updated

docs/android_zt_sdk.md

@@ -0,0 +1,63 @@
+Android + ZeroTier SDK 
+====
+
+Welcome!
+
+Imagine a flat, encrypted, no-configuration LAN for all of the instances of your Android app. 
+
+This short tutorial will show you how to enable ZeroTier functionality for your Android app with little to no code modification. Check out our [ZeroTier SDK](https://www.zerotier.com/blog) page for more info on how the integration works and [Shim Techniques](https://www.zerotier.com/blog) for a discussion of shims available for your app/technology.
+
+In this example we aim to set up a minimal [Android Studio](https://developer.android.com/studio/index.html) project which contains all of the components necessary to enable ZeroTier for your app. If you'd rather skip all of these steps and grab the code, look in the [sdk/android](https://github.com/zerotier/ZeroTierOne/tree/dev/netcon/Android) folder in the source tree. Otherwise, let's get started!
+
+**Step 1: Build Shared Library `libZeroTierOneJNI.so`**
+
+Open `ZeroTierOne/Netcon/Android/proj` and build it. 
+
+*Note: Building the project will take a while if you are building for all architectures, See note below on how to speed up this process.*
+
+The resultant `ZeroTierOne/netcon/Android/java/libs/YOUR_ARCH/libZeroTierOneJNI.so` will be what you want to import for your own project to provide the shim interface to your app. Select your architecture and copy the shared library into `YourProject/src/main/jniLibs/YOUR_ARCH/`
+
+**Step 2: App Code Modifications**
+
+Create new package called `Netcon` in your project and add a new file called `NetconWrapper.java` containing:
+
+```
+package Netcon;
+public class NetconWrapper {
+    public native void startOneService();
+    static { System.loadLibrary("ZeroTierOneJNI”); } // Loads JNI code
+}
+```
+
+And now, start the service:
+```
+new Thread(new Runnable() {
+      public void run() {
+        NetconWrapper wrapper = new NetconWrapper();
+        wrapper.startOneService(); // Calls to JNI code
+      }
+}).start();
+```
+**Step 3: Pick a shim for your app**
+
+If functional interposition isn't available for the API or library you've chosen to use, ZeroTier offers a SOCKS5 proxy server which can allow connectivity to your virtual network as long as your client API supports the SOCKS5 protocol. This proxy service will run alongside the tap service and can be turned on by compiling with the `-DUSE_SOCKS_PROXY` flag. By default, the proxy service is available at `0.0.0.0:1337`.
+
+**Step 4: Add necessary app permissions**
+
+In order for your application to write the auth keys to the internal storage you'll need to set a few permissions in your `AndroidManifest.xml` file:
+
+```
+<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+```
+
+**Step 5: Join a network!**
+
+Simply call `zt_join_network("XXXXXXXXXXXXXXXX")`
+
+***
+**Additional notes**
+
+As mentioned above, you can reduce the amount of time required to build the ZeroTier JNI library by only building for the architectures you want. You can specify the architectures in `ZeroTierOne/netcon/Android/java/jni/Application.mk`
+
+If you change the method/class/package name for the Netcon glue code in `NetconWrapper.java` (Not recommended!), you must also change the name of the JNI implementation in the Netcon source to match the new java name. For example, if the glue code is contained in a package `Java.com.example.joseph.NetconProxyTest`, a JNI implementation name of `Java_com_example_joseph_netconproxytest_NetconWrapper_startOneService` would be required in the appropriate C/C++ source/header files.

