Add conditional compilation of controller.

make-bsd.mk

@@ -7,6 +7,15 @@ LIBS=
 include objects.mk
 ONE_OBJS+=osdep/BSDEthernetTap.o ext/http-parser/http_parser.o
 
+ifeq ($(ZT_CONTROLLER),1)
+	ZT_NONFREE=1
+endif
+ifeq ($(ZT_NONFREE),1)
+	include objects-nonfree.mk
+	ONE_OBJS+=$(CONTROLLER_OBJS)
+	override DEFS += -DZT_NONFREE_CONTROLLER
+endif
+
 ifeq ($(OSTYPE),FreeBSD)
 	# Auto-detect miniupnpc and nat-pmp as well and use ports libs if present,
 	# otherwise build into binary as done on Mac and Windows.

make-linux.mk

@@ -16,6 +16,16 @@ DESTDIR?=
 EXTRA_DEPS?=
 
 include objects.mk
+
+ifeq ($(ZT_CONTROLLER),1)
+	ZT_NONFREE=1
+endif
+ifeq ($(ZT_NONFREE),1)
+	include objects-nonfree.mk
+	ONE_OBJS+=$(CONTROLLER_OBJS)
+	override DEFS += -DZT_NONFREE_CONTROLLER
+endif
+
 ifeq ($(ZT_EXTOSDEP),1)
 	ONE_OBJS+=osdep/ExtOsdep.o
 	override DEFS += -DZT_EXTOSDEP
@@ -56,7 +66,7 @@ ifeq ($(ZT_RULES_ENGINE_DEBUGGING),1)
 endif
 
 ifeq ($(ZT_DEBUG_TRACE),1)
-	DEFS+=-DZT_DEBUG_TRACE
+	override DEFS+=-DZT_DEBUG_TRACE
 endif
 
 # Build with address sanitization library for advanced debugging (clang)
@@ -94,10 +104,6 @@ ifeq ($(ZT_SYNOLOGY), 1)
 	ZT_EMBEDDED=1
 endif
 
-ifeq ($(ZT_DISABLE_COMPRESSION), 1)
-	override DEFS+=-DZT_DISABLE_COMPRESSION
-endif
-
 ifeq ($(ZT_TRACE),1)
 	override DEFS+=-DZT_TRACE
 endif
@@ -115,7 +121,7 @@ ifeq ($(ZT_VAULT_SUPPORT),1)
 	override LDLIBS+=-lcurl
 endif
 
-# Determine system build architecture from compiler target
+# Determine system build architecture from compiler target. This is hairy due to "ARM wrestling."
 CC_MACH=$(shell $(CC) -dumpmachine | cut -d '-' -f 1)
 ZT_ARCHITECTURE=999
 ifeq ($(CC_MACH),x86_64)

make-mac.mk

@@ -31,9 +31,16 @@ include objects.mk
 ONE_OBJS+=osdep/MacEthernetTap.o osdep/MacKextEthernetTap.o osdep/MacDNSHelper.o ext/http-parser/http_parser.o
 LIBS+=-framework CoreServices -framework SystemConfiguration -framework CoreFoundation -framework Security
 
-# Official releases are signed with our Apple cert and apply software updates by default
+ifeq ($(ZT_CONTROLLER),1)
+	ZT_NONFREE=1
+endif
+ifeq ($(ZT_NONFREE),1)
+	include objects-nonfree.mk
+	ONE_OBJS+=$(CONTROLLER_OBJS)
+	override DEFS += -DZT_NONFREE_CONTROLLER
+endif
+
 ifeq ($(ZT_OFFICIAL_RELEASE),1)
-	DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"apply\""
 	ZT_USE_MINIUPNPC=1
 	CODESIGN=codesign
 	PRODUCTSIGN=productsign
@@ -42,23 +49,21 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1)
 	NOTARIZE=xcrun notarytool
 	NOTARIZE_APPLE_ID="adam.ierymenko@gmail.com"
 	NOTARIZE_TEAM_ID="8ZD9JUCZ4V"
-else
-	DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"download\""
 endif
 
 # Use fast ASM Salsa20/12 for x64 processors
-DEFS+=-DZT_USE_X64_ASM_SALSA2012
+override DEFS+=-DZT_USE_X64_ASM_SALSA2012
 CORE_OBJS+=ext/x64-salsa2012-asm/salsa2012.o
 CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++
 
