A little renaming for the future.

controller/src/handler.rs

@@ -165,7 +165,7 @@ impl<DatabaseImpl: Database> InnerProtocol for Handler<DatabaseImpl> {
                         let now = ms_since_epoch();
 
                         let result = match inner
-                            .handle_network_config_request::<HostSystemImpl>(&peer.identity, network_id, &meta_data, now)
+                            .handle_network_config_request::<HostSystemImpl>(&peer.identity, network_id, now)
                             .await
                         {
                             Result::Ok((result, Some(config))) => {
@@ -306,7 +306,6 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
         self: &Arc<Self>,
         source_identity: &Identity,
         network_id: NetworkId,
-        _meta_data: &Dictionary,
         now: i64,
     ) -> Result<(AuthorizationResult, Option<NetworkConfig>), DatabaseImpl::Error> {
         let network = self.database.get_network(network_id).await?;
@@ -359,11 +358,14 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
             // TODO: check SSO
 
             // Figure out time bounds for the certificate to generate.
-            let max_delta = network.credential_window_size.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT);
+            let credential_ttl = network.credential_ttl.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT);
 
             // Get a list of all network members that were deauthorized but are still within the time window.
             // These will be issued revocations to remind the node not to speak to them until they fall off.
-            let deauthed_members_still_in_window = self.database.list_members_deauthorized_after(network.id, now - max_delta).await;
+            let deauthed_members_still_in_window = self
+                .database
+                .list_members_deauthorized_after(network.id, now - credential_ttl)
+                .await;
 
             // Check and if necessary auto-assign static IPs for this member.
             member_changed |= network.check_zt_ip_assignments(self.database.as_ref(), &mut member).await;
@@ -373,7 +375,7 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
             nc.name = member.name.clone();
             nc.private = network.private;
             nc.timestamp = now;
-            nc.max_delta = max_delta;
+            nc.credential_ttl = credential_ttl;
             nc.revision = now as u64;
             nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16);
             nc.multicast_limit = network.multicast_limit.unwrap_or(DEFAULT_MULTICAST_LIMIT as u32);
@@ -383,7 +385,7 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
             nc.dns = network.dns;
 
             nc.certificate_of_membership =
-                CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, max_delta, legacy_v1);
+                CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, credential_ttl, legacy_v1);
             if nc.certificate_of_membership.is_none() {
                 return Ok((AuthorizationResult::RejectedDueToError, None));
             }

controller/src/model/network.rs

@@ -91,7 +91,7 @@ pub struct Network {
     #[serde(default)]
     pub rules: Vec<Rule>,
 
-    /// If set this overrides the default "agreement" window for certificates and credentials.
+    /// If set this overrides the default TTL for certificates and credentials.
     ///
     /// Making it smaller causes deauthorized nodes to fall out of the window more rapidly but can
     /// come at the expense of reliability if it's too short for everyone to update their certs
@@ -100,8 +100,8 @@ pub struct Network {
     ///
     /// Usually this does not need to be changed.
     #[serde(skip_serializing_if = "Option::is_none")]
-    #[serde(rename = "credentialWindowSize")]
-    pub credential_window_size: Option<i64>,
+    #[serde(rename = "credentialTtl")]
+    pub credential_ttl: Option<i64>,
 
     /// MTU inside the virtual network, default of 2800 is used if not set.
     pub mtu: Option<u16>,

network-hypervisor/src/vl2/networkconfig.rs

@@ -33,7 +33,7 @@ pub struct NetworkConfig {
     pub private: bool,
 
     pub timestamp: i64,
-    pub max_delta: i64,
+    pub credential_ttl: i64,
     pub revision: u64,
 
     pub mtu: u16,
@@ -83,7 +83,7 @@ impl NetworkConfig {
             motd: String::new(),
             private: true,
             timestamp: 0,
-            max_delta: 0,
+            credential_ttl: 0,
             revision: 0,
             mtu: 0,
             multicast_limit: 0,
@@ -122,7 +122,7 @@ impl NetworkConfig {
             },
         );
         d.set_u64(proto_v1_field_name::network_config::TIMESTAMP, self.timestamp as u64);
-        d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.max_delta as u64);
+        d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.credential_ttl as u64);
         d.set_u64(proto_v1_field_name::network_config::REVISION, self.revision);
         d.set_u64(proto_v1_field_name::network_config::MTU, self.mtu as u64);
         d.set_u64(proto_v1_field_name::network_config::MULTICAST_LIMIT, self.multicast_limit as u64);
@@ -241,7 +241,7 @@ impl NetworkConfig {
         nc.timestamp = d
             .get_i64(proto_v1_field_name::network_config::TIMESTAMP)
             .ok_or(InvalidParameterError("missing timestamp"))?;
-        nc.max_delta = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0);
+        nc.credential_ttl = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0);
         nc.revision = d.get_u64(proto_v1_field_name::network_config::REVISION).unwrap_or(0);
         nc.mtu = d
             .get_u64(proto_v1_field_name::network_config::MTU)