More plumbing

go/pkg/zerotier/api.go

@@ -69,6 +69,29 @@ func APIPost(basePath, socketName, authToken, queryPath string, post, result int
 	if err != nil {
 		return http.StatusTeapot, err
 	}
+	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("Authorization", "bearer "+authToken)
+	resp, err := client.Do(req)
+	if err != nil {
+		return http.StatusTeapot, err
+	}
+	if result != nil {
+		err = json.NewDecoder(resp.Body).Decode(result)
+		return resp.StatusCode, err
+	}
+	return resp.StatusCode, nil
+}
+
+// APIDelete posts DELETE to a path and fills result with the outcome (if any) if result is non-nil
+func APIDelete(basePath, socketName, authToken, queryPath string, result interface{}) (int, error) {
+	client, err := createNamedSocketHTTPClient(basePath, socketName)
+	if err != nil {
+		return http.StatusTeapot, err
+	}
+	req, err := http.NewRequest("DELETE", "http://socket"+queryPath, nil)
+	if err != nil {
+		return http.StatusTeapot, err
+	}
 	req.Header.Add("Authorization", "bearer "+authToken)
 	resp, err := client.Do(req)
 	if err != nil {
@@ -90,8 +113,8 @@ type APIStatus struct {
 	PeerCount               int
 	PathCount               int
 	Identity                *Identity
-	InterfaceAddresses      []net.IP
-	MappedExternalAddresses []*InetAddress
+	InterfaceAddresses      []net.IP       `json:",omitempty"`
+	MappedExternalAddresses []*InetAddress `json:",omitempty"`
 	Version                 string
 	VersionMajor            int
 	VersionMinor            int
@@ -102,9 +125,9 @@ type APIStatus struct {
 // APINetwork is the object returned by API network inquiries
 type APINetwork struct {
 	ID                     NetworkID
-	Config                 *NetworkConfig
-	Settings               *NetworkLocalSettings
-	MulticastSubscriptions []*MulticastGroup
+	Config                 NetworkConfig
+	Settings               *NetworkLocalSettings `json:",omitempty"`
+	MulticastSubscriptions []*MulticastGroup     `json:",omitempty"`
 	TapDeviceType          string
 	TapDeviceName          string
 	TapDeviceEnabled       bool
@@ -113,8 +136,7 @@ type APINetwork struct {
 func apiNetworkFromNetwork(n *Network) *APINetwork {
 	var nn APINetwork
 	nn.ID = n.ID()
-	c := n.Config()
-	nn.Config = &c
+	nn.Config = n.Config()
 	ls := n.LocalSettings()
 	nn.Settings = &ls
 	nn.MulticastSubscriptions = n.MulticastSubscriptions()
@@ -175,7 +197,7 @@ func apiCheckAuth(out http.ResponseWriter, req *http.Request, token string) bool
 }
 
 // createAPIServer creates and starts an HTTP server for a given node
-func createAPIServer(basePath string, node *Node) (*http.Server, error) {
+func createAPIServer(basePath string, node *Node) (*http.Server, *http.Server, error) {
 	// Read authorization token, automatically generating one if it's missing
 	var authToken string
 	authTokenFile := path.Join(basePath, "authtoken.secret")
@@ -184,14 +206,14 @@ func createAPIServer(basePath string, node *Node) (*http.Server, error) {
 		var atb [20]byte
 		_, err = secrand.Read(atb[:])
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		for i := 0; i < 20; i++ {
 			atb[i] = "abcdefghijklmnopqrstuvwxyz0123456789"[atb[i]%36]
 		}
 		err = ioutil.WriteFile(authTokenFile, atb[:], 0600)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		_ = acl.Chmod(authTokenFile, 0600)
 		authToken = string(atb[:])
@@ -348,7 +370,7 @@ func createAPIServer(basePath string, node *Node) (*http.Server, error) {
 				for _, nw := range networks {
 					if nw.id == queriedID {
 						_ = node.Leave(queriedID)
-						_ = apiSendObj(out, req, http.StatusOK, nw)
+						_ = apiSendObj(out, req, http.StatusOK, apiNetworkFromNetwork(nw))
 						return
 					}
 				}
@@ -468,7 +490,7 @@ func createAPIServer(basePath string, node *Node) (*http.Server, error) {
 
 	listener, err := createNamedSocketListener(basePath, APISocketName)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	httpServer := &http.Server{
 		MaxHeaderBytes: 4096,
@@ -479,12 +501,34 @@ func createAPIServer(basePath string, node *Node) (*http.Server, error) {
 	}
 	httpServer.SetKeepAlivesEnabled(true)
 	go func() {
-		err := httpServer.Serve(listener)
-		if err != nil {
-			node.log.Printf("ERROR: unable to start API HTTP server: %s (continuing anyway but CLI will not work!)", err.Error())
-		}
+		_ = httpServer.Serve(listener)
 		_ = listener.Close()
 	}()
 
-	return httpServer, nil
+	var tcpHttpServer *http.Server
+	tcpBindAddr := node.LocalConfig().Settings.APITCPBindAddress
+	if tcpBindAddr != nil {
+		tcpListener, err := net.ListenTCP("tcp", &net.TCPAddr{
+			IP:   tcpBindAddr.IP,
+			Port: tcpBindAddr.Port,
+		})
+		if err != nil {
+			node.log.Printf("ERROR: unable to start API HTTP server at TCP bind address %s: %s (continuing anyway)", tcpBindAddr.String(), err.Error())
+		} else {
+			tcpHttpServer = &http.Server{
+				MaxHeaderBytes: 4096,
+				Handler:        smux,
+				IdleTimeout:    10 * time.Second,
+				ReadTimeout:    10 * time.Second,
+				WriteTimeout:   600 * time.Second,
+			}
+			tcpHttpServer.SetKeepAlivesEnabled(true)
+			go func() {
+				_ = tcpHttpServer.Serve(tcpListener)
+				_ = tcpListener.Close()
+			}()
+		}
+	}
+
+	return httpServer, tcpHttpServer, nil
 }

go/pkg/zerotier/localconfig.go

@@ -33,7 +33,7 @@ type LocalConfigPhysicalPathConfiguration struct {
 // LocalConfigVirtualAddressConfiguration contains settings for virtual addresses
 type LocalConfigVirtualAddressConfiguration struct {
 	// Try is a list of IPs/ports to try for this peer in addition to anything learned from roots or direct path push
-	Try []*InetAddress
+	Try []*InetAddress `json:",omitempty"`
 }
 
 // LocalConfigSettings contains node settings
@@ -59,26 +59,29 @@ type LocalConfigSettings struct {
 	// MultipathMode sets the multipath link aggregation mode
 	MuiltipathMode int
 
+	// IP/port to bind for TCP access to control API (disabled if null)
+	APITCPBindAddress *InetAddress `json:",omitempty"`
+
 	// InterfacePrefixBlacklist are prefixes of physical network interface names that won't be used by ZeroTier (e.g. "lo" or "utun")
-	InterfacePrefixBlacklist []string
+	InterfacePrefixBlacklist []string `json:",omitempty"`
 
 	// ExplicitAddresses are explicit IP/port addresses to advertise to other nodes, such as externally mapped ports on a router
-	ExplicitAddresses []*InetAddress
+	ExplicitAddresses []*InetAddress `json:",omitempty"`
 }
 
 // LocalConfig is the local.conf file and stores local settings for the node.
 type LocalConfig struct {
 	// Physical path configurations by CIDR IP/bits
-	Physical map[string]*LocalConfigPhysicalPathConfiguration
+	Physical map[string]*LocalConfigPhysicalPathConfiguration `json:",omitempty"`
 
 	// Virtual node specific configurations by 10-digit hex ZeroTier address
-	Virtual map[Address]*LocalConfigVirtualAddressConfiguration
+	Virtual map[Address]*LocalConfigVirtualAddressConfiguration `json:",omitempty"`
 
 	// Network local configurations by 16-digit hex ZeroTier network ID
-	Network map[NetworkID]*NetworkLocalSettings
+	Network map[NetworkID]*NetworkLocalSettings `json:",omitempty"`
 
 	// LocalConfigSettings contains other local settings for this node
-	Settings LocalConfigSettings
+	Settings LocalConfigSettings `json:",omitempty"`
 }
 
 // Read this local config from a file, initializing to defaults if the file does not exist

go/pkg/zerotier/node.go

@@ -170,6 +170,7 @@ type Node struct {
 	zn                     *C.ZT_Node
 	id                     *Identity
 	apiServer              *http.Server
+	tcpApiServer           *http.Server
 	online                 uint32
 	running                uint32
 	runLock                sync.Mutex
@@ -285,7 +286,7 @@ func NewNode(basePath string) (*Node, error) {
 		return nil, err
 	}
 
-	n.apiServer, err = createAPIServer(basePath, n)
+	n.apiServer, n.tcpApiServer, err = createAPIServer(basePath, n)
 	if err != nil {
 		n.log.Printf("FATAL: unable to start API server: %s", err.Error())
 		C.ZT_GoNode_delete(n.gn)
@@ -399,13 +400,21 @@ func NewNode(basePath string) (*Node, error) {
 // Close closes this Node and frees its underlying C++ Node structures
 func (n *Node) Close() {
 	if atomic.SwapUint32(&n.running, 0) != 0 {
-		_ = n.apiServer.Close()
+		if n.apiServer != nil {
+			_ = n.apiServer.Close()
+		}
+		if n.tcpApiServer != nil {
+			_ = n.tcpApiServer.Close()
+		}
+
 		C.ZT_GoNode_delete(n.gn)
+
+		n.runLock.Lock() // wait for maintenance gorountine to die
+		n.runLock.Unlock()
+
 		nodesByUserPtrLock.Lock()
 		delete(nodesByUserPtr, uintptr(unsafe.Pointer(n.gn)))
 		nodesByUserPtrLock.Unlock()
-		n.runLock.Lock() // wait for maintenance gorountine to die
-		n.runLock.Unlock()
 	}
 }
 
@@ -943,9 +952,9 @@ func goVirtualNetworkConfigFunc(gn, _ unsafe.Pointer, nwid C.uint64_t, op C.int,
 				for i := 0; i < int(ncc.routeCount); i++ {
 					tgt := sockaddrStorageToIPNet(&ncc.routes[i].target)
 					viaN := sockaddrStorageToIPNet(&ncc.routes[i].via)
-					var via net.IP
-					if viaN != nil {
-						via = viaN.IP
+					var via *net.IP
+					if viaN != nil && len(viaN.IP) > 0 {
+						via = &viaN.IP
 					}
 					if tgt != nil {
 						nc.Routes = append(nc.Routes, Route{

go/pkg/zerotier/route.go

@@ -24,7 +24,7 @@ type Route struct {
 	Target net.IPNet
 
 	// Via is how to reach this target (null/empty if the target IP range is local to this virtual LAN)
-	Via net.IP
+	Via *net.IP
 
 	// Route flags (currently unused, always 0)
 	Flags uint16
@@ -35,7 +35,7 @@ type Route struct {
 
 // String returns a string representation of this route
 func (r *Route) String() string {
-	if len(r.Via) == 0 {
+	if r.Via != nil {
 		return r.Target.String() + "->LAN"
 	}
 	return r.Target.String() + "->" + r.Via.String()