 # Build miniupnpc and nat-pmp as included libraries -- extra defs are required for these sources
-DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
+override DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
 ONE_OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o osdep/PortMapper.o
 ifeq ($(ZT_CONTROLLER),1)
 	MACOS_VERSION_MIN=10.15
 	override CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++
 	LIBS+=-L/opt/homebrew/lib -L/usr/local/opt/libpqxx/lib -L/usr/local/opt/libpq/lib -L/usr/local/opt/openssl/lib/ -lpqxx -lpq -lssl -lcrypto -lgssapi_krb5 ext/redis-plus-plus-1.1.1/install/macos/lib/libredis++.a ext/hiredis-0.14.1/lib/macos/libhiredis.a rustybits/target/libsmeeclient.a
-	DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER
+	override DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER
 	INCLUDES+=-I/opt/homebrew/include -I/opt/homebrew/opt/libpq/include -I/usr/local/opt/libpq/include -I/usr/local/opt/libpqxx/include -Iext/hiredis-0.14.1/include/ -Iext/redis-plus-plus-1.1.1/install/macos/include/sw/ -Irustybits/target/
 else
 	MACOS_VERSION_MIN=10.13
@@ -66,10 +71,10 @@ endif
 
 # Build with address sanitization library for advanced debugging (clang)
 ifeq ($(ZT_SANITIZE),1)
-	DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
+	override DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1
 endif
 ifeq ($(ZT_DEBUG_TRACE),1)
-	DEFS+=-DZT_DEBUG_TRACE
+	override DEFS+=-DZT_DEBUG_TRACE
 endif
 # Debug mode -- dump trace output, build binary with -g
 ifeq ($(ZT_DEBUG),1)
@@ -91,15 +96,15 @@ else
 endif
 
 ifeq ($(ZT_TRACE),1)
-	DEFS+=-DZT_TRACE
+	override DEFS+=-DZT_TRACE
 endif
 
 ifeq ($(ZT_DEBUG),1)
-	DEFS+=-DZT_DEBUG
+	override DEFS+=-DZT_DEBUG
 endif
 
 ifeq ($(ZT_VAULT_SUPPORT),1)
-	DEFS+=-DZT_VAULT_SUPPORT=1
+	override DEFS+=-DZT_VAULT_SUPPORT=1
 	LIBS+=-lcurl
 endif
 
@@ -170,10 +175,6 @@ libzerotiercore.a:	$(CORE_OBJS)
 
 core: libzerotiercore.a
 
-#cli:	FORCE
-#	$(CXX) $(CXXFLAGS) -o zerotier cli/zerotier.cpp osdep/OSUtils.cpp node/InetAddress.cpp node/Utils.cpp node/Salsa20.cpp node/Identity.cpp node/SHA512.cpp node/C25519.cpp -lcurl
-#	$(STRIP) zerotier
-
 selftest: $(CORE_OBJS) $(ONE_OBJS) selftest.o
 	$(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(CORE_OBJS) $(ONE_OBJS) $(LIBS) rustybits/target/libzeroidc.a
 	$(STRIP) zerotier-selftest

make-netbsd.mk

@@ -8,6 +8,15 @@ LIBS=
 include objects.mk
 OBJS+=osdep/NetBSDEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o
 
+ifeq ($(ZT_CONTROLLER),1)
+	ZT_NONFREE=1
+endif
+ifeq ($(ZT_NONFREE),1)
+	include objects-nonfree.mk
+	ONE_OBJS+=$(CONTROLLER_OBJS)
+	override DEFS += -DZT_NONFREE_CONTROLLER
+endif
+
 # "make official" is a shortcut for this
 ifeq ($(ZT_OFFICIAL_RELEASE),1)
 	DEFS+=-DZT_OFFICIAL_RELEASE

node/Multicaster.cpp

@@ -181,9 +181,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
 					outp.append((uint32_t)mg.adi());
 					outp.append((uint16_t)etherType);
 					outp.append(data, len);
-					if (! network->config().disableCompression()) {
-						outp.compress();
-					}
+					outp.compress();
 					outp.armor(bestMulticastReplicator->key(), true, false, bestMulticastReplicator->aesKeysIfSupported(), bestMulticastReplicator->identity());
 					Metrics::pkt_multicast_frame_out++;
 					bestMulticastReplicatorPath->send(RR, tPtr, outp.data(), outp.size(), now);
@@ -227,7 +225,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
 				RR,
 				now,
 				network->id(),
-				network->config().disableCompression(),
+				false,
 				limit,
 				1,	 // we'll still gather a little from peers to keep multicast list fresh
 				src,
@@ -315,7 +313,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr<Network>& networ
 			gs.txQueue.push_back(OutboundMulticast());
 			OutboundMulticast& out = gs.txQueue.back();
 
-			out.init(RR, now, network->id(), network->config().disableCompression(), limit, gatherLimit, src, mg, etherType, data, len);
+			out.init(RR, now, network->id(), false, limit, gatherLimit, src, mg, etherType, data, len);
 
 			if (origin) {
 				out.logAsSent(origin);

node/NetworkConfig.hpp

@@ -55,7 +55,7 @@
 #define ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH 0x0000000000000008ULL
 
