From 6e6fc9a704e4a9f94e56a0a4e728c7cff7a6699b Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 21 Aug 2025 09:55:08 -0400 Subject: [PATCH] Add conditional compilation of controller. --- make-bsd.mk | 9 +++++++++ make-linux.mk | 18 ++++++++++++------ make-mac.mk | 33 +++++++++++++++++---------------- make-netbsd.mk | 9 +++++++++ node/Multicaster.cpp | 8 +++----- node/NetworkConfig.hpp | 18 +----------------- node/Switch.cpp | 9 --------- objects-nonfree.mk | 8 ++++++++ objects.mk | 7 ------- service/OneService.cpp | 6 ++++++ 10 files changed, 65 insertions(+), 60 deletions(-) create mode 100644 objects-nonfree.mk diff --git a/make-bsd.mk b/make-bsd.mk index f7d42531d..d8bdabfa1 100644 --- a/make-bsd.mk +++ b/make-bsd.mk @@ -7,6 +7,15 @@ LIBS= include objects.mk ONE_OBJS+=osdep/BSDEthernetTap.o ext/http-parser/http_parser.o +ifeq ($(ZT_CONTROLLER),1) + ZT_NONFREE=1 +endif +ifeq ($(ZT_NONFREE),1) + include objects-nonfree.mk + ONE_OBJS+=$(CONTROLLER_OBJS) + override DEFS += -DZT_NONFREE_CONTROLLER +endif + ifeq ($(OSTYPE),FreeBSD) # Auto-detect miniupnpc and nat-pmp as well and use ports libs if present, # otherwise build into binary as done on Mac and Windows. diff --git a/make-linux.mk b/make-linux.mk index 58fa1651c..97076745d 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -16,6 +16,16 @@ DESTDIR?= EXTRA_DEPS?= include objects.mk + +ifeq ($(ZT_CONTROLLER),1) + ZT_NONFREE=1 +endif +ifeq ($(ZT_NONFREE),1) + include objects-nonfree.mk + ONE_OBJS+=$(CONTROLLER_OBJS) + override DEFS += -DZT_NONFREE_CONTROLLER +endif + ifeq ($(ZT_EXTOSDEP),1) ONE_OBJS+=osdep/ExtOsdep.o override DEFS += -DZT_EXTOSDEP @@ -56,7 +66,7 @@ ifeq ($(ZT_RULES_ENGINE_DEBUGGING),1) endif ifeq ($(ZT_DEBUG_TRACE),1) - DEFS+=-DZT_DEBUG_TRACE + override DEFS+=-DZT_DEBUG_TRACE endif # Build with address sanitization library for advanced debugging (clang) @@ -94,10 +104,6 @@ ifeq ($(ZT_SYNOLOGY), 1) ZT_EMBEDDED=1 endif -ifeq ($(ZT_DISABLE_COMPRESSION), 1) - override DEFS+=-DZT_DISABLE_COMPRESSION -endif - ifeq ($(ZT_TRACE),1) override DEFS+=-DZT_TRACE endif @@ -115,7 +121,7 @@ ifeq ($(ZT_VAULT_SUPPORT),1) override LDLIBS+=-lcurl endif -# Determine system build architecture from compiler target +# Determine system build architecture from compiler target. This is hairy due to "ARM wrestling." CC_MACH=$(shell $(CC) -dumpmachine | cut -d '-' -f 1) ZT_ARCHITECTURE=999 ifeq ($(CC_MACH),x86_64) diff --git a/make-mac.mk b/make-mac.mk index 6bf2a8de4..6b17e078a 100644 --- a/make-mac.mk +++ b/make-mac.mk @@ -31,9 +31,16 @@ include objects.mk ONE_OBJS+=osdep/MacEthernetTap.o osdep/MacKextEthernetTap.o osdep/MacDNSHelper.o ext/http-parser/http_parser.o LIBS+=-framework CoreServices -framework SystemConfiguration -framework CoreFoundation -framework Security -# Official releases are signed with our Apple cert and apply software updates by default +ifeq ($(ZT_CONTROLLER),1) + ZT_NONFREE=1 +endif +ifeq ($(ZT_NONFREE),1) + include objects-nonfree.mk + ONE_OBJS+=$(CONTROLLER_OBJS) + override DEFS += -DZT_NONFREE_CONTROLLER +endif + ifeq ($(ZT_OFFICIAL_RELEASE),1) - DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"apply\"" ZT_USE_MINIUPNPC=1 CODESIGN=codesign PRODUCTSIGN=productsign @@ -42,23 +49,21 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1) NOTARIZE=xcrun notarytool NOTARIZE_APPLE_ID="adam.ierymenko@gmail.com" NOTARIZE_TEAM_ID="8ZD9JUCZ4V" -else - DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"download\"" endif # Use fast ASM Salsa20/12 for x64 processors -DEFS+=-DZT_USE_X64_ASM_SALSA2012 +override DEFS+=-DZT_USE_X64_ASM_SALSA2012 CORE_OBJS+=ext/x64-salsa2012-asm/salsa2012.o CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++ # Build miniupnpc and nat-pmp as included libraries -- extra defs are required for these sources -DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR +override DEFS+=-DMACOSX -DZT_SSO_SUPPORTED -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR ONE_OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o osdep/PortMapper.o ifeq ($(ZT_CONTROLLER),1) MACOS_VERSION_MIN=10.15 override CXXFLAGS=$(CFLAGS) -std=c++17 -stdlib=libc++ LIBS+=-L/opt/homebrew/lib -L/usr/local/opt/libpqxx/lib -L/usr/local/opt/libpq/lib -L/usr/local/opt/openssl/lib/ -lpqxx -lpq -lssl -lcrypto -lgssapi_krb5 ext/redis-plus-plus-1.1.1/install/macos/lib/libredis++.a ext/hiredis-0.14.1/lib/macos/libhiredis.a rustybits/target/libsmeeclient.a - DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER + override DEFS+=-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER_USE_REDIS -DZT_CONTROLLER INCLUDES+=-I/opt/homebrew/include -I/opt/homebrew/opt/libpq/include -I/usr/local/opt/libpq/include -I/usr/local/opt/libpqxx/include -Iext/hiredis-0.14.1/include/ -Iext/redis-plus-plus-1.1.1/install/macos/include/sw/ -Irustybits/target/ else MACOS_VERSION_MIN=10.13 @@ -66,10 +71,10 @@ endif # Build with address sanitization library for advanced debugging (clang) ifeq ($(ZT_SANITIZE),1) - DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1 + override DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1 endif ifeq ($(ZT_DEBUG_TRACE),1) - DEFS+=-DZT_DEBUG_TRACE + override DEFS+=-DZT_DEBUG_TRACE endif # Debug mode -- dump trace output, build binary with -g ifeq ($(ZT_DEBUG),1) @@ -91,15 +96,15 @@ else endif ifeq ($(ZT_TRACE),1) - DEFS+=-DZT_TRACE + override DEFS+=-DZT_TRACE endif ifeq ($(ZT_DEBUG),1) - DEFS+=-DZT_DEBUG + override DEFS+=-DZT_DEBUG endif ifeq ($(ZT_VAULT_SUPPORT),1) - DEFS+=-DZT_VAULT_SUPPORT=1 + override DEFS+=-DZT_VAULT_SUPPORT=1 LIBS+=-lcurl endif @@ -170,10 +175,6 @@ libzerotiercore.a: $(CORE_OBJS) core: libzerotiercore.a -#cli: FORCE -# $(CXX) $(CXXFLAGS) -o zerotier cli/zerotier.cpp osdep/OSUtils.cpp node/InetAddress.cpp node/Utils.cpp node/Salsa20.cpp node/Identity.cpp node/SHA512.cpp node/C25519.cpp -lcurl -# $(STRIP) zerotier - selftest: $(CORE_OBJS) $(ONE_OBJS) selftest.o $(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(CORE_OBJS) $(ONE_OBJS) $(LIBS) rustybits/target/libzeroidc.a $(STRIP) zerotier-selftest diff --git a/make-netbsd.mk b/make-netbsd.mk index a7e19954b..2b7374ac6 100644 --- a/make-netbsd.mk +++ b/make-netbsd.mk @@ -8,6 +8,15 @@ LIBS= include objects.mk OBJS+=osdep/NetBSDEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o +ifeq ($(ZT_CONTROLLER),1) + ZT_NONFREE=1 +endif +ifeq ($(ZT_NONFREE),1) + include objects-nonfree.mk + ONE_OBJS+=$(CONTROLLER_OBJS) + override DEFS += -DZT_NONFREE_CONTROLLER +endif + # "make official" is a shortcut for this ifeq ($(ZT_OFFICIAL_RELEASE),1) DEFS+=-DZT_OFFICIAL_RELEASE diff --git a/node/Multicaster.cpp b/node/Multicaster.cpp index e87024ff3..5a4d82a83 100644 --- a/node/Multicaster.cpp +++ b/node/Multicaster.cpp @@ -181,9 +181,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr& networ outp.append((uint32_t)mg.adi()); outp.append((uint16_t)etherType); outp.append(data, len); - if (! network->config().disableCompression()) { - outp.compress(); - } + outp.compress(); outp.armor(bestMulticastReplicator->key(), true, false, bestMulticastReplicator->aesKeysIfSupported(), bestMulticastReplicator->identity()); Metrics::pkt_multicast_frame_out++; bestMulticastReplicatorPath->send(RR, tPtr, outp.data(), outp.size(), now); @@ -227,7 +225,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr& networ RR, now, network->id(), - network->config().disableCompression(), + false, limit, 1, // we'll still gather a little from peers to keep multicast list fresh src, @@ -315,7 +313,7 @@ void Multicaster::send(void* tPtr, int64_t now, const SharedPtr& networ gs.txQueue.push_back(OutboundMulticast()); OutboundMulticast& out = gs.txQueue.back(); - out.init(RR, now, network->id(), network->config().disableCompression(), limit, gatherLimit, src, mg, etherType, data, len); + out.init(RR, now, network->id(), false, limit, gatherLimit, src, mg, etherType, data, len); if (origin) { out.logAsSent(origin); diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp index e6fdce80a..fad2bc7de 100644 --- a/node/NetworkConfig.hpp +++ b/node/NetworkConfig.hpp @@ -55,7 +55,7 @@ #define ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH 0x0000000000000008ULL /** - * Flag: disable frame compression + * Flag: disable frame compression (unused, now always disabled) */ #define ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION 0x0000000000000010ULL @@ -273,22 +273,6 @@ class NetworkConfig { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION) != 0); } - /** - * @return True if frames should not be compressed - */ - inline bool disableCompression() const - { -#ifndef ZT_DISABLE_COMPRESSION - return ((this->flags & ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION) != 0); -#else - /* Compression is disabled for libzt builds since it causes non-obvious chaotic - interference with lwIP's TCP congestion algorithm. Compression is also disabled - for some NAS builds due to the usage of low-performance processors in certain - older and budget models. */ - return false; -#endif - } - /** * @return Network type is public (no access control) */ diff --git a/node/Switch.cpp b/node/Switch.cpp index 4de7ee8cb..90cd11b3e 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -550,9 +550,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr& network, cons outp.append(network->id()); outp.append((uint16_t)etherType); outp.append(data, len); - // 1.4.8: disable compression for unicast as it almost never helps - // if (!network->config().disableCompression()) - // outp.compress(); aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId); } else { @@ -563,9 +560,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr& network, cons from.appendTo(outp); outp.append((uint16_t)etherType); outp.append(data, len); - // 1.4.8: disable compression for unicast as it almost never helps - // if (!network->config().disableCompression()) - // outp.compress(); aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId); } } @@ -627,9 +621,6 @@ void Switch::onLocalEthernet(void* tPtr, const SharedPtr& network, cons from.appendTo(outp); outp.append((uint16_t)etherType); outp.append(data, len); - // 1.4.8: disable compression for unicast as it almost never helps - // if (!network->config().disableCompression()) - // outp.compress(); aqm_enqueue(tPtr, network, outp, true, qosBucket, network->id(), flowId); } else { diff --git a/objects-nonfree.mk b/objects-nonfree.mk new file mode 100644 index 000000000..cd25cce11 --- /dev/null +++ b/objects-nonfree.mk @@ -0,0 +1,8 @@ +CONTROLLER_OBJS=\ + nonfree/controller/EmbeddedNetworkController.o \ + nonfree/controller/DBMirrorSet.o \ + nonfree/controller/DB.o \ + nonfree/controller/FileDB.o \ + nonfree/controller/CtlUtil.o \ + nonfree/controller/CV1.o \ + nonfree/controller/CV2.o diff --git a/objects.mk b/objects.mk index 5f6f636c7..1913bef00 100644 --- a/objects.mk +++ b/objects.mk @@ -34,13 +34,6 @@ CORE_OBJS=\ osdep/OSUtils.o ONE_OBJS=\ - nonfree/controller/EmbeddedNetworkController.o \ - nonfree/controller/DBMirrorSet.o \ - nonfree/controller/DB.o \ - nonfree/controller/FileDB.o \ - nonfree/controller/CtlUtil.o \ - nonfree/controller/CV1.o \ - nonfree/controller/CV2.o \ osdep/EthernetTap.o \ osdep/ManagedRoute.o \ osdep/Http.o \ diff --git a/service/OneService.cpp b/service/OneService.cpp index 206fe6e7a..81d08f84c 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1258,11 +1258,13 @@ class OneServiceImpl : public OneService { OSUtils::rmDashRf((_homePath + ZT_PATH_SEPARATOR_S "iddb.d").c_str()); // Network controller is now enabled by default for desktop and server +#ifdef ZT_NONFREE_CONTROLLER _controller = new EmbeddedNetworkController(_node, _homePath.c_str(), _controllerDbPath.c_str(), _ports[0], _rc); if (! _ssoRedirectURL.empty()) { _controller->setSSORedirectURL(_ssoRedirectURL); } _node->setNetconfMaster((void*)_controller); +#endif startHTTPControlPlane(); @@ -2596,9 +2598,11 @@ class OneServiceImpl : public OneService { _controlPlane.set_exception_handler(exceptionHandler); _controlPlaneV6.set_exception_handler(exceptionHandler); +#ifdef ZT_NONFREE_CONTROLLER if (_controller) { _controller->configureHTTPControlPlane(_controlPlane, _controlPlaneV6, setContent); } +#endif #ifndef ZT_EXTOSDEP _controlPlane.set_pre_routing_handler(authCheck); @@ -3649,9 +3653,11 @@ class OneServiceImpl : public OneService { } break; case ZT_EVENT_REMOTE_TRACE: { +#ifdef ZT_NONFREE_CONTROLLER const ZT_RemoteTrace* rt = reinterpret_cast(metaData); if ((rt) && (rt->len > 0) && (rt->len <= ZT_MAX_REMOTE_TRACE_SIZE) && (rt->data)) _controller->handleRemoteTrace(*rt); +#endif } default: