Release notes, and shorten Linux canonical network ID derived device names a bit.

2025-06-06 20:43:44 +02:00 · 2018-04-12 10:33:06 -04:00 · 2018-04-12 10:33:06 -04:00 · e276b6463e
commit e276b6463e
parent 74f2b78c04
2 changed files with 35 additions and 30 deletions
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -1,38 +1,40 @@
 ZeroTier Release Notes
 ======
-# 2018-01-XX -- Version 1.2.6
+# 2018-04-12 -- Version 1.2.6
 * Features and Core Improvements
    * Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
-    * This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons. These can be used to help remotely diagnose problems. In the future we'll be refining and enhancing this feature.
+    * This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons.
-    * Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. This offers a hub-and-spoke multicast replication topology that may be faster or more bandwidth efficient in certain cases. It's also attractive for use on networks with low powered devices that need to send multicast or where there are very large numbers of multicast recipients.
+    * Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. Most users won't want this, but it's useful for specialized use cases on hub-and-spoke networks and for low-power devices.
-    * Documentation fixes in network controller.
+    * Cryptographic performance improvements.
    * Performance improvements in crypto and memory operations.
    * Multithreaded performance improvements throughout the code base, including the use of an inline lightweight spinlock for low-contention resources.
- * Bug fixes
+ * Bugs fixed
    * Disappearing routes on Mac (GitHub issue #600)
    * Route flapping and path instability in some dual-stack V4/V6 networks
    * Blacklist (in local.conf) doesn't work reliably (GitHub issue #656)
-    * Connection instabilities due to unsigned integer overflows in timing comparisons under high load on some multi-core systems
+    * Connection instabilities due to unsigned integer overflows in timing comparisons (use int64_t instead of uint64_t)
-    * Binaries don't run on some 32-bit ARM chips (build problem)
+    * Binaries don't run on some older or lower-end 32-bit ARM chips (build problem)
    * ARM NEON crypto code crashes (build problem)
    * Fixed some lock ordering issues revealed by "valgrind" tool
    * The "zerotier-idtool" command could not be accessed from "zerotier-one" via command line switch
-    * Leaking UDP sockets on some platforms when NAT-PMP is enabled
+    * Leaking sockets on some platforms when uPnP/NAT-PMP is enabled
-    * Fixed a very very rare thread deadlock that seemed to only manifest on some systems
+    * Fixed two very rare multithreading issues that were only observed on certain systems
 * Platform-Specific Changes
    * MacOS
-        * Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop).
+        * Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop). On High Sierra and newer kexts must be authorized at the console via security settings system preferences pane.
        * About dialog in UI now actually contains something useful.
    * Windows
-        * The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs.
+        * The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs across groups of machines using IT management and provisioning tools.
-        * The Windows official packages are now signed with an EV certificate (with hardware key) from DigiCert for better security and fewer warnings in some cases.
+        * The Windows official packages are now signed with an EV certificate (with hardware key).
-        * The Windows UI now contains a preview of features to more deeply integrate it with ZeroTier Central. You can enter a ZeroTier Central API key and join networks, etc. from the UI itself. We'll be expanding this in the future and possibly changing it, so this is just a test to see how users respond.
+        * The Windows UI can now log into ZeroTier Central and join networks via the Central API.
-        * The `zerotier-idtool` command should now work on Windows.
+        * The `zerotier-idtool` command should now work on Windows without ugly hacks.
-        * Hopefully we've fixed all instances of the "Windows package will not uninstall" problem on Windows 10.
+        * Upgraded the installer version.
        * Made a few changes to hopefully fix sporadic "will not uninstall" problems, though we cannot duplicate these issues ourselves.
    * Linux
-        * Devices are now named deterministically from a base32-encoded packed version of the network ID for newly joined networks. This makes device names longer but also makes them globally unique and canonical. Now a given network will always have the same device name on every Linux system. This makes a lot of devops, deployment, and scripting tasks easier since you can hard code device names by network and they will always work in things like iptables rules and routes. (It's been this way on FreeBSD since the beginning.)
+        * Device names are now generated deterministically based on network IDs for all newly joined networks.
    * Android
        * Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
        * IPv6 can be disabled in UI for cases where it causes problems.
 # 2017-04-20 -- Version 1.2.4
--- a/osdep/LinuxEthernetTap.cpp
+++ b/osdep/LinuxEthernetTap.cpp
@ -146,18 +146,21 @@ LinuxEthernetTap::LinuxEthernetTap(
 			OSUtils::ztsnprintf(procpath,sizeof(procpath),"/proc/sys/net/ipv4/conf/%s",ifr.ifr_name);
 		} while (stat(procpath,&sbuf) == 0); // try zt#++ until we find one that does not exist
 #else
-		char devno = 0;
+		uint64_t trial = 0; // incremented in the very unlikely event of a name collision with another network
 		do {
-			uint64_t tmp2[2];
+			const uint64_t nwid40 = (nwid ^ (nwid >> 24)) + trial++;
-			tmp2[0] = Utils::hton(nwid);
+			uint8_t tmp2[5];
-			tmp2[1] = 0;
+			char tmp3[11];
-			char tmp3[17];
+			tmp2[0] = (uint8_t)((nwid40 >> 32) & 0xff);
 			tmp2[1] = (uint8_t)((nwid40 >> 24) & 0xff);
 			tmp2[2] = (uint8_t)((nwid40 >> 16) & 0xff);
 			tmp2[3] = (uint8_t)((nwid40 >> 8) & 0xff);
 			tmp2[4] = (uint8_t)(nwid40 & 0xff);
 			tmp3[0] = 'z';
-			tmp3[1] = 't' + (devno++);
+			tmp3[1] = 't';
-			_base32_5_to_8(reinterpret_cast<const uint8_t *>(tmp2),tmp3 + 2);
+			_base32_5_to_8(tmp2,tmp3 + 2);
-			_base32_5_to_8(reinterpret_cast<const uint8_t *>(tmp2) + 5,tmp3 + 10);
+			tmp3[10] = (char)0;
-			tmp3[15] = (char)0;
+			memcpy(ifr.ifr_name,tmp3,11);
 			memcpy(ifr.ifr_name,tmp3,16);
 			OSUtils::ztsnprintf(procpath,sizeof(procpath),"/proc/sys/net/ipv4/conf/%s",ifr.ifr_name);
 		} while (stat(procpath,&sbuf) == 0);
 #endif
@ -286,7 +289,7 @@ bool LinuxEthernetTap::addIpSyn(std::vector<InetAddress> ips)
 	if (cpid == 0) {
 		OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
 		setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin", 1);
-		// We must know if there is at least (one) of each protocol version so we 
+		// We must know if there is at least (one) of each protocol version so we
 		// can properly enumerate address/netmask combinations in the ifcfg-dev file
 		for(int i=0; i<(int)ips.size(); i++) {
 			if (ips[i].isV4())
@ -318,7 +321,7 @@ bool LinuxEthernetTap::addIpSyn(std::vector<InetAddress> ips)
 			if (ips[i].isV4())
 				::execlp("ip","ip","addr","add",ips[i].toString(iptmp),"broadcast",ips[i].broadcast().toIpString(iptmp2),"dev",_dev.c_str(),(const char *)0);
 			else
-				::execlp("ip","ip","addr","add",ips[i].toString(iptmp),"dev",_dev.c_str(),(const char *)0);			
+				::execlp("ip","ip","addr","add",ips[i].toString(iptmp),"dev",_dev.c_str(),(const char *)0);
 		}
 		::_exit(-1);
 	} else if (cpid > 0) {