docs/docker_zt_sdk.md

@@ -0,0 +1,71 @@
+Docker + ZeroTier SDK
+====
+
+Welcome!
+
+Imagine a flat, encrypted, no-configuration LAN for all of your Docker containers. 
+
+This short tutorial will show you how to enable ZeroTier functionality for your Docker software container with little to no configuration. In this example we aim to build a Docker container with ZeroTier’s Network Container service bundled right in so that it’s effortless to hook any number of your services in the container up to your virtual network.
+
+**Step 1: Build the ZeroTier service binaries**
+
+From the ZeroTier source directory,  `make netcon` Optionally, if you'd like to see some debug output during execution, use `make netcon NETCON_DEBUG=1`
+
+**Step 2: Build your Docker image**
+
+`docker build --tag=redis_test .`
+
+The example dockerfile below incorperates a few important elements:
+ 
+1) The ZeroTier service binaries
+2) Whatever ZeroTier identity keys you plan on using (if you don't already have keys you wish to use, fret not! A new identity will be generated automatically).
+3) The service we've chosen to use. In this case, redis.
+```
+FROM fedora:23
+# Install apps
+RUN yum -y update
+RUN yum -y install redis-3.0.4-1.fc23.x86_64
+RUN yum clean all
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD netcon_identity.public /var/lib/zerotier-one/identity.public
+ADD netcon_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+EXPOSE 9993/udp 6379/udp
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+# Install syscall intercept library
+ADD libztintercept.so /
+RUN cp libztintercept.so lib/libztintercept.so
+RUN ln -sf /lib/libztintercept.so /lib/libztintercept
+ADD zerotier-cli /
+Add zerotier-netcon-service /
+# Install test scripts
+ADD netcon_entrypoint.sh /netcon_entrypoint.sh
+RUN chmod -v +x /netcon_entrypoint.sh
+# Start ZeroTier-One
+CMD ["./netcon_entrypoint.sh"]
+```
+
+**Step 3: Start your container**
+
+`docker run -d -it redis_test /bin/bash`
+
+**Step 4: From your container, set up environment variables**
+
+Set our application pre-load with `export LD_PRELOAD=./libztintercept.so`. This dynamically loads our intercept library into your application which allows us to re-direct its network calls to our virtual network.
+
+Tell the ZeroTier Network Containers service which network to connect to with `export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_XXXXXXXXXXXXXXXX`.
+
+**Step 5: Run your new ZeroTier-enabled service**
+
+At this point, simply run your application as you normally would. It will be automatically intercepted and linked to the ZeroTier service (and hence your virtual networks!)
+
+`/usr/bin/redis-server --port 6379`
+
+***
+**Additional info**
+If you'd like to know the IP address your service can be reached at on this particular virtual network, use the following:
+`zerotier-cli -D/var/lib/zerotier-one/nc_XXXXXXXXXXXXXXXX listnetworks`

