diff --git a/autoip.o b/autoip.o new file mode 100644 index 0000000..286311d Binary files /dev/null and b/autoip.o differ diff --git a/build/lwip/liblwip.so b/build/lwip/liblwip.so new file mode 100755 index 0000000..b520fc3 Binary files /dev/null and b/build/lwip/liblwip.so differ diff --git a/build/osx_shared_lib/README.md b/build/osx_shared_lib/README.md new file mode 100644 index 0000000..55010ee --- /dev/null +++ b/build/osx_shared_lib/README.md @@ -0,0 +1,114 @@ +OSX + ZeroTier SDK +==== + +Welcome! + +Imagine a flat, encrypted, no-configuration LAN for all of the instances of your OSX app. + +This short tutorial will show you how to enable ZeroTier functionality for your iOS app with little to no code modification. Check out our [ZeroTier SDK](https://www.zerotier.com/blog) page for more info on how the integration works and [Shim Techniques](https://www.zerotier.com/blog) for a discussion of shims available for your app/technology. + +In this example we aim to set up a minimal XCode project which contains all of the components necessary to enable ZeroTier for your app. If you'd rather skip all of these steps and grab the code, look in the [sdk/OSX](https://github.com/zerotier/ZeroTierSDK/tree/dev/sdk/iOS) folder of the source tree. Otherwise, let's get started! + +**Step 1: Add ZeroTier source and Netcon-iOS XCode project to yours** +- Place a copy of the ZeroTierOne source in a folder at the same level as your project +- Add `ZeroTierSDK/src/tests/iOS/Netcon-iOS.xcodeproj` to your project + +**Step 2: Add ZeroTier binaries to your app** +- Add `ZeroTierSDK.frameworkiOS` to *General->Embedded Binaries* +- Add `libServiceSetup.a` and `ZeroTierSDK.framework` to *Build Phases->Link Binary With Libraries* + +**Step 3: Configure your project** +- Add `$(SRCROOT)/../ZeroTierOne/src` to *Build Settings->Header Search Paths* for your project +- Add `-D__IOS__` to *Build Settings->Other C Flags* +- Add `zerotiersdk/tests/iOS/Netcon-iOS/NetconWrapper.cpp` and `zerotiersdk/tests/iOS/Netcon-iOS/NetconWrapper.hpp` to your project: +- Add contents of `ZeroTierOne/netcon/tests/iOS/Netcon-iOS/SDK-iOS-Bridging-Header.h` to your project’s bridging header. + +*Note: You should have been prompted to create a bridging header for your project, if you haven't make sure you do this and add the native function prototypes manually from the bridging header we provide.* + +**Step 4: App Code Modifications** + +After you've linked the two projects you need to find a place in your code to set up the ZeroTier service thread: + +``` +var service_thread : NSThread! +func ztnc_start_service() { + let path = NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory.DocumentDirectory, NSSearchPathDomainMask.UserDomainMask, true) + start_service(path[0]) +} +``` + +...and then start it. If you enabled the proxy service via `-DUSE_SOCKS_PROXY` it will start automatically and be reachable at `0.0.0.0:1337`: + +``` +dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), { + self.service_thread = NSThread(target:self, selector:"ztnc_start_service", object:nil) + self.service_thread.start() +}); +``` + +**Step 5: Pick an API** + +**Step 6: Join a network!** + - Simply call `zt_join_network("XXXXXXXXXXXXXXXX")` + +*** +## Linking into an application on Mac OSX + +Example: + + gcc myapp.c -o myapp libztintercept.so + export ZT_NC_NETWORK=/tmp/netcon-test-home/nc_8056c2e21c000001 + +Start service + + ./zerotier-netcon-service -d -p8000 /tmp/netcon-test-home + +Run application + + ./myapp + + + +## XCode Desktop App Integration + +*NOTE: a sample OSX desktop application with ZeroTier integrated can be found [here](../integrations/Apple/Example_OSX_App)* + +**Step 1: Build `ZeroTierSDK_OSX.framework`** + - From the main repo directory, `make osx_app_framework`. This will use the XCode commandline tools to build and copy the framework into `build`. + +**Step 2: Add `ZeroTierSDK_OSX.framework` to your project** + +**Step 3: Add its path to your *Build Settings -> Framework Search Paths***: + - For example: `$(PROJECT_DIR)/../../../build/OSX_app_framework/Release` + +**Step 4: Pick an [API](# API) to use** + +**Step 5: Join a network!** + - Simply call `zt_join_network("XXXXXXXXXXXXXXXX")` + +*** +## API + +This integration allows for the following shim combinations: +- `Hook of BSD-like sockets`: Use BSD-like sockets as you normally would. +- `Proxy of NSStream`: Create NSStream. Configure stream for SOCKS5 Proxy. Use stream. +- `Changeling of BSD-like sockets`: Call `start_changeling()` and then use BSD-like sockets as you normally would. +- `Direct Call`: Consult [SDK-iOS-Bridging-Header.h](netcon/iOS/Netcon-iOS/Netcon-iOS-Bridging-Header.h). + +If functional interposition isn't available for the API or library you've chosen to use, ZeroTier offers a SOCKS5 proxy server which can allow connectivity to your virtual network as long as your client API supports the SOCKS5 protocol. This proxy service will run alongside the tap service and can be turned on by compiling with the `-DUSE_SOCKS_PROXY` flag in *Build Settings->Other C Flags*. By default, the proxy service is available at `0.0.0.0:1337`. + + +#### NSStream and SOCKS Proxy + +As an example, here's how one would configure a NSStream object to redirect all network activity to the ZeroTier SOCKS proxy server: + +``` +// BEGIN proxy configuration +let myDict:NSDictionary = [NSStreamSOCKSProxyHostKey : "0.0.0.0", + NSStreamSOCKSProxyPortKey : 1337, + NSStreamSOCKSProxyVersionKey : NSStreamSOCKSProxyVersion5] + +inputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey) +outputStream!.setProperty(myDict, forKey: NSStreamSOCKSProxyConfigurationKey) +// END proxy configuration +``` diff --git a/build/osx_shared_lib/libztintercept.so b/build/osx_shared_lib/libztintercept.so new file mode 100755 index 0000000..fb112e9 Binary files /dev/null and b/build/osx_shared_lib/libztintercept.so differ diff --git a/make-mac.mk b/make-mac.mk index 9ed1a83..3940dd6 100644 --- a/make-mac.mk +++ b/make-mac.mk @@ -117,7 +117,6 @@ check: ./check.sh build/android_jni_lib/x86/libZeroTierJNI.so ./check.sh build/android_jni_lib/x86_64/libZeroTierJNI.so - # Tests TEST_OBJDIR := build/tests TEST_SOURCES := $(wildcard tests/*.c) diff --git a/src/SDK.h b/src/SDK.h index 62eada0..cb86e82 100644 --- a/src/SDK.h +++ b/src/SDK.h @@ -39,6 +39,7 @@ extern "C" { #define INTERCEPT_ENABLED 111 #define INTERCEPT_DISABLED 222 +extern void load_symbols(); void zt_init_rpc(char *path, char *nwid); extern char *api_netpath; @@ -50,7 +51,7 @@ extern char *api_netpath; #endif #if !defined(__ANDROID__) - bool check_intercept_enabled_for_thread(); + bool check_intercept_enabled(); extern int (*realbind)(BIND_SIG); extern int (*realsendmsg)(SENDMSG_SIG); extern ssize_t (*realsendto)(SENDTO_SIG); diff --git a/src/SDK_Debug.c b/src/SDK_Debug.c index 7162cf0..5c97150 100644 --- a/src/SDK_Debug.c +++ b/src/SDK_Debug.c @@ -42,7 +42,9 @@ #include #include -#define DEBUG_LEVEL 4 // Set this to adjust what you'd like to see in the debug traces +// Set during make (e.g. make SDK_DEBUG=2) +#define DEBUG_LEVEL 5 + #define MSG_TRANSFER 1 // RX/TX specific statements #define MSG_ERROR 2 // Errors #define MSG_INFO 3 // Information which is generally useful to any user diff --git a/src/SDK_EthernetTap.cpp b/src/SDK_EthernetTap.cpp index 9c78e7d..8909e97 100644 --- a/src/SDK_EthernetTap.cpp +++ b/src/SDK_EthernetTap.cpp @@ -226,7 +226,7 @@ std::vector NetconEthernetTap::ips() const void NetconEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len) { - //dwr(MSG_DEBUG_EXTRA, "RX packet: len = %d\n", len); + dwr(MSG_DEBUG_EXTRA, "RX packet: len = %d\n", len); struct pbuf *p,*q; if (!_enabled) return; @@ -897,7 +897,7 @@ void NetconEthernetTap::nc_err(void *arg, err_t err) l->tap->sendReturnValue(fd, -1, ECONNREFUSED); break; - // FIXME: Below are errors which don't have a standard errno correlate + // TODO: Below are errors which don't have a standard errno correlate case ERR_RST: l->tap->sendReturnValue(fd, -1, -1); @@ -944,7 +944,6 @@ void NetconEthernetTap::handleBind(PhySocket *sock, PhySocket *rpcSock, void **u dwr(MSG_DEBUG," handleBind(sock=%p,fd=%d,port=%d)\n", (void*)&sock, bind_rpc->sockfd, port); if(conn) { if(conn->type == SOCK_DGRAM) { - // FIXME: Review why compliation through JNI+NDK toolchain comaplains about this #if defined(__ANDROID__) err = lwipstack->__udp_bind(conn->UDP_pcb, NULL, port); #else @@ -1167,7 +1166,7 @@ int NetconEthernetTap::handleConnectProxy(PhySocket *sock, struct sockaddr_in *r 3) Cannot allocate new TCP segment */ - errno = EAGAIN; // FIXME: Doesn't describe the problem well, but closest match + errno = EAGAIN; // TODO: Doesn't describe the problem well, but closest match return -1; } // We should only return a value if failure happens immediately @@ -1259,7 +1258,7 @@ void NetconEthernetTap::handleConnect(PhySocket *sock, PhySocket *rpcSock, Conne 3) Cannot allocate new TCP segment */ - sendReturnValue(rpcSock, -1, EAGAIN); // FIXME: Doesn't describe the problem well, but closest match + sendReturnValue(rpcSock, -1, EAGAIN); // TODO: Doesn't describe the problem well, but closest match return; } diff --git a/src/SDK_Intercept.c b/src/SDK_Intercept.c index 42d6a0b..561988d 100644 --- a/src/SDK_Intercept.c +++ b/src/SDK_Intercept.c @@ -91,7 +91,7 @@ char *api_netpath; // --------------------- Get Original socket API pointers ----------------------- // ------------------------------------------------------------------------------ - void load_symbols() + extern void load_symbols() { dwr(MSG_DEBUG_EXTRA,"load_symbols\n"); #if defined(__linux__) @@ -121,8 +121,8 @@ char *api_netpath; // ------------------------------------------------------------------------------ // Return whether 'intercept' shim is enabled for this thread - bool check_intercept_enabled_for_thread() { - dwr(MSG_DEBUG_EXTRA, "check_intercept_enabled_for_thread()\n"); + bool check_intercept_enabled() { + dwr(MSG_DEBUG_EXTRA, "check_intercept_enabled()\n"); if(!realconnect){ load_symbols(); } @@ -171,7 +171,7 @@ char *api_netpath; ssize_t sendto(SENDTO_SIG) { dwr(MSG_DEBUG, "sendto(%d, %d)\n", sockfd, len); - //if (!check_intercept_enabled_for_thread()) + //if (!check_intercept_enabled()) return realsendto(sockfd, buf, len, flags, addr, addr_len); return zt_sendto(sockfd, buf, len, flags, addr, addr_len); } @@ -186,7 +186,7 @@ char *api_netpath; ssize_t sendmsg(SENDMSG_SIG) { dwr(MSG_DEBUG, "sendmsg()\n"); - //if(!check_intercept_enabled_for_thread()) + //if(!check_intercept_enabled()) return realsendmsg(socket, message, flags); zt_sendmsg(socket, message, flags); } @@ -202,7 +202,7 @@ char *api_netpath; ssize_t recvfrom(RECVFROM_SIG) { dwr(MSG_DEBUG, "recvfrom(%d)\n", socket); - if(!check_intercept_enabled_for_thread()) + if(!check_intercept_enabled()) return realrecvfrom(socket, buffer, length, flags, address, address_len); return zt_recvfrom(socket, buffer, length, flags, address, address_len); } @@ -217,7 +217,7 @@ char *api_netpath; ssize_t recvmsg(RECVMSG_SIG) { dwr(MSG_DEBUG, "recvmsg(%d)\n", socket); - //if(!check_intercept_enabled_for_thread()) + //if(!check_intercept_enabled()) return realrecvmsg(socket, message, flags); return zt_recvmsg(socket, message, flags); } @@ -232,7 +232,7 @@ char *api_netpath; int setsockopt(SETSOCKOPT_SIG) { dwr(MSG_DEBUG, "setsockopt(%d)\n", socket); - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return realsetsockopt(socket, level, option_name, option_value, option_len); #if defined(__linux__) if(level == SOL_IPV6 && option_name == IPV6_V6ONLY) @@ -256,7 +256,7 @@ char *api_netpath; int getsockopt(GETSOCKOPT_SIG) { dwr(MSG_DEBUG, "getsockopt(%d)\n", sockfd); - if (!check_intercept_enabled_for_thread() || !connected_to_service(sockfd)) + if (!check_intercept_enabled() || !connected_to_service(sockfd)) return realgetsockopt(sockfd, level, optname, optval, optlen); return zt_getsockopt(sockfd, level, optname, optval, optlen); } @@ -269,7 +269,7 @@ char *api_netpath; int socket(SOCKET_SIG) { dwr(MSG_DEBUG, "socket()\n"); - if (!check_intercept_enabled_for_thread() && socket_type) { + if (!check_intercept_enabled() && socket_type) { int err = realsocket(socket_family, socket_type, protocol); if(err < 0) { perror("socket:\n"); @@ -318,7 +318,7 @@ char *api_netpath; d[3] = (ip >> 24) & 0xFF; dwr(MSG_DEBUG,"connect(): %d.%d.%d.%d: %d\n", d[0],d[1],d[2],d[3], ntohs(port)); - if(!check_intercept_enabled_for_thread()) + if(!check_intercept_enabled()) return realconnect(__fd, __addr, __len); /* Check that this is a valid fd */ @@ -395,7 +395,7 @@ char *api_netpath; } // Otherwise, perform usual intercept logic - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return realbind(sockfd, addr, addrlen); // Check that this is a valid fd @@ -432,7 +432,7 @@ char *api_netpath; int accept(ACCEPT_SIG) { dwr(MSG_DEBUG,"accept(%d):\n", sockfd); - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return realaccept(sockfd, addr, addrlen); /* Check that this is a valid fd */ @@ -487,7 +487,7 @@ char *api_netpath; int listen(LISTEN_SIG) { dwr(MSG_DEBUG,"listen(%d):\n", sockfd); - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return reallisten(sockfd, backlog); int sock_type; @@ -524,7 +524,7 @@ char *api_netpath; int close(CLOSE_SIG) { dwr(MSG_DEBUG, " close(%d)\n", fd); - if(!check_intercept_enabled_for_thread()) { + if(!check_intercept_enabled()) { return realclose(fd); } return zt_close(fd); @@ -539,7 +539,7 @@ char *api_netpath; { dwr(MSG_DEBUG,"getsockname(%d):\n", sockfd); #if !defined(__IOS__) - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return realgetsockname(sockfd, addr, addrlen); #endif dwr(MSG_DEBUG,"getsockname(%d)\n", sockfd); @@ -569,7 +569,7 @@ char *api_netpath; f=va_arg(ap, uintptr_t); va_end(ap); - if (!check_intercept_enabled_for_thread()) + if (!check_intercept_enabled()) return realsyscall(number,a,b,c,d,e,f); dwr(MSG_DEBUG,"syscall(%u, ...)