Merge pull request #2129 from zerotier/1.12.2

1.12.2

README.md

@@ -120,7 +120,7 @@ Access control is via the ZeroTier control interface itself and `metricstoken.se
     curl -H "X-ZT1-Auth: $(sudo cat /var/lib/zerotier-one/metricstoken.secret)" http://localhost:9993/metrics
 
     // macOS
-    curl -H "X-XT1-Auth: $(sudo cat /Library/Application\ Support/ZeroTier/One/metricstoken.secret)" http://localhost:9993/metrics
+    curl -H "X-ZT1-Auth: $(sudo cat /Library/Application\ Support/ZeroTier/One/metricstoken.secret)" http://localhost:9993/metrics
 
     // Windows PowerShell (Admin)
     Invoke-RestMethod -Headers @{'X-ZT1-Auth' = "$(Get-Content C:\ProgramData\ZeroTier\One\metricstoken.secret)"; } -Uri http://localhost:9993/metrics

RELEASE-NOTES.md

@@ -1,6 +1,11 @@
 ZeroTier Release Notes
 ======
 
+# 2023-09-12 -- Version 1.12.2
+
+  * More improvements to macOS full tunnel mode.
+  * Faster recovery after changes to physical network settings.
+
 # 2023-08-25 -- Version 1.12.1
 
   * Minor release to fix a port binding issue in Linux.

controller/EmbeddedNetworkController.cpp

@@ -867,12 +867,33 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 	const std::function<void(const httplib::Request&, httplib::Response&, std::string)> setContent)
 {
 	// Control plane Endpoints
+	std::string controllerPath = "/controller";
 	std::string networkListPath = "/controller/network";
 	std::string networkPath = "/controller/network/([0-9a-fA-F]{16})";
 	std::string oldAndBustedNetworkCreatePath = "/controller/network/([0-9a-fA-F]{10})______";
 	std::string memberListPath = "/controller/network/([0-9a-fA-F]{16})/member";
 	std::string memberPath = "/controller/network/([0-9a-fA-F]{16})/member/([0-9a-fA-F]{10})";
 
+	auto controllerGet = [&, setContent](const httplib::Request &req, httplib::Response &res) {
+		char tmp[4096];
+		const bool dbOk = _db.isReady();
+		OSUtils::ztsnprintf(
+			tmp,
+			sizeof(tmp),
+			"{\n\t\"controller\": true,\n\t\"apiVersion\": %d,\n\t\"clock\": %llu,\n\t\"databaseReady\": %s\n}\n",
+			ZT_NETCONF_CONTROLLER_API_VERSION,
+			(unsigned long long)OSUtils::now(),
+			dbOk ? "true" : "false");
+
+			if (!dbOk) {
+				res.status = 503;
+			}
+
+			setContent(req, res, tmp);
+	};
+	s.Get(controllerPath, controllerGet);
+	sv6.Get(controllerPath, controllerGet);
+
 	auto networkListGet = [&, setContent](const httplib::Request &req, httplib::Response &res) {
 		std::set<uint64_t> networkIds;
 		_db.networks(networkIds);
@@ -997,16 +1018,14 @@ void EmbeddedNetworkController::configureHTTPControlPlane(
 			return;
 		}
 
-		json out = json::array();
+		json out = json::object();
 		std::vector<json> memTmp;
 		if (_db.get(nwid, network, memTmp)) {
 			for (auto m = memTmp.begin(); m != memTmp.end(); ++m) {
 				int revision = OSUtils::jsonInt((*m)["revision"], 0);
 				std::string id = OSUtils::jsonString((*m)["id"], "");
 				if (id.length() == 10) {
-					json tmp = json::object();
-					tmp[id] = revision;
-					out.push_back(tmp);
+					out[id] = revision;
 				}
 			}
 		}

debian/changelog

@@ -1,3 +1,9 @@
+zerotier-one (1.12.2) unstable; urgency=medium
+
+  * See RELEASE-NOTES.md for release notes.
+
+ -- Adam Ierymenko <[email protected]>  Tue, 12 Sep 2023 01:00:00 -0700
+
 zerotier-one (1.12.1) unstable; urgency=medium
 
   * See RELEASE-NOTES.md for release notes.