docs/ios_zt_sdk.md

@@ -0,0 +1,78 @@
+iOS + ZeroTier SDK
+====
+
+Welcome!
+
+Imagine a flat, encrypted, no-configuration LAN for all of the instances of your iOS app. 
+
+This short tutorial will show you how to enable ZeroTier functionality for your iOS app with little to no code modification. Check out our [ZeroTier SDK](https://www.zerotier.com/blog) page for more info on how the integration works and [Shim Techniques](https://www.zerotier.com/blog) for a discussion of shims available for your app/technology.
+
+In this example we aim to set up a minimal XCode project which contains all of the components necessary to enable ZeroTier for your app. If you'd rather skip all of these steps and grab the code, look in the [sdk/iOS](https://github.com/zerotier/ZeroTierOne/tree/dev/sdk/iOS) folder of the source tree. Otherwise, let's get started!
+
+**Step 1: Add ZeroTier source and Netcon-iOS XCode project to yours**
+- Place a copy of the ZeroTierOne source in a folder at the same level as your project
+- Add `ZeroTierOne/netcon/tests/iOS/Netcon-iOS.xcodeproj` to your project
+
+**Step 2: Add ZeroTier binaries to your app**
+- Add `ZeroTierNetcon.frameworkiOS` to *General->Embedded Binaries*
+- Add `libServiceSetup.a` and `ZeroTierNetcon.framework` to *Build Phases->Link Binary With Libraries*
+
+**Step 3: Configure your project**
+- Add `$(SRCROOT)/../ZeroTierOne/netcon` to *Build Settings->Header Search Paths* for your project
+- Add `-D__IOS__` to *Build Settings->Other C Flags*
+- Add `../netcon/tests/iOS/Netcon-iOS/NetconWrapper.cpp` and `../netcon/tests/iOS/Netcon-iOS/NetconWrapper.hpp` to your project:
+- Add contents of `ZeroTierOne/netcon/tests/iOS/Netcon-iOS/Netcon-iOS-Bridging-Header.h` to your project’s bridging header.
+
+*Note: You should have been prompted to create a bridging header for your project, if you haven't make sure you do this and add the native function prototypes manually from the bridging header we provide.*
+
+**Step 4: App Code Modifications**
+
+After you've linked the two projects you need to find a place in your code to set up the ZeroTier service thread:
+
+```
+var service_thread : NSThread!
+func ztnc_start_service() {
+    let path = NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory.DocumentDirectory, NSSearchPathDomainMask.UserDomainMask, true)
+    start_service(path[0])
+}
+```
+
+...and then start it. If you enabled the proxy service via `-DUSE_SOCKS_PROXY` it will start automatically and be reachable at `0.0.0.0:1337`: 
+
+```
+dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), {
+    self.service_thread = NSThread(target:self, selector:"ztnc_start_service", object:nil)
+    self.service_thread.start()
+});
+```
+
+**Step 5: Pick a shim for your app**
+
+This integration allows for the following shim combinations:
+- `Hook of BSD-like sockets`: Use BSD-like sockets as you normally would.
+- `Proxy of NSStream`: Create NSStream. Configure stream for SOCKS5 Proxy. Use stream.
+- `Changeling of BSD-like sockets`: Call `start_changeling()` and then use BSD-like sockets as you normally would.
+- `Direct Call`: Consult [Netcon-iOS-Bridging-Header.h](netcon/iOS/Netcon-iOS/Netcon-iOS-Bridging-Header.h).
+
+If functional interposition isn't available for the API or library you've chosen to use, ZeroTier offers a SOCKS5 proxy server which can allow connectivity to your virtual network as long as your client API supports the SOCKS5 protocol. This proxy service will run alongside the tap service and can be turned on by compiling with the `-DUSE_SOCKS_PROXY` flag in *Build Settings->Other C Flags*. By default, the proxy service is available at `0.0.0.0:1337`.
+
+**Step 6: Join a network!**
+
+Simply call `zt_join_network("XXXXXXXXXXXXXXXX")`
+
+***
+**NSStream and SOCKS Proxy:**
+
+As an example, here's how one would configure a NSStream object to redirect all network activity to the ZeroTier SOCKS proxy server:
+
+```
+// BEGIN proxy configuration
+let myDict:NSDictionary = [NSStreamSOCKSProxyHostKey : "0.0.0.0",
+                           NSStreamSOCKSProxyPortKey : 1337,
+                           NSStreamSOCKSProxyVersionKey : NSStreamSOCKSProxyVersion5]
+
+inputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey)
+outputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey)
+// END proxy configuration
+```
+

docs/osx_zt_sdk.md

@@ -0,0 +1,78 @@
+iOS + ZeroTier SDK
+====
+
+Welcome!
+
+Imagine a flat, encrypted, no-configuration LAN for all of the instances of your iOS app. 
+
+This short tutorial will show you how to enable ZeroTier functionality for your iOS app with little to no code modification. Check out our [ZeroTier SDK](https://www.zerotier.com/blog) page for more info on how the integration works and [Shim Techniques](https://www.zerotier.com/blog) for a discussion of shims available for your app/technology.
+
+In this example we aim to set up a minimal XCode project which contains all of the components necessary to enable ZeroTier for your app. If you'd rather skip all of these steps and grab the code, look in the [sdk/iOS](https://github.com/zerotier/ZeroTierOne/tree/dev/sdk/iOS) folder of the source tree. Otherwise, let's get started!
+
+**Step 1: Add ZeroTier source and Netcon-iOS XCode project to yours**
+- Place a copy of the ZeroTierOne source in a folder at the same level as your project
+- Add `ZeroTierOne/netcon/tests/iOS/Netcon-iOS.xcodeproj` to your project
+
+**Step 2: Add ZeroTier binaries to your app**
+- Add `ZeroTierNetcon.frameworkiOS` to *General->Embedded Binaries*
+- Add `libServiceSetup.a` and `ZeroTierNetcon.framework` to *Build Phases->Link Binary With Libraries*
+
+**Step 3: Configure your project**
+- Add `$(SRCROOT)/../ZeroTierOne/netcon` to *Build Settings->Header Search Paths* for your project
+- Add `-D__IOS__` to *Build Settings->Other C Flags*
+- Add `../netcon/tests/iOS/Netcon-iOS/NetconWrapper.cpp` and `../netcon/tests/iOS/Netcon-iOS/NetconWrapper.hpp` to your project:
+- Add contents of `ZeroTierOne/netcon/tests/iOS/Netcon-iOS/Netcon-iOS-Bridging-Header.h` to your project’s bridging header.
+
+*Note: You should have been prompted to create a bridging header for your project, if you haven't make sure you do this and add the native function prototypes manually from the bridging header we provide.*
+
+**Step 4: App Code Modifications**
+
+After you've linked the two projects you need to find a place in your code to set up the ZeroTier service thread:
+
+```
+var service_thread : NSThread!
+func ztnc_start_service() {
+    let path = NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory.DocumentDirectory, NSSearchPathDomainMask.UserDomainMask, true)
+    start_service(path[0])
+}
+```
+
+...and then start it. If you enabled the proxy service via `-DUSE_SOCKS_PROXY` it will start automatically and be reachable at `0.0.0.0:1337`: 
+
+```
+dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), {
+    self.service_thread = NSThread(target:self, selector:"ztnc_start_service", object:nil)
+    self.service_thread.start()
+});
+```
+
+**Step 5: Pick a shim for your app**
+
+This integration allows for the following shim combinations:
+- `Hook of BSD-like sockets`: Use BSD-like sockets as you normally would.
+- `Proxy of NSStream`: Create NSStream. Configure stream for SOCKS5 Proxy. Use stream.
+- `Changeling of BSD-like sockets`: Call `start_changeling()` and then use BSD-like sockets as you normally would.
+- `Direct Call`: Consult [Netcon-iOS-Bridging-Header.h](netcon/iOS/Netcon-iOS/Netcon-iOS-Bridging-Header.h).
+
+If functional interposition isn't available for the API or library you've chosen to use, ZeroTier offers a SOCKS5 proxy server which can allow connectivity to your virtual network as long as your client API supports the SOCKS5 protocol. This proxy service will run alongside the tap service and can be turned on by compiling with the `-DUSE_SOCKS_PROXY` flag in *Build Settings->Other C Flags*. By default, the proxy service is available at `0.0.0.0:1337`.
+
+**Step 6: Join a network!**
+
+Simply call `zt_join_network("XXXXXXXXXXXXXXXX")`
+
+***
+**NSStream and SOCKS Proxy:**
+
+As an example, here's how one would configure a NSStream object to redirect all network activity to the ZeroTier SOCKS proxy server:
+
+```
+// BEGIN proxy configuration
+let myDict:NSDictionary = [NSStreamSOCKSProxyHostKey : "0.0.0.0",
+                           NSStreamSOCKSProxyPortKey : 1337,
+                           NSStreamSOCKSProxyVersionKey : NSStreamSOCKSProxyVersion5]
+
+inputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey)
+outputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey)
+// END proxy configuration
+```
+

docs/shims_zt_sdk.md

@@ -0,0 +1,59 @@
+Shims
+====
+
+If you're here, you're wondering how you're going to connect your app up to the ZeroTier service. We've tried our best to simplify this process for as many situations as we could. Once you get past the initial hurdle of integrating your first shim, we think you'll be pleased with the result. How we accomplish this depends entirely on the structure and design of your app. Let's begin!
+
+A shim is a piece of code in the form of a `Hook`, `Proxy`, `Direct Call`, or `Changeling` which we "inject" into your application. A shim augments your app to provide a private interface to ZeroTier networks with no change to your app's code or structure. A shim will forward network-related activity directly to and from a local running instance of ZeroTier.
+
+We suggest selecting one of the architectures you'd like to support and trying out one of our sample projects. If you need any help or have a feature request, be sure to let us know [here](https://www.zerotier.com/community/)!
+
+***
+#### iOS
+
+**Integration Option 1:** Using `ZeroTierNetcon.framework` (instructions [here](doc/netcon/ios_and_ztnc.md))
+- By including our framework in your app, you'll get a full instance of the ZeroTier service and suite of shim mechanisms built right into your app and ready to use. This option allows for `Hook of BSD-like sockets`, `Proxy of NSStream`, `Changeling of BSD-like sockets`, and `Direct Call`.
+
+*Note: `CFSocket` is not currently supported on `iOS`*
+
+***
+#### OSX
+
+**Integration Option 1:** Using `ZeroTierNetcon.framework` (instructions [here](doc/netcon/ios_and_ztnc.md))
+- By including our framework in your app, you'll get a full instance of the ZeroTier service and suite of shim mechanisms built right into your app and ready to use. This option allows for `Hook of BSD-like sockets and CFSocket`, `Proxy of NSStream`, `Changeling of BSD-like sockets`, and `Direct Call`.
+
+**Integration Option 2:** Statically-link `libztintercept.so`
+- You can build our shared library and link it into your application. This option allows for `Hook of BSD-like sockets and CFSocket`, `Proxy of NSStream`, `Changeling of BSD-like sockets`, and `Direct Call`.
+
+***
+#### Android
+
+**Integration Option 1:** Using `libZeroTierJNI.so` (instructions [here](doc/netcon/android_and_ztnc.md))
+- This is very similar to the approach used for `iOS`, in this case you'll build a shared library for the architectures you wish to support and then add it to your project. This option allows for `Proxy of Socket`, and `Direct Call`.
+
+***
+#### Linux
+
+**Integration Option 1:** Using `LD_PRELOAD`
+- This option allows for `Hook of BSD-like sockets`, `Proxy` and `Direct Call`.
+
+***
+
+#### Windows
+*Note: We haven't yet put development effort towards a shim for Windows but it's in the pipeline*
+
+***  
+
+
+### Further explanation of each shim type:
+
+**Hook**
+- Uses dynamic loading of our library to allow function interposition or "hooking" to re-implement traditional socket API functions like `socket()`, `connect()`, `bind()`, etc.
+
+**SOCKS5 Proxy**
+- Provides an integrated SOCKS5 server alongside the ZeroTier service to proxy connections from an application to resources on a ZeroTier network. For instance, a developer which has built an iOS app using the NSStreams API could add ZeroTier to their application and simply use the SOCKS5 support build into NSStreams to reach resources on their network. An Android developer could do the same using the SOCKS5 support provided in the `Socket` API.
+
+**Direct Call**
+- Directly call the `zt_` API specified in [Netcon.h](netcon/Netcon.h). For this to work, just use one of the provided headers that specify the interface for your system/architecture and then either dynamically-load our library into your app or compile it right in. 
+
+**Changeling**
+- This method is still experimental but the idea is to link `libztkq.so` into your app. You call `start_changeling()`. This will set up a separate thread to monitor all files for the process using kqueue. When an event is detected which indicates something is attempting to connect out or something is accepting a connection, we'll perform a sort of "hot-swap" of that socket for a socket that has been administered by ZeroTier.

