(zerotiercore STATIC ${core_src_glob})

From 93ffd75b02f4605cff5f3c200966d956cb53034f Mon Sep 17 00:00:00 2001
From: Vincent Milum Jr <git@darkain.com>
Date: Sat, 21 Nov 2020 13:30:31 -0800
Subject: [PATCH 5/5] Add ZT_NO_UNALIGNED_ACCESS for ARMv6/7 on FreeBSD

Unaligned access caused SIGBUS errors on ARMv6 and ARMv7 targets under FreeBSD.

This was also the cause of the repeating TAP devices. Each time the SIGBUS happened, the service would auto-restart itself, create a new TAP device, and then crash again.

The particular place causing the SIGBUS was:
https://github.com/zerotier/ZeroTierOne/blob/master/node/Utils.hpp#L695
---
 make-bsd.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/make-bsd.mk b/make-bsd.mk
index da7a60125..06c188090 100644
--- a/make-bsd.mk
+++ b/make-bsd.mk
@@ -65,7 +65,7 @@ ifeq ($(CC_MACH),armhf)
 endif
 ifeq ($(CC_MACH),armv6)
 	ZT_ARCHITECTURE=3
-	override DEFS+=-DZT_NO_TYPE_PUNNING
+	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_NO_UNALIGNED_ACCESS
 	ZT_USE_ARM32_NEON_ASM_SALSA2012=1
 endif
 ifeq ($(CC_MACH),armv6zk)
@@ -80,7 +80,7 @@ ifeq ($(CC_MACH),armv6kz)
 endif
 ifeq ($(CC_MACH),armv7)
 	ZT_ARCHITECTURE=3
-	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL
+	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL -DZT_NO_UNALIGNED_ACCESS
 	ZT_USE_ARM32_NEON_ASM_SALSA2012=1
 endif
 ifeq ($(CC_MACH),arm64)