ext/installfiles/mac/ZeroTier One.pkgproj

@@ -701,7 +701,7 @@
 				<key>USE_HFS+_COMPRESSION</key>
 				<false/>
 				<key>VERSION</key>
-				<string>1.12.1</string>
+				<string>1.12.2</string>
 			</dict>
 			<key>TYPE</key>
 			<integer>0</integer>

ext/installfiles/windows/ZeroTier One.aip

@@ -24,10 +24,10 @@
     <ROW Property="AiFeatIcoZeroTierOne" Value="ZeroTierIcon.exe" Type="8"/>
     <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
     <ROW Property="Manufacturer" Value="ZeroTier, Inc."/>
-    <ROW Property="ProductCode" Value="1033:{22301716-32F1-4247-8167-3E5441A87A58} " Type="16"/>
+    <ROW Property="ProductCode" Value="1033:{56528063-D8C2-43F4-97DB-C787E6A2D9DB} " Type="16"/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="ZeroTier One"/>
-    <ROW Property="ProductVersion" Value="1.12.1" Options="32"/>
+    <ROW Property="ProductVersion" Value="1.12.2" Options="32"/>
     <ROW Property="REBOOT" MultiBuildValue="DefaultBuild:ReallySuppress"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND;AI_SETUPEXEPATH;SETUPEXEDIR"/>
     <ROW Property="UpgradeCode" Value="{B0E2A5F3-88B6-4E77-B922-CB4739B4C4C8}"/>
@@ -62,7 +62,7 @@
     <ROW Directory="regid.201001.com.zerotier_Dir" Directory_Parent="CommonAppDataFolder" DefaultDir="REGID2~1.ZER|regid.2010-01.com.zerotier" DirectoryOptions="12"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="AI_CustomARPName" ComponentId="{E391FCA4-D005-4309-A481-415FAEB15274}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
+    <ROW Component="AI_CustomARPName" ComponentId="{A0629900-689C-4BD7-9315-85F05804DF03}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
     <ROW Component="AI_DisableModify" ComponentId="{46FFA8C5-A0CB-4E05-9AD3-911D543DE8CA}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
     <ROW Component="AI_ExePath" ComponentId="{8E02B36C-7A19-429B-A93E-77A9261AC918}" Directory_="APPDIR" Attributes="4" KeyPath="AI_ExePath"/>
     <ROW Component="APPDIR" ComponentId="{4DD7907D-D7FE-4CD6-B1A0-B5C1625F5133}" Directory_="APPDIR" Attributes="0"/>
@@ -352,8 +352,8 @@
     <ROW Action="AI_DATA_SETTER_1" Condition="(REMOVE)" Sequence="3101"/>
     <ROW Action="InstallFinalize" Sequence="6605" SeqType="0" MsiKey="InstallFinalize"/>
     <ROW Action="AI_RemoveExternalUIStub" Condition="(REMOVE=&quot;ALL&quot;) AND ((VersionNT &gt; 500) OR((VersionNT = 500) AND (ServicePackLevel &gt;= 4)))" Sequence="1501"/>
-    <ROW Action="TapDeviceRemove32" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( NOT VersionNT64 )" Sequence="1605"/>
-    <ROW Action="TapDeviceRemove64" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( VersionNT64 )" Sequence="1606"/>
+    <ROW Action="TapDeviceRemove32" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( NOT VersionNT64 )" Sequence="1601"/>
+    <ROW Action="TapDeviceRemove64" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( VersionNT64 )" Sequence="1602"/>
     <ROW Action="AI_FwInstall" Condition="(VersionNT &gt;= 501) AND (REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5802"/>
     <ROW Action="AI_DATA_SETTER_2" Condition="(VersionNT &gt;= 501) AND (REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5801"/>
     <ROW Action="AI_FwUninstall" Condition="(VersionNT &gt;= 501) AND (REMOVE=&quot;ALL&quot;)" Sequence="1702"/>
@@ -368,17 +368,17 @@
     <ROW Action="AI_ExtractLzma" Condition="SETUPEXEDIR=&quot;&quot; AND Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;) AND (NOT PATCH)" Sequence="1549" Builds="ExeBuild"/>
     <ROW Action="AI_DeleteRLzma" Condition="SETUPEXEDIR=&quot;&quot; AND Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;) AND (NOT PATCH)" Sequence="1548" Builds="ExeBuild"/>
     <ROW Action="AI_DeleteLzma" Condition="SETUPEXEDIR=&quot;&quot; AND Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;) AND (NOT PATCH)" Sequence="6594" Builds="ExeBuild"/>
-    <ROW Action="TerminateUIOld" Sequence="1602"/>
-    <ROW Action="AI_DATA_SETTER_6" Sequence="1601"/>
     <ROW Action="AI_EnableDebugLog" Sequence="52"/>
     <ROW Action="AI_ExtractFiles" Sequence="1399" Builds="ExeBuild"/>
     <ROW Action="AI_DATA_SETTER_4" Sequence="1398"/>
     <ROW Action="AI_GetArpIconPath" Sequence="1401"/>
-    <ROW Action="TerminateUINew" Sequence="1604"/>
-    <ROW Action="AI_DATA_SETTER_5" Sequence="1603"/>
     <ROW Action="LaunchUI" Condition="( NOT Installed ) AND ( ZTHEADLESS = &quot;No&quot; )" Sequence="6606"/>
     <ROW Action="AI_DETECT_MODERNWIN" Condition="(VersionNT &gt;= 603)" Sequence="55" MsiKey="AI_DETECT_MODERNWIN"/>
     <ROW Action="AI_ResolveLocalizedCredentials" Sequence="51"/>
+    <ROW Action="TerminateUIOld" Sequence="202"/>
+    <ROW Action="AI_DATA_SETTER_6" Sequence="201"/>
+    <ROW Action="TerminateUINew" Sequence="204"/>
+    <ROW Action="AI_DATA_SETTER_5" Sequence="203"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
     <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
@@ -498,7 +498,7 @@
     <ROW XmlAttribute="xsischemaLocation" XmlElement="swidsoftware_identification_tag" Name="xsi:schemaLocation" Flags="14" Order="3" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd software_identification_tag.xsd"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
-    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="1" UpdateIndexInParent="0"/>
+    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="2" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidentitlement_required_indicator" ParentElement="swidsoftware_identification_tag" Name="swid:entitlement_required_indicator" Condition="1" Order="0" Flags="14" Text="false" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidmajor" ParentElement="swidnumeric" Name="swid:major" Condition="1" Order="0" Flags="14" Text="1" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="12" UpdateIndexInParent="0"/>