docs/unity3d_zt_sdk.md

@@ -0,0 +1,84 @@
+Unity3D + ZeroTier SDK
+====
+
+Welcome!
+
+We want your Unity apps to talk *directly* over a flat, secure, no-config virtual network without sending everything into the "cloud". Thus, we introduce the ZeroTier-Unity3D integration!  
+
+Our implementation currently intends to be the bare minimum required to get your Unity application to talk over ZeroTier virtual networks. As a result, we've created an API that is very similar to the built-in Unity LLAPI. It's possible that higher-level functionality could be added in the future. 
+
+***
+## Adding ZeroTier to your Unity app
+
+**Step 1: Create virtual ZeroTier [virtual network](https://my.zerotier.com/)**
+
+**Step 2: Add plugin**
+ - Create a folder called `Plugins` in `Assets`
+ - Place `ZeroTierUnity.bundle` in that folder
+
+**Step 3: Add script to some `GameObject`**
+ - Drag our `ZeroTier.cs` native plugin wrapper onto any `GameObject`
+
+
+***
+## Examples
+
+Calling `ZeroTier.Init()` will start the network service in a separate thread. You can check if the service is running by checking `ZeroTier.IsRunning()`. Then, connecting and sending data to another endpoint would look something like the following:
+
+```
+public void zt_sample_network_test_thread()
+{
+	// Prepare sample data buffer
+	byte[] buffer = new byte[1024];
+	Stream stream = new MemoryStream(buffer);
+	BinaryFormatter f = new BinaryFormatter();
+	f.Serialize ( stream , "Welcome to the machine! (from Unity3D)" );
+
+	// Connect and send
+	int error;
+	Connect (0, "192.168.0.6", 8887, out error);
+	Send(connfd,buffer,0, out error);
+}
+```
+
+Finally, when you're done running the service you can call `ZeroTier.Terminate()`
+
+***
+## API  
+
+The API is designed to resemble the Unity LLAPI, so you'll see a few familiar functions but with a slight twist. 
+
+- `Join(nwid)`: Joins a ZeroTier virtual network
+- `Leave(nwid)`: Leaves a ZeroTier virtual network
+- `AddHost(port)`: Creates a socket, and binds to that socket on the address and port given
+- `Connect(fd, ip_address, port, out error)`: Connects to an endpoint associated with the given `fd` 
+- `Send(fd, buf, pos, out error)`: Sends data to the endpoint associated with the given `fd`
+- `Recv(fd, buf, out error)`: Receives data from an endpoint associated with the given `fd`
+- `Disconnect(fd)`: Closes a connection with an endpoint
+
+***
+## Design and structure of the ZeroTier Unity OSX Bundle
+
+XCode:
+New XCode project
+Select Cocoa bundle as target
+Add C linkages to external functions
+Build as 64bit (not universal)
+
+Unity:
+Select x86_64 build target in `Build Settings`
+In new C# script asset:
+
+```
+[DllImport ("ZeroTierUnity")]
+private static extern int unity_start_service ();
+```
+
+Add asset to GameObject
+Start ZT service
+
+***
+## Future Roadmap  
+With the ZeroTier sockets API in place, higher-level functionality such as lobbies, chat, and object synchronization could easily be built on top.
+
+

docs/zt_sdk.md

@@ -0,0 +1,77 @@
+# ZeroTier SDK
+
+## What can it do?
+True P2P injected right into your app with no code changes! A ZeroTier-enabled app. 
+(formerly known as Network Containers)
+
+We use a carefully-crafted [shim](doc/netcon/shims.md) dynamically loaded into your app on startup to redirect network flow to the ZeroTier service and provide your app an innate and seamless ability to communicate with other instances over virtual networks with no external configuration on the host system, without escalated priviledges, and without needing to modify your application's code. 
+
+Your only responsibility is to pick a shim appropriate for your app's design. Accessing resources (potentially other instances of your app) on the virtual network will work exactly as it would on a real LAN. The service supports both TCP and UDP. The ZeroTier SDK now works on both *x64* and *ARM* architectures. We've tested a beta version for *iOS*, *Android*, *Linux*, and *Mac OS*
+
+The general idea is this:
+	1) Your application starts.
+	2) The shim initializes inside a separate thread of your app.
+	3) Your app can now reach anything on your virtual network. 
+	4) Fin.
+
+It's as simple as that!
+
+***
+
+If you have any feature or support requests, be sure to let us know [here](https://www.zerotier.com/community/)!
+
+The ZeroTier SDK brings together three main technologies:
+ - [ZeroTier Core Protocol](https://github.com/zerotier/ZeroTierOne)
+ - [Lightweight IP (lwIP) stack](http://savannah.nongnu.org/projects/lwip/)
+ - [Code injection (shim)](doc/netcon/shims.md)
+
+Combine this functionality with the network/device management capabilities of [ZeroTier Central](https://my.zerotier.com) and its associated [API](https://my.zerotier.com/help/api) and we've hopefully created a simple and reliable way for you to flatten and reduce the complexity of your app's networking layer.
+
+In addition, since this connectivity is mediated over the ZeroTier protocol, you get a free layer of encryption by default. That being said, we still suggest you add your own security layer to match your responsibilities.
+
+***
+## What's happening under the hood?
+
+Suppose you write an application that uses sockets to make a connection to some remote server. Normally in order to access resources on a virtual network you'll need to develop some sort of networking layer internally within the app or employ some external software and establish a system-wide connection. Here's an example of how network flow would be handled in this case:
+![Image](doc/netcon/app_flow.png)
+
+As you can see, your app's logic somehow interacts with a networking layer, the calls then would go to the system and eventually interact with the kernel's network stack. 
+
+Now suppose you've added a ZeroTier shim to your app, since our shim will intercept the network calls we can actually define new behaviour for them. Here's an example of how network flow would be handled for a ZeroTier-enabled app:
+![Image](doc/netcon/zt_app_flow.png)
+
+For instance, after you've added one of our shims to your app, when your applcation attempts to establish a connection over a socket the following happens:
+
+- application calls `socket()`
+- our library's `zt_socket()` is executed instead
+-  library establishes an `AF_LOCAL` socket connection with the service (this is used to orchestrate communication between the library and the ZeroTier service)
+- an `RPC_SOCKET` message is sent to the ZeroTier tap service
+- the tap service receives the `RPC_SOCKET` message and requests a new `tcp_pcb` representing the new "socket" from lwIP
+- If the user-space network stack grants the tap service the new `tcp_pcb`, the tap service then repurposes the socket used for the RPC message and returns its file descriptor to your application for it to use as the new socket.
+
+From your application's perspective nothing out of the ordinary has happened. It called `socket()`, and got a file descriptor back.
+
+As you can see, the general idea here is to slip in some special code that communicates with our ZeroTier service. Now, depending on your system's OS or architecture we might need to use different methods for getting that "secret sauce" into your application. We discuss that [here](doc/netcon/shims.md).
+
+#### You might be wondering some of the following:
+- **What would happen if you attempted to create a socket of the `AF_LOCAL` variety?**
+  - Our library will ignore it and pass the call to the system's normal `socket()` implementation since it isn't meant to leave the machine.
+- **What would happen if you performed a `getsockopt()` for the family/domain of an `AF_INET` socket you requested?** 
+  - You'd expect this should return `AF_LOCAL` since we repurposed the unix-domain socket, right? Nope. We've got a special implementation of `getsockopt()` which will detect whether that socket is handled under the ZeroTier tap service and if it is, it'll lie to you about the socket domain/family and report `AF_INET`. 
+
+We've got a [special implementation](netcon/NetconSockets.c) for most of the socket API functions: `zt_setsockopt(), zt_getsockopt(),zt_socket(),zt_connect(),zt_bind(),zt_accept4(),zt_accept(),zt_listen(),zt_close(),
+zt_getsockname()`. Each shim is implemented in terms of this set of core functions and has the ability to determine whether the call should be directed to the system or the ZeroTier tap service.
+
+## Embedded Applications / IoT
+![Image](doc/netcon/archs.png)
+
+We foresee the largest application of the ZeroTier SDK to be embedded devices that require lightweight, efficient and reliable networking layers that are also secure and effortless to provision. We've specifically engineered the core service and the shims to be as lightweight and portable as possible. We'd like to see people retake control of their data and security by skipping the the "cloud" without adding complexity.
+
+![Image](doc/netcon/zt_why.png)
+
+## Games
+We think this solution is well suited for low-latency multiplayer games where reliability and ease of use are important.
+
+The ZeroTier protocol is inherently P2P and only falls back to a relay in the event that your direct link is interrupted. It's in our best interest to automatically find the quickest route for your data and to *not* handle your data. This has the obvious benefits of reduced latency for your game, but also provides you better security and control of your data and reduces our costs. It seems non-sensical to do it any other way. ZeroTier is not a "cloud" that you send all of your data to.
+
+Currently we're investigating the possibility of creating a [Unity 3D](https://unity3d.com/) plugin that we would make available on the [Unity Asset Store](https://www.assetstore.unity3d.com/en/). This plugin would allow for stupid simple P2P networking for games and effortless provisioning of networks and device access through the [ZeroTier Central API](https://my.zerotier.com/help/api).