\n", number); diff --git a/src/SDK_Sockets.c b/src/SDK_Sockets.c index d382a20..8c0e327 100644 --- a/src/SDK_Sockets.c +++ b/src/SDK_Sockets.c @@ -72,9 +72,11 @@ #include "SDK_RPC.h" #include "Constants.hpp" // For Tap's MTU -void print_addr(struct sockaddr *addr); +// Prototypes void dwr(int level, const char *fmt, ... ); char *api_netpath = (char *)0; +void load_symbols(); +int (*realclose)(CLOSE_SIG); // ------------------------------------------------------------------------------ // ---------------------------------- zt_init_rpc ------------------------------- @@ -86,7 +88,7 @@ char *api_netpath = (char *)0; dwr(MSG_DEBUG, "zt_init_rpc\n"); // Just double check we have if(!realconnect) { - load_symbols(); + //load_symbols(); } if(!api_netpath) { diff --git a/src/libztintercept.so b/src/libztintercept.so new file mode 100755 index 0000000..fb112e9 Binary files /dev/null and b/src/libztintercept.so differ diff --git a/tests/tcp_client.c b/tests/tcp_client.c index 18485ef..94034d2 100644 --- a/tests/tcp_client.c +++ b/tests/tcp_client.c @@ -31,12 +31,14 @@ int main(int argc , char *argv[]) } puts("Connected\n"); + + char *msg = "welcome to the machine!"; while(1) { printf("Enter message : "); scanf("%s" , message); // TX - if(send(sock , "welcome to the machine!" ,24 , 0) < 0) { + if(send(sock, msg, sizeof(msg), 0) < 0) { puts("Send failed"); return 1; } diff --git a/tests/tcp_server.c b/tests/tcp_server.c index ed16d0a..5a557c3 100644 --- a/tests/tcp_server.c +++ b/tests/tcp_server.c @@ -9,18 +9,18 @@ int main(int argc , char *argv[]) { if(argc < 2) { - printf("usage: tcp_server \n"); - return 1; + printf("usage: tcp_server \n"); + exit(0); } - int port = atoi(argv[1]); - int socket_desc , client_sock , c , read_size; + int socket_desc, client_sock, c, read_size, port = atoi(argv[1]); struct sockaddr_in server , client; char client_message[2000]; socket_desc = socket(AF_INET , SOCK_STREAM , 0); if (socket_desc == -1) { printf("Could not create socket"); + exit(0); } server.sin_family = AF_INET; @@ -30,7 +30,7 @@ int main(int argc , char *argv[]) printf("binding on port %d\n", port); if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0) { perror("bind failed. Error"); - return 1; + exit(0); } printf("listening\n"); listen(socket_desc , 3); @@ -38,18 +38,16 @@ int main(int argc , char *argv[]) c = sizeof(struct sockaddr_in); client_sock = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c); - if (client_sock < 0) - { + if (client_sock < 0) { perror("accept failed"); - return 1; + exit(0); } puts("connection accepted\n reading...\n"); // RX int bytes_read = recv(client_sock , client_message , 2000 , 0); printf("Read (%d) bytes\n", bytes_read); - for(int i=0; i\n"); + if(argc < 3) { + printf("usage: udp_client \n"); return 0; } - int port = atoi(argv[1]); + int sock = -1, int port = atoi(argv[1]); ssize_t n_sent; - int sock = -1; struct sockaddr_in server; char buf[64]; @@ -26,37 +25,35 @@ int main(int argc, char * argv[]) return 1; } } - server.sin_addr.s_addr = inet_addr("10.5.5.47"); + // Construct address + server.sin_addr.s_addr = inet_addr(argv[1]); server.sin_family = AF_INET; server.sin_port = htons(port); - - memcpy(buf, "Welcome to the Machine", sizeof("Welcome to the Machine")); - printf("sizeof(buf) = %d\n", sizeof(buf)); - + // Connect to server if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) { printf("api_test: error while connecting.