 /**
- * Flag: disable frame compression
+ * Flag: disable frame compression (unused, now always disabled)
  */
 #define ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION 0x0000000000000010ULL
 
@@ -273,22 +273,6 @@ class NetworkConfig {
 		return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION) != 0);
 	}
 
-	/**
-	 * @return True if frames should not be compressed
-	 */
-	inline bool disableCompression() const
-	{
-#ifndef ZT_DISABLE_COMPRESSION
-		return ((this->flags & ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION) != 0);
-#else
-		/* Compression is disabled for libzt builds since it causes non-obvious chaotic
-		interference with lwIP's TCP congestion algorithm. Compression is also disabled
-		for some NAS builds due to the usage of low-performance processors in certain
-		older and budget models. */
-		return false;
-#endif
-	}
-
 	/**
 	 * @return Network type is public (no access control)
 	 */

node/Switch.cpp

@@ -550,9 +550,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
 			outp.append(network->id());
 			outp.append((uint16_t)etherType);
 			outp.append(data, len);
-			// 1.4.8: disable compression for unicast as it almost never helps
-			// if (!network->config().disableCompression())
-			//	outp.compress();
 			aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
 		}
 		else {
@@ -563,9 +560,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
 			from.appendTo(outp);
 			outp.append((uint16_t)etherType);
 			outp.append(data, len);
-			// 1.4.8: disable compression for unicast as it almost never helps
-			// if (!network->config().disableCompression())
-			//	outp.compress();
 			aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
 		}
 	}
@@ -627,9 +621,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr<Network>& network, cons
 				from.appendTo(outp);
 				outp.append((uint16_t)etherType);
 				outp.append(data, len);
-				// 1.4.8: disable compression for unicast as it almost never helps
-				// if (!network->config().disableCompression())
-				//	outp.compress();
 				aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId);
 			}
 			else {

objects-nonfree.mk

@@ -0,0 +1,8 @@
+CONTROLLER_OBJS=\
+	nonfree/controller/EmbeddedNetworkController.o \
+	nonfree/controller/DBMirrorSet.o \
+	nonfree/controller/DB.o \
+	nonfree/controller/FileDB.o \
+	nonfree/controller/CtlUtil.o \
+	nonfree/controller/CV1.o \
+	nonfree/controller/CV2.o

objects.mk

@@ -34,13 +34,6 @@ CORE_OBJS=\
 	osdep/OSUtils.o
 
 ONE_OBJS=\
-	nonfree/controller/EmbeddedNetworkController.o \
-	nonfree/controller/DBMirrorSet.o \
-	nonfree/controller/DB.o \
-	nonfree/controller/FileDB.o \
-	nonfree/controller/CtlUtil.o \
-	nonfree/controller/CV1.o \
-	nonfree/controller/CV2.o \
 	osdep/EthernetTap.o \
 	osdep/ManagedRoute.o \
 	osdep/Http.o \

service/OneService.cpp

@@ -1258,11 +1258,13 @@ class OneServiceImpl : public OneService {
 			OSUtils::rmDashRf((_homePath + ZT_PATH_SEPARATOR_S "iddb.d").c_str());
 
 			// Network controller is now enabled by default for desktop and server
+#ifdef ZT_NONFREE_CONTROLLER
 			_controller = new EmbeddedNetworkController(_node, _homePath.c_str(), _controllerDbPath.c_str(), _ports[0], _rc);
 			if (! _ssoRedirectURL.empty()) {
 				_controller->setSSORedirectURL(_ssoRedirectURL);
 			}
 			_node->setNetconfMaster((void*)_controller);
+#endif
 
 			startHTTPControlPlane();
 
@@ -2596,9 +2598,11 @@ class OneServiceImpl : public OneService {
 		_controlPlane.set_exception_handler(exceptionHandler);
 		_controlPlaneV6.set_exception_handler(exceptionHandler);
 
+#ifdef ZT_NONFREE_CONTROLLER
 		if (_controller) {
 			_controller->configureHTTPControlPlane(_controlPlane, _controlPlaneV6, setContent);
 		}
+#endif
 
 #ifndef ZT_EXTOSDEP
 		_controlPlane.set_pre_routing_handler(authCheck);
@@ -3649,9 +3653,11 @@ class OneServiceImpl : public OneService {
 			} break;
 
 			case ZT_EVENT_REMOTE_TRACE: {
+#ifdef ZT_NONFREE_CONTROLLER
 				const ZT_RemoteTrace* rt = reinterpret_cast<const ZT_RemoteTrace*>(metaData);
 				if ((rt) && (rt->len > 0) && (rt->len <= ZT_MAX_REMOTE_TRACE_SIZE) && (rt->data))
 					_controller->handleRemoteTrace(*rt);
+#endif
 			}
 
 			default: