Merge branch 'dev' of http://git.int.zerotier.com/ZeroTier/ZeroTierOne into dev

controller/EmbeddedNetworkController.cpp

@@ -97,7 +97,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule)
 			break;
 	}
 
-	if (r.size() == 0) {
+	if (r.empty()) {
 		switch(rt) {
 			case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
 				r["type"] = "MATCH_SOURCE_ZEROTIER_ADDRESS";
@@ -239,7 +239,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule)
 				break;
 		}
 
-		if (r.size() > 0) {
+		if (!r.empty()) {
 			r["not"] = ((rule.t & 0x80) != 0);
 			r["or"] = ((rule.t & 0x40) != 0);
 		}
@@ -554,7 +554,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpGET(
 	std::string &responseBody,
 	std::string &responseContentType)
 {
-	if ((path.size() > 0)&&(path[0] == "network")) {
+	if ((!path.empty())&&(path[0] == "network")) {
 
 		if ((path.size() >= 2)&&(path[1].length() == 16)) {
 			const uint64_t nwid = Utils::hexStrToU64(path[1].c_str());
@@ -1247,11 +1247,11 @@ void EmbeddedNetworkController::_request(
 
 	Utils::hex(nwid,nwids);
 	_db.get(nwid,network,identity.address().toInt(),member,ns);
-	if ((!network.is_object())||(network.size() == 0)) {
+	if ((!network.is_object())||(network.empty())) {
 		_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_OBJECT_NOT_FOUND);
 		return;
 	}
-	const bool newMember = ((!member.is_object())||(member.size() == 0));
+	const bool newMember = ((!member.is_object())||(member.empty()));
 	DB::initMember(member);
 
 	{
@@ -1459,11 +1459,11 @@ void EmbeddedNetworkController::_request(
 			std::map< uint64_t,json * >::const_iterator ctmp = capsById.find(capId);
 			if (ctmp != capsById.end()) {
 				json *cap = ctmp->second;
-				if ((cap)&&(cap->is_object())&&(cap->size() > 0)) {
+				if ((cap)&&(cap->is_object())&&(!cap->empty())) {
 					ZT_VirtualNetworkRule capr[ZT_MAX_CAPABILITY_RULES];
 					unsigned int caprc = 0;
 					json &caprj = (*cap)["rules"];
-					if ((caprj.is_array())&&(caprj.size() > 0)) {
+					if ((caprj.is_array())&&(!caprj.empty())) {
 						for(unsigned long j=0;j<caprj.size();++j) {
 							if (caprc >= ZT_MAX_CAPABILITY_RULES)
 								break;

controller/LFDB.cpp

@@ -190,10 +190,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons
 				if (resp) {
 					if (resp->status == 200) {
 						nlohmann::json results(OSUtils::jsonParse(resp->body));
-						if ((results.is_array())&&(results.size() > 0)) {
+						if ((results.is_array())&&(!results.empty())) {
 							for(std::size_t ri=0;ri<results.size();++ri) {
 								nlohmann::json &rset = results[ri];
-								if ((rset.is_array())&&(rset.size() > 0)) {
+								if ((rset.is_array())&&(!rset.empty())) {
 
 									nlohmann::json &result = rset[0];
 									if (result.is_object()) {
@@ -258,10 +258,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons
 				if (resp) {
 					if (resp->status == 200) {
 						nlohmann::json results(OSUtils::jsonParse(resp->body));
-						if ((results.is_array())&&(results.size() > 0)) {
+						if ((results.is_array())&&(!results.empty())) {
 							for(std::size_t ri=0;ri<results.size();++ri) {
 								nlohmann::json &rset = results[ri];
-								if ((rset.is_array())&&(rset.size() > 0)) {
+								if ((rset.is_array())&&(!rset.empty())) {
 
 									nlohmann::json &result = rset[0];
 									if (result.is_object()) {

make-bsd.mk

@@ -65,7 +65,7 @@ ifeq ($(CC_MACH),armhf)
 endif
 ifeq ($(CC_MACH),armv6)
 	ZT_ARCHITECTURE=3
-	override DEFS+=-DZT_NO_TYPE_PUNNING
+	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_NO_UNALIGNED_ACCESS
 	ZT_USE_ARM32_NEON_ASM_SALSA2012=1
 endif
 ifeq ($(CC_MACH),armv6zk)
@@ -80,7 +80,7 @@ ifeq ($(CC_MACH),armv6kz)
 endif
 ifeq ($(CC_MACH),armv7)
 	ZT_ARCHITECTURE=3
-	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL
+	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL -DZT_NO_UNALIGNED_ACCESS
 	ZT_USE_ARM32_NEON_ASM_SALSA2012=1
 endif
 ifeq ($(CC_MACH),arm64)

make-linux.mk

@@ -144,6 +144,9 @@ endif
 ifeq ($(CC_MACH),ppc64el)
 	ZT_ARCHITECTURE=8
 endif
+ifeq ($(CC_MACH),e2k)
+	ZT_ARCHITECTURE=2
+endif
 ifeq ($(CC_MACH),i386)
 	ZT_ARCHITECTURE=1
 endif
@@ -206,6 +209,11 @@ ifeq ($(CC_MACH),armv7hl)
 	override DEFS+=-DZT_NO_TYPE_PUNNING
 	ZT_USE_ARM32_NEON_ASM_CRYPTO=1
 endif
+ifeq ($(CC_MACH),armv7ve)
+        ZT_ARCHITECTURE=3
+        override DEFS+=-DZT_NO_TYPE_PUNNING
+        ZT_USE_ARM32_NEON_ASM_CRYPTO=1
+endif
 ifeq ($(CC_MACH),arm64)
 	ZT_ARCHITECTURE=4
 	override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_ARCH_ARM_HAS_NEON -march=armv8-a+aes+crypto -mtune=generic -mstrict-align

make-mac.mk

@@ -96,7 +96,7 @@ ext/x64-salsa2012-asm/salsa2012.o:
 	as -arch x86_64 -mmacosx-version-min=10.7 -o ext/x64-salsa2012-asm/salsa2012.o ext/x64-salsa2012-asm/salsa2012.s
 
 mac-agent: FORCE
-	$(CC) -Ofast $(ARCH_FLAGS) -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c
+	$(CC) -Ofast $(ARCH_FLAGS) -mmacosx-version-min=10.7 -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c
 	$(CODESIGN) -f --options=runtime -s $(CODESIGN_APP_CERT) MacEthernetTapAgent
 
 osdep/MacDNSHelper.o: osdep/MacDNSHelper.mm

node/AES.cpp

@@ -149,22 +149,12 @@ void AES::GMAC::update(const void *const data, unsigned int len) noexcept
 		}
 	}
 
-	if (likely(((uintptr_t)in & 7U) == 0U)) {
-		while (len >= 16) {
-			y0 ^= *reinterpret_cast<const uint64_t *>(in);
-			y1 ^= *reinterpret_cast<const uint64_t *>(in + 8);
-			in += 16;
-			s_gfmul(h0, h1, y0, y1);
-			len -= 16;
-		}
-	} else {
-		while (len >= 16) {
-			y0 ^= Utils::loadMachineEndian< uint64_t >(in);
-			y1 ^= Utils::loadMachineEndian< uint64_t >(in + 8);
-			in += 16;
-			s_gfmul(h0, h1, y0, y1);
-			len -= 16;
-		}
+	while (len >= 16) {
+		y0 ^= Utils::loadMachineEndian< uint64_t >(in);
+		y1 ^= Utils::loadMachineEndian< uint64_t >(in + 8);
+		in += 16;
+		s_gfmul(h0, h1, y0, y1);
+		len -= 16;
 	}
 
 	_y[0] = y0;

node/AES_armcrypto.cpp

@@ -131,7 +131,7 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 	uint8x16_t k14 = _aes.p_k.neon.ek[14];
 
 	unsigned int totalLen = _len;
-	if ((totalLen & 15U)) {
+	if ((totalLen & 15U) != 0) {
 		for (;;) {
 			if (unlikely(!len)) {
 				vst1q_u8(reinterpret_cast<uint8_t *>(_ctr), vrev32q_u8(dd));
@@ -140,7 +140,7 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			}
 			--len;
 			out[totalLen++] = *(in++);
-			if (!(totalLen & 15U)) {
+			if ((totalLen & 15U) == 0) {
 				uint8_t *const otmp = out + (totalLen - 16);
 				uint8x16_t d0 = vrev32q_u8(dd);
 				uint8x16_t pt = vld1q_u8(otmp);
@@ -180,7 +180,10 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			uint8x16_t d2 = vrev32q_u8(dd2);
 			uint8x16_t d3 = vrev32q_u8(dd3);
 			uint8x16_t pt0 = vld1q_u8(in);
-			in += 16;
+			uint8x16_t pt1 = vld1q_u8(in + 16);
+			uint8x16_t pt2 = vld1q_u8(in + 16);
+			uint8x16_t pt3 = vld1q_u8(in + 16);
+
 			d0 = vaesmcq_u8(vaeseq_u8(d0, k0));
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k0));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k0));
@@ -193,8 +196,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k2));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k2));
 			d3 = vaesmcq_u8(vaeseq_u8(d3, k2));
-			uint8x16_t pt1 = vld1q_u8(in);
-			in += 16;
 			d0 = vaesmcq_u8(vaeseq_u8(d0, k3));
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k3));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k3));
@@ -207,8 +208,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k5));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k5));
 			d3 = vaesmcq_u8(vaeseq_u8(d3, k5));
-			uint8x16_t pt2 = vld1q_u8(in);
-			in += 16;
 			d0 = vaesmcq_u8(vaeseq_u8(d0, k6));
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k6));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k6));
@@ -221,8 +220,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k8));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k8));
 			d3 = vaesmcq_u8(vaeseq_u8(d3, k8));
-			uint8x16_t pt3 = vld1q_u8(in);
-			in += 16;
 			d0 = vaesmcq_u8(vaeseq_u8(d0, k9));
 			d1 = vaesmcq_u8(vaeseq_u8(d1, k9));
 			d2 = vaesmcq_u8(vaeseq_u8(d2, k9));
@@ -253,7 +250,9 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe
 			vst1q_u8(out + 16, d1);
 			vst1q_u8(out + 32, d2);
 			vst1q_u8(out + 48, d3);
+
 			out += 64;
+			in += 64;
 
 			dd = (uint8x16_t)vaddq_u32((uint32x4_t)dd, four);
 			if (unlikely(len < 64))

node/Constants.hpp

@@ -126,7 +126,12 @@
 // Define ZT_NO_TYPE_PUNNING to disable reckless casts on anything other than x86/x64.
 #if (!(defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || defined(_X86_) || defined(__I86__) || defined(__INTEL__) || defined(__386)))
 #ifndef ZT_NO_TYPE_PUNNING
-#define ZT_NO_TYPE_PUNNING
+#define ZT_NO_TYPE_PUNNING 1
+#endif
+#endif
+#ifdef ZT_NO_TYPE_PUNNING
+#ifndef ZT_NO_UNALIGNED_ACCESS
+#define ZT_NO_UNALIGNED_ACCESS 1
 #endif
 #endif
 

node/IncomingPacket.cpp

@@ -430,7 +430,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool
 	if ((planetWorldId)&&(RR->topology->planetWorldTimestamp() > planetWorldTimestamp)&&(planetWorldId == RR->topology->planetWorldId())) {
 		RR->topology->planet().serialize(outp,false);
 	}
-	if (moonIdsAndTimestamps.size() > 0) {
+	if (!moonIdsAndTimestamps.empty()) {
 		std::vector<World> moons(RR->topology->moons());
 		for(std::vector<World>::const_iterator m(moons.begin());m!=moons.end();++m) {
 			for(std::vector< std::pair<uint64_t,uint64_t> >::const_iterator i(moonIdsAndTimestamps.begin());i!=moonIdsAndTimestamps.end();++i) {

node/Peer.cpp

@@ -183,7 +183,7 @@ void Peer::received(
 		if (sinceLastPush >= ((hops == 0) ? ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH : ZT_DIRECT_PATH_PUSH_INTERVAL)) {
 			_lastDirectPathPushSent = now;
 			std::vector<InetAddress> pathsToPush(RR->node->directPaths());
-			if (pathsToPush.size() > 0) {
+			if (!pathsToPush.empty()) {
 				std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
 				while (p != pathsToPush.end()) {
 					Packet *const outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);

node/Topology.cpp

@@ -183,7 +183,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa
 	if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),ztaddr) != _upstreamAddresses.end()) {
 		for(std::vector<World::Root>::const_iterator r(_planet.roots().begin());r!=_planet.roots().end();++r) {
 			if (r->identity.address() == ztaddr) {
-				if (r->stableEndpoints.size() == 0)
+				if (r->stableEndpoints.empty())
 					return false; // no stable endpoints specified, so allow dynamic paths
 				for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
 					if (ipaddr.ipsEqual(*e))
@@ -194,7 +194,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa
 		for(std::vector<World>::const_iterator m(_moons.begin());m!=_moons.end();++m) {
 			for(std::vector<World::Root>::const_iterator r(m->roots().begin());r!=m->roots().end();++r) {
 				if (r->identity.address() == ztaddr) {
-					if (r->stableEndpoints.size() == 0)
+					if (r->stableEndpoints.empty())
 						return false; // no stable endpoints specified, so allow dynamic paths
 					for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
 						if (ipaddr.ipsEqual(*e))

one.cpp

@@ -1021,7 +1021,7 @@ static int cli(int argc,char **argv)
 							int addressCountOfType = 0;
 							for (int k = 0; k<std::min(ZT_MAX_ZT_ASSIGNED_ADDRESSES, (int)assignedAddresses.size());++k) {
 								nlohmann::json &addr = assignedAddresses[k];
-								if ((arg2 == "ip4" && addr.get<std::string>().find(".") != std::string::npos)
+								if ((arg2 == "ip4" && addr.get<std::string>().find('.') != std::string::npos)
 									|| ((arg2.find("ip6") == 0) && addr.get<std::string>().find(":") != std::string::npos)
 									|| (arg2 == "ip")
 									) {
@@ -1036,19 +1036,19 @@ static int cli(int argc,char **argv)
 								if (arg2.find("ip6p") == 0) {
 									if (arg2 == "ip6plane") {
 										if (addr.get<std::string>().find("fc") == 0) {
-											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")));
+											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')));
 											if (k < addressCountOfType-1) aa.append("\n");
 										}
 									}
 									if (arg2 == "ip6prefix") {
 										if (addr.get<std::string>().find("fc") == 0) {
-											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")).substr(0,24));
+											aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')).substr(0,24));
 											if (k < addressCountOfType-1) aa.append("\n");
 										}
 									}
 								}
 								else {
-									aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find("/")));
+									aa.append(addr.get<std::string>().substr(0,addr.get<std::string>().find('/')));
 									if (k < addressCountOfType-1) aa.append("\n");
 								}
 							}

osdep/Binder.hpp

@@ -136,7 +136,9 @@ public:
 					PIP_ADAPTER_UNICAST_ADDRESS ua = a->FirstUnicastAddress;
 					while (ua) {
 						InetAddress ip(ua->Address.lpSockaddr);
-						if (ifChecker.shouldBindInterface("",ip)) {
+						char strBuf[128] = { 0 };
+						wcstombs(strBuf, a->FriendlyName, sizeof(strBuf));
+						if (ifChecker.shouldBindInterface(strBuf,ip)) {
 							switch(ip.ipScope()) {
 								default: break;
 								case InetAddress::IP_SCOPE_PSEUDOPRIVATE:
@@ -234,7 +236,7 @@ public:
 			}
 
 			// Get IPv4 addresses for each device
-			if (ifnames.size() > 0) {
+			if (!ifnames.empty()) {
 				const int controlfd = (int)socket(AF_INET,SOCK_DGRAM,0);
 				struct ifconf configuration;
 				configuration.ifc_len = 0;
@@ -276,7 +278,7 @@ public:
 				if (controlfd > 0) close(controlfd);
 			}
 
-			const bool gotViaProc = (localIfAddrs.size() > 0);
+			const bool gotViaProc = (!localIfAddrs.empty());
 #else
 			const bool gotViaProc = false;
 #endif

osdep/OSUtils.cpp

@@ -351,7 +351,7 @@ std::vector<std::string> OSUtils::split(const char *s,const char *const sep,cons
 			else if ((buf.size() <= 0)&&((quotTmp = strchr(quot,*s))))
 				quoteState = *quotTmp;
 			else if (strchr(sep,*s)) {
-				if (buf.size() > 0) {
+				if (!buf.empty()) {
 					fields.push_back(buf);
 					buf.clear();
 				} // else skip runs of separators

service/OneService.cpp

@@ -1059,7 +1059,7 @@ public:
 		}
 
 		// Set trusted paths if there are any
-		if (ppc.size() > 0) {
+		if (!ppc.empty()) {
 			for(std::map<InetAddress,ZT_PhysicalPathConfiguration>::iterator i(ppc.begin());i!=ppc.end();++i)
 				_node->setPhysicalPathConfiguration(reinterpret_cast<const struct sockaddr_storage *>(&(i->first)),&(i->second));
 		}
@@ -1177,7 +1177,7 @@ public:
 		 * URL encoding, and /'s in URL args will screw it up. But the only URL args
 		 * it really uses in ?jsonp=funcionName, and otherwise it just takes simple
 		 * paths to simply-named resources. */
-		if (ps.size() > 0) {
+		if (!ps.empty()) {
 			std::size_t qpos = ps[ps.size() - 1].find('?');
 			if (qpos != std::string::npos) {
 				std::string args(ps[ps.size() - 1].substr(qpos + 1));
@@ -1210,12 +1210,12 @@ public:
 		// Authenticate via Synology's built-in cgi script
 		if (!isAuth) {
 			int synotoken_pos = path.find("SynoToken");
-			int argpos = path.find("?");
+			int argpos = path.find('?');
 			if(synotoken_pos != std::string::npos && argpos != std::string::npos) {
 				std::string cookie = path.substr(argpos+1, synotoken_pos-(argpos+1));
 				std::string synotoken = path.substr(synotoken_pos);
-				std::string cookie_val = cookie.substr(cookie.find("=")+1);
-				std::string synotoken_val = synotoken.substr(synotoken.find("=")+1);
+				std::string cookie_val = cookie.substr(cookie.find('=')+1);
+				std::string synotoken_val = synotoken.substr(synotoken.find('=')+1);
 				// Set necessary env for auth script
 				std::map<std::string,std::string>::const_iterator ah2(headers.find("x-forwarded-for"));
 				setenv("HTTP_COOKIE", cookie_val.c_str(), true);
@@ -1920,7 +1920,7 @@ public:
 		if (!n.settings.allowManaged)
 			return false;
 
-		if (n.settings.allowManagedWhitelist.size() > 0) {
+		if (!n.settings.allowManagedWhitelist.empty()) {
 			bool allowed = false;
 			for (InetAddress addr : n.settings.allowManagedWhitelist) {
 				if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) {
@@ -2207,7 +2207,7 @@ public:
 							bool allow;
 							{
 								Mutex::Lock _l(_localConfig_m);
-								if (_allowManagementFrom.size() == 0) {
+								if (_allowManagementFrom.empty()) {
 									allow = (tc->remoteAddr.ipScope() == InetAddress::IP_SCOPE_LOOPBACK);
 								} else {
 									allow = false;
@@ -2386,7 +2386,7 @@ public:
 							Dictionary<4096> nc;
 							nc.load(nlcbuf.c_str());
 							Buffer<1024> allowManaged;
-							if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) {
+							if (nc.get("allowManaged", allowManaged) && !allowManaged.size() == 0) {
 								std::string addresses (allowManaged.begin(), allowManaged.size());
 								if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility
 									if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') {
@@ -2932,9 +2932,9 @@ public:
 		return 1;
 	}
 
-	inline int nodePathLookupFunction(uint64_t ztaddr,int family,struct sockaddr_storage *result)
+	inline int nodePathLookupFunction(uint64_t ztaddr, int family, struct sockaddr_storage* result)
 	{
-		const Hashtable< uint64_t,std::vector<InetAddress> > *lh = (const Hashtable< uint64_t,std::vector<InetAddress> > *)0;
+		const Hashtable< uint64_t, std::vector<InetAddress> >* lh = (const Hashtable< uint64_t, std::vector<InetAddress> > *)0;
 		if (family < 0)
 			lh = (_node->prng() & 1) ? &_v4Hints : &_v6Hints;
 		else if (family == AF_INET)
@@ -2942,19 +2942,20 @@ public:
 		else if (family == AF_INET6)
 			lh = &_v6Hints;
 		else return 0;
-		const std::vector<InetAddress> *l = lh->get(ztaddr);
-		if ((l)&&(l->size() > 0)) {
-			memcpy(result,&((*l)[(unsigned long)_node->prng() % l->size()]),sizeof(struct sockaddr_storage));
+		const std::vector<InetAddress>* l = lh->get(ztaddr);
+		if ((l) && (!l->empty())) {
+			memcpy(result, &((*l)[(unsigned long)_node->prng() % l->size()]), sizeof(struct sockaddr_storage));
 			return 1;
-		} else return 0;
+		}
+		else return 0;
 	}
 
-	inline void tapFrameHandler(uint64_t nwid,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+	inline void tapFrameHandler(uint64_t nwid, const MAC& from, const MAC& to, unsigned int etherType, unsigned int vlanId, const void* data, unsigned int len)
 	{
-		_node->processVirtualNetworkFrame((void *)0,OSUtils::now(),nwid,from.toInt(),to.toInt(),etherType,vlanId,data,len,&_nextBackgroundTaskDeadline);
+		_node->processVirtualNetworkFrame((void*)0, OSUtils::now(), nwid, from.toInt(), to.toInt(), etherType, vlanId, data, len, &_nextBackgroundTaskDeadline);
 	}
 
-	inline void onHttpRequestToServer(TcpConnection *tc)
+	inline void onHttpRequestToServer(TcpConnection* tc)
 	{
 		char tmpn[4096];
 		std::string data;
@@ -2965,29 +2966,31 @@ public:
 		// phyOnTcpData(). If we made it here the source IP is okay.
 
 		try {
-			scode = handleControlPlaneHttpRequest(tc->remoteAddr,tc->parser.method,tc->url,tc->headers,tc->readq,data,contentType);
-		} catch (std::exception &exc) {
-			fprintf(stderr,"WARNING: unexpected exception processing control HTTP request: %s" ZT_EOL_S,exc.what());
+			scode = handleControlPlaneHttpRequest(tc->remoteAddr, tc->parser.method, tc->url, tc->headers, tc->readq, data, contentType);
+		}
+		catch (std::exception& exc) {
+			fprintf(stderr, "WARNING: unexpected exception processing control HTTP request: %s" ZT_EOL_S, exc.what());
 			scode = 500;
-		} catch ( ... ) {
-			fprintf(stderr,"WARNING: unexpected exception processing control HTTP request: unknown exception" ZT_EOL_S);
+		}
+		catch (...) {
+			fprintf(stderr, "WARNING: unexpected exception processing control HTTP request: unknown exception" ZT_EOL_S);
 			scode = 500;
 		}
 