\n"); return 1; } // TX - char data[1024]; - memset(data, 0, sizeof(data)); + char *msg = "Welcome to the Machine" int count = 0; while(1) { count++; usleep(1000000); - n_sent = send(sock,data,sizeof(data),0); + n_sent = send(sock,msg,sizeof(msg),0); if (n_sent<0) { perror("Problem sending data"); return 1; } - if (n_sent!=sizeof(buf)) + if (n_sent!=sizeof(msg)) printf("Sendto sent %d bytes\n",(int)n_sent); printf("n_sent = %d, count = %d\n", n_sent,count); } + // RX from server /* socklen_t recv_addr_len; // Clear address info for RX test diff --git a/tests/udp_server.c b/tests/udp_server.c index cef28a4..f0d4d6a 100755 --- a/tests/udp_server.c +++ b/tests/udp_server.c @@ -21,71 +21,52 @@ void echo( int sd ) { while (1) { usleep(50); count++; - - /* read a datagram from the socket (put result in bufin) */ + // read a datagram from the socket (put result in bufin) n=recvfrom(sd,bufin,MAXBUF,0,(struct sockaddr *)&remote,&len); - - /* print out the address of the sender */ - printf("Got a datagram from %s port %d\n", inet_ntoa(remote.sin_addr), ntohs(remote.sin_port)); + // print out the address of the sender + printf("DGRAM from %s:%d\n", inet_ntoa(remote.sin_addr), ntohs(remote.sin_port)); if (n<0) { perror("Error receiving data"); } else { printf("GOT %d BYTES (count = %d)\n",n, count); - /* Got something, just send it back */ - //sendto(sd,bufin,n,0,(struct sockaddr *)&remote,len); + // Got something, just send it back + // sendto(sd,bufin,n,0,(struct sockaddr *)&remote,len); } } } -/* server main routine */ - int main(int argc, char *argv[]) { - printf("DGRAM = %d\n", SOCK_DGRAM); - printf("STREAM = %d\n", SOCK_STREAM); - /* if(argc < 2) { printf("usage: udp_server \n"); exit(0); } - - int port = atoi(argv[1]); - */ - - int ld; + int ld, length, int port = atoi(argv[1]); struct sockaddr_in skaddr; + struct sockaddr_in skaddr2; - struct sockaddr_in skaddr2; - - int length; - - // create socket - if ((ld = socket( PF_INET, SOCK_DGRAM, 0 )) < 0) { - printf("Problem creating socket\n"); + // Create socket + if ((ld = socket( PF_INET, SOCK_DGRAM, 0)) < 0) { + printf("error creating socket\n"); exit(1); } - - // create address + // Create address skaddr.sin_family = AF_INET; - //skaddr.sin_addr.s_addr = htonl(INADDR_ANY); - skaddr.sin_addr.s_addr = inet_addr("10.5.5.2"); - skaddr.sin_port = htons(0); - - // bind to address + skaddr.sin_addr.s_addr = htonl(INADDR_ANY); + skaddr.sin_port = htons(port); + // Bind to address if (bind(ld, (struct sockaddr *) &skaddr, sizeof(skaddr))<0) { printf("error binding\n"); exit(0); } - - /* find out what port we were assigned and print it out */ - + // find out what port we were assigned length = sizeof( skaddr2 ); if (getsockname(ld, (struct sockaddr *) &skaddr2, &length)<0) { printf("error getsockname\n"); exit(1); } - + // Display address:port to verify it was sent over RPC correctly int port = ntohs(skaddr2.sin_port); int ip = skaddr2.sin_addr.s_addr; unsigned char d[4]; @@ -93,9 +74,9 @@ int main(int argc, char *argv[]) { d[1] = (ip >> 8) & 0xFF; d[2] = (ip >> 16) & 0xFF; d[3] = (ip >> 24) & 0xFF; - printf(" handleBind(): %d.%d.%d.%d : %d -> Assigned: %d\n", d[0],d[1],d[2],d[3], port); + printf("Bound to address: %d.%d.%d.%d : %d\n", d[0],d[1],d[2],d[3], port); - /* echo every datagram */ + // RX echo(ld); return(0); } diff --git a/zerotier-idtool b/zerotier-idtool new file mode 120000 index 0000000..0974c8e --- /dev/null +++ b/zerotier-idtool @@ -0,0 +1 @@ +zerotier-sdk-service \ No newline at end of file