Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev-multipath

osdep/LinuxEthernetTap.cpp

@@ -207,6 +207,15 @@ LinuxEthernetTap::LinuxEthernetTap(
 					printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n");
 					return;
 				}
+
+				ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER;
+				_mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6);
+				if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) {
+					::close(sock);
+					printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n");
+					return;
+				}
+
 				ifr.ifr_flags |= IFF_UP;
 				if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) {
 					::close(sock);
@@ -220,14 +229,6 @@ LinuxEthernetTap::LinuxEthernetTap(
 				// main ZeroTier loop.
 				usleep(500000);
 
-				ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER;
-				_mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6);
-				if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) {
-					::close(sock);
-					printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n");
-					return;
-				}
-
 				ifr.ifr_ifru.ifru_mtu = (int)_mtu;
 				if (ioctl(sock,SIOCSIFMTU,(void *)&ifr) < 0) {
 					::close(sock);

osdep/MacDNSHelper.mm

@@ -39,18 +39,27 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector<I
     sprintf(buf, "State:/Network/Service/%.16llx/DNS", nwid);
     CFStringRef key = CFStringCreateWithCString(NULL, buf, kCFStringEncodingUTF8);
     CFArrayRef list = SCDynamicStoreCopyKeyList(ds, key);
-
     CFIndex i = 0, j = CFArrayGetCount(list);
-    bool ret = TRUE;
-    if (j <= 0) {
-        ret &= SCDynamicStoreAddValue(ds, key, dict);
-    } else {
-        ret &= SCDynamicStoreSetValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i), dict);
+    bool dnsServersChanged = true;
+    CFPropertyListRef oldDNSServers = NULL;
+    if (j > 0) {
+        oldDNSServers = SCDynamicStoreCopyValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i));
+        dnsServersChanged = !CFEqual(oldDNSServers,dict);
     }
-    if (!ret) {
-        fprintf(stderr, "Error writing DNS configuration\n");
+    if (dnsServersChanged) {
+        bool ret = TRUE;
+        if (j <= 0) {
+            ret &= SCDynamicStoreAddValue(ds, key, dict);
+        } else {
+            ret &= SCDynamicStoreSetValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i), dict);
+        }
+        if (!ret) {
+            fprintf(stderr, "Error writing DNS configuration\n");
+        }
+    }
+    if (oldDNSServers != NULL) {
+        CFRelease(oldDNSServers);
     }
-
     CFRelease(list);
     CFRelease(key);
     CFRelease(dict);
@@ -63,8 +72,8 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector<I
     delete[] s;
     CFRelease(ds);
 }
-    
-void MacDNSHelper::removeDNS(uint64_t nwid) 
+
+void MacDNSHelper::removeDNS(uint64_t nwid)
 {
     SCDynamicStoreRef ds = SCDynamicStoreCreate(NULL, CFSTR("zerotier"), NULL, NULL);
 

osdep/MacEthernetTapAgent.c

@@ -64,6 +64,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
+#include <sys/resource.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <net/bpf.h>
@@ -181,6 +182,14 @@ static void die()
 		run("/sbin/ifconfig",s_peerDeviceName,"destroy",(char *)0);
 }
 
+static inline void close_inherited_fds()
+{
+	struct rlimit lim;
+	getrlimit(RLIMIT_NOFILE, &lim);
+	for (int i=3,j=(int)lim.rlim_cur;i<j;++i)
+		close(i);
+}
+
 int main(int argc,char **argv)
 {
 	char buf[128];
@@ -206,6 +215,8 @@ int main(int argc,char **argv)
 	signal(SIGINT,&exit);
 	signal(SIGPIPE,&exit);
 
+	close_inherited_fds();
+
 	if (getuid() != 0) {
 		if (setuid(0) != 0) {
 			fprintf(stderr,"E must be run as root or with root setuid bit on executable\n");