node/Switch.cpp

@@ -509,7 +509,17 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
 					adv[42] = (checksum >> 8) & 0xff;
 					adv[43] = checksum & 0xff;
 
-					RR->node->putFrame(tPtr,network->id(),network->userPtr(),peerMac,from,ZT_ETHERTYPE_IPV6,0,adv,72);
+					//
+					// call on separate background thread
+					// this prevents problems related to trying to do rx while inside of doing tx, such as acquiring same lock recursively
+					//
+
+					std::thread([=]() {
+
+						RR->node->putFrame(tPtr, network->id(), network->userPtr(), peerMac, from, ZT_ETHERTYPE_IPV6, 0, adv, 72);
+
+					}).detach();
+
 					return; // NDP emulation done. We have forged a "fake" reply, so no need to send actual NDP query.
 				} // else no NDP emulation
 			} // else no NDP emulation
@@ -546,8 +556,18 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
 			data,
 			len);
 	} else if (to == network->mac()) {
+
 		// Destination is this node, so just reinject it
-		RR->node->putFrame(tPtr,network->id(),network->userPtr(),from,to,etherType,vlanId,data,len);
+
+		//
+		// same pattern as putFrame call above
+		//
+		std::thread([=]() {
+
+			RR->node->putFrame(tPtr, network->id(), network->userPtr(), from, to, etherType, vlanId, data, len);
+
+		}).detach();
+
 	} else if (to[0] == MAC::firstOctetForNetwork(network->id())) {
 		// Destination is another ZeroTier peer on the same network
 

osdep/ManagedRoute.cpp

@@ -484,58 +484,57 @@ bool ManagedRoute::sync()
 
 
 	if (!hasRoute) {
-		if (_target && _target.netmaskBits() == 0) {
+		if (_target && _target.netmaskBits() == 0) { // Allow Default
 			InetAddress newSystemVia;
 			char newSystemDevice[128];
 			newSystemDevice[0] = (char)0;
 
-			// If macos has a network hiccup, it deletes what _systemVia we had set.
-			// Then we don't know how to set the default route again.
-			// So use the one we had set previously. Don't overwrite it.
-			if (!_systemVia) {
-				// Find system default route that this route should override
-				// We need to put it back when default route is turned off
-				for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) {
-					if (r->via) {
-						if ( !_systemVia && r->isDefault == 1 && (strcmp(r->device,_device) != 0) ) {
-
-							newSystemVia = r->via;
-							Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device);
-						}
-					}
-				}
-				if (newSystemVia) { _systemVia = newSystemVia; }
+			// if our routes got deleted
+			// delete the systemd via that we had added with -ifscope
+			if (_systemVia && !!_systemDevice[0]) {
+				_routeCmd("delete",_target,_systemVia,_systemDevice,(const char *)0);
 			}
 
+			_systemVia = newSystemVia;
+			Utils::scopy(_systemDevice,sizeof(_systemDevice),newSystemDevice);
+			// If macos has a network hiccup, it deletes what the route we set, and it's own physical routes.
+			// if !hasRoute (our 0.0.0.0 has been deleted), the OS has changed stuff
+			// So don't assume _systemX are valid anymore. Always get for _system{Via,Device}
 
-			// char buf1[255], buf2[255];
-			// fprintf(stderr, "_systemVia %s new %s\n", _systemVia.toString(buf1), newSystemVia.toString(buf2));
-			if (!_systemVia) { return false; }
+			// Find system default route that this route should override
+			// We need to put it back when default route is turned off
+			for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) {
+				if (r->via) {
+					if ( r->isDefault == 1 && (strcmp(r->device,_device) != 0) ) {
 
-			if (!_systemDevice[0]) {
-				// Get device corresponding to route if we don't have that already
-				if ((newSystemVia)&&(!newSystemDevice[0])) {
-					rtes = _getRTEs(newSystemVia,true);
-					for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) {
-						if ( (r->device[0]) && (strcmp(r->device,_device) != 0) && r->target.netmaskBits() != 0) {
-							Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device);
-							break;
-						}
+						// char buf[255];
+						// fprintf(stderr, "system device1  %s  %s\n", r->via.toString(buf), r->device);
+
+						newSystemVia = r->via;
+						Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device);
+						break;
 					}
 				}
+			}
 
-				if (newSystemDevice[0]) {
-					Utils::scopy(_systemDevice,sizeof(_systemDevice),newSystemDevice);
-				}
+			if (newSystemVia) { _systemVia = newSystemVia; }
+			if (newSystemDevice[0]) {
+				Utils::scopy(_systemDevice,sizeof(_systemDevice),newSystemDevice);
 			}
-			// fprintf(stderr, "_systemDevice %s new %s\n", _systemDevice, newSystemDevice);
-			if (!_systemDevice[0]) { return false; }
 
+			// if there's no newSystemVia, the OS might not have
+			// ipv4 or ipv6 connectivity.
+			// we should still add our ZeroTier ipv4 or 6 routes though
+
+			if (!!_systemVia && !!_systemDevice[0]) {
+				_routeCmd("delete",_target,_systemVia,(const char *)0,(const char *)0);
+			}
 
-			// Do Default Route route commands
-			_routeCmd("delete",_target,_systemVia,(const char *)0,(const char *)0);
 			_routeCmd("add",_target,_via,(const char *)0,(const char *)0);
-			_routeCmd("add",_target,_systemVia,_systemDevice,(const char *)0);
+
+			if (!!_systemVia && !!_systemDevice[0]) {
+				_routeCmd("add",_target,_systemVia,_systemDevice,(const char *)0);
+			}
 
 			_applied[_target] = true;
 
@@ -595,8 +594,8 @@ void ManagedRoute::remove()
 	for(std::map<InetAddress,bool>::iterator r(_applied.begin());r!=_applied.end();++r) {
 #ifdef __BSD__ // ------------------------------------------------------------
 		if (_target && _target.netmaskBits() == 0) {
-			if (_systemVia) {
-				_routeCmd("delete",_target,_via,(const char *)0,(const char *)0);
+			_routeCmd("delete",_target,_via,(const char *)0,(const char *)0);
+			if (_systemVia && _systemDevice[0]) {
 				_routeCmd("delete",_target,_systemVia,_systemDevice,(const char *)0);
 
 				_routeCmd("add",_target,_systemVia,(const char *)0,(const char *)0);