-		const char *scodestr;
-		switch(scode) {
-			case 200: scodestr = "OK"; break;
-			case 400: scodestr = "Bad Request"; break;
-			case 401: scodestr = "Unauthorized"; break;
-			case 403: scodestr = "Forbidden"; break;
-			case 404: scodestr = "Not Found"; break;
-			case 500: scodestr = "Internal Server Error"; break;
-			case 501: scodestr = "Not Implemented"; break;
-			case 503: scodestr = "Service Unavailable"; break;
-			default: scodestr = "Error"; break;
+		const char* scodestr;
+		switch (scode) {
+		case 200: scodestr = "OK"; break;
+		case 400: scodestr = "Bad Request"; break;
+		case 401: scodestr = "Unauthorized"; break;
+		case 403: scodestr = "Forbidden"; break;
+		case 404: scodestr = "Not Found"; break;
+		case 500: scodestr = "Internal Server Error"; break;
+		case 501: scodestr = "Not Implemented"; break;
+		case 503: scodestr = "Service Unavailable"; break;
+		default: scodestr = "Error"; break;
 		}
 
-		OSUtils::ztsnprintf(tmpn,sizeof(tmpn),"HTTP/1.1 %.3u %s\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: %s\r\nContent-Length: %lu\r\nConnection: close\r\n\r\n",
+		OSUtils::ztsnprintf(tmpn, sizeof(tmpn), "HTTP/1.1 %.3u %s\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: %s\r\nContent-Length: %lu\r\nConnection: close\r\n\r\n",
 			scode,
 			scodestr,
 			contentType.c_str(),
@@ -2999,30 +3002,42 @@ public:
 				tc->writeq.append(data);
 		}
 
-		_phy.setNotifyWritable(tc->sock,true);
+		_phy.setNotifyWritable(tc->sock, true);
 	}
 
-	inline void onHttpResponseFromClient(TcpConnection *tc)
+	inline void onHttpResponseFromClient(TcpConnection* tc)
 	{
 		_phy.close(tc->sock);
 	}
 
-	bool shouldBindInterface(const char *ifname,const InetAddress &ifaddr)
+	bool shouldBindInterface(const char* ifname, const InetAddress& ifaddr)
 	{
 #if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux)
-		if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback
-		if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt#
-		if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
-		if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
+		if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback
+		if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt#
+		if ((ifname[0] == 't') && (ifname[1] == 'u') && (ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
+		if ((ifname[0] == 't') && (ifname[1] == 'a') && (ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
 #endif
 
 #ifdef __APPLE__
-		if ((ifname[0] == 'f')&&(ifname[1] == 'e')&&(ifname[2] == 't')&&(ifname[3] == 'h')) return false; // ... as is feth#
-		if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback
-		if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt#
-		if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
-		if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
-		if ((ifname[0] == 'u')&&(ifname[1] == 't')&&(ifname[2] == 'u')&&(ifname[3] == 'n')) return false; // ... as is utun#
+		if ((ifname[0] == 'f') && (ifname[1] == 'e') && (ifname[2] == 't') && (ifname[3] == 'h')) return false; // ... as is feth#
+		if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback
+		if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt#
+		if ((ifname[0] == 't') && (ifname[1] == 'u') && (ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
+		if ((ifname[0] == 't') && (ifname[1] == 'a') && (ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
+		if ((ifname[0] == 'u') && (ifname[1] == 't') && (ifname[2] == 'u') && (ifname[3] == 'n')) return false; // ... as is utun#
+#endif
+
+#ifdef _WIN32
+		if ((ifname[0] == 'Z') && (ifname[1] == 'e') && (ifname[2] == 'r') && ifname[3] == 'o' &&
+			(ifname[4] == 'T') && (ifname[5] == 'i') && (ifname[6] == 'e') && (ifname[7] == 'r')) {
+			return false;
+		}
+#endif
+
+#ifdef __FreeBSD__
+		if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback
+		if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt#
 #endif
 
 		{

service/SoftwareUpdater.cpp

@@ -161,7 +161,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
 
 					if (v == VERB_GET_LATEST) {
 
-						if (_dist.size() > 0) {
+						if (!_dist.empty()) {
 							const nlohmann::json *latest = (const nlohmann::json *)0;
 							const std::string expectedSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],"");
 							unsigned int bestVMaj = rvMaj;
@@ -241,7 +241,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
 			}	break;
 
 			case VERB_GET_DATA:
-				if ((len >= 21)&&(_dist.size() > 0)) {
+				if ((len >= 21)&&(!_dist.empty())) {
 					unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
 					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
 					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;