1 /* 2 * Copyright (c)2019 ZeroTier, Inc. 3 * 4 * Use of this software is governed by the Business Source License included 5 * in the LICENSE.TXT file in the project's root directory. 6 * 7 * Change Date: 2025-01-01 8 * 9 * On the date above, in accordance with the Business Source License, use 10 * of this software will be governed by version 2.0 of the Apache License. 11 */ 12 /****/ 13 14 #ifndef ZT_NETWORKCONFIG_HPP 15 #define ZT_NETWORKCONFIG_HPP 16 17 #include <stdint.h> 18 #include <string.h> 19 #include <stdlib.h> 20 21 #include <vector> 22 #include <stdexcept> 23 #include <algorithm> 24 25 #include "../include/ZeroTierOne.h" 26 27 #include "Constants.hpp" 28 #include "Buffer.hpp" 29 #include "DNS.hpp" 30 #include "InetAddress.hpp" 31 #include "MulticastGroup.hpp" 32 #include "Address.hpp" 33 #include "CertificateOfMembership.hpp" 34 #include "CertificateOfOwnership.hpp" 35 #include "Capability.hpp" 36 #include "Tag.hpp" 37 #include "Dictionary.hpp" 38 #include "Hashtable.hpp" 39 #include "Identity.hpp" 40 #include "Utils.hpp" 41 #include "Trace.hpp" 42 43 /** 44 * Default maximum time delta for COMs, tags, and capabilities 45 * 46 * The current value is two hours, providing ample time for a controller to 47 * experience fail-over, etc. 48 */ 49 #define ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA 7200000ULL 50 51 /** 52 * Default minimum credential TTL and maxDelta for COM timestamps 53 * 54 * This is just slightly over three minutes and provides three retries for 55 * all currently online members to refresh. 56 */ 57 #define ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MIN_MAX_DELTA 185000ULL 58 59 /** 60 * Flag: enable broadcast 61 */ 62 #define ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST 0x0000000000000002ULL 63 64 /** 65 * Flag: enable IPv6 NDP emulation for certain V6 address patterns 66 */ 67 #define ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION 0x0000000000000004ULL 68 69 /** 70 * Flag: result of unrecognized MATCH entries in a rules table: match if set, no-match if clear 71 */ 72 #define ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH 0x0000000000000008ULL 73 74 /** 75 * Flag: disable frame compression 76 */ 77 #define ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION 0x0000000000000010ULL 78 79 /** 80 * Device can bridge to other Ethernet networks and gets unknown recipient multicasts 81 */ 82 #define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE 0x0000020000000000ULL 83 84 /** 85 * Anchors are stable devices on this network that can act like roots when none are up 86 */ 87 #define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR 0x0000040000000000ULL 88 89 /** 90 * Designated multicast replicators replicate multicast in place of sender-side replication 91 */ 92 #define ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR 0x0000080000000000ULL 93 94 namespace ZeroTier { 95 96 // Dictionary capacity needed for max size network config 97 #define ZT_NETWORKCONFIG_DICT_CAPACITY (4096 + (sizeof(ZT_VirtualNetworkRule) * ZT_MAX_NETWORK_RULES) + (sizeof(Capability) * ZT_MAX_NETWORK_CAPABILITIES) + (sizeof(Tag) * ZT_MAX_NETWORK_TAGS) + (sizeof(CertificateOfOwnership) * ZT_MAX_CERTIFICATES_OF_OWNERSHIP)) 98 99 // Dictionary capacity needed for max size network meta-data 100 #define ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY 1024 101 102 // Network config version 103 #define ZT_NETWORKCONFIG_VERSION 7 104 105 // Fields for meta-data sent with network config requests 106 107 // Network config version 108 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION "v" 109 // Protocol version (see Packet.hpp) 110 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION "pv" 111 // Software vendor 112 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_VENDOR "vend" 113 // Software major version 114 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION "majv" 115 // Software minor version 116 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION "minv" 117 // Software revision 118 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION "revv" 119 // Rules engine revision 120 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_RULES_ENGINE_REV "revr" 121 // Maximum number of rules per network this node can accept 122 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_RULES "mr" 123 // Maximum number of capabilities this node can accept 124 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_CAPABILITIES "mc" 125 // Maximum number of rules per capability this node can accept 126 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_CAPABILITY_RULES "mcr" 127 // Maximum number of tags this node can accept 128 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_TAGS "mt" 129 // Network join authorization token (if any) 130 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_AUTH "a" 131 // Network configuration meta-data flags 132 #define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_FLAGS "f" 133 134 // These dictionary keys are short so they don't take up much room. 135 // By convention we use upper case for binary blobs, but it doesn't really matter. 136 137 // network config version 138 #define ZT_NETWORKCONFIG_DICT_KEY_VERSION "v" 139 // network ID 140 #define ZT_NETWORKCONFIG_DICT_KEY_NETWORK_ID "nwid" 141 // integer(hex) 142 #define ZT_NETWORKCONFIG_DICT_KEY_TIMESTAMP "ts" 143 // integer(hex) 144 #define ZT_NETWORKCONFIG_DICT_KEY_REVISION "r" 145 // address of member 146 #define ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO "id" 147 // remote trace target 148 #define ZT_NETWORKCONFIG_DICT_KEY_REMOTE_TRACE_TARGET "tt" 149 // remote trace level 150 #define ZT_NETWORKCONFIG_DICT_KEY_REMOTE_TRACE_LEVEL "tl" 151 // flags(hex) 152 #define ZT_NETWORKCONFIG_DICT_KEY_FLAGS "f" 153 // integer(hex) 154 #define ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT "ml" 155 // network type (hex) 156 #define ZT_NETWORKCONFIG_DICT_KEY_TYPE "t" 157 // text 158 #define ZT_NETWORKCONFIG_DICT_KEY_NAME "n" 159 // network MTU 160 #define ZT_NETWORKCONFIG_DICT_KEY_MTU "mtu" 161 // credential time max delta in ms 162 #define ZT_NETWORKCONFIG_DICT_KEY_CREDENTIAL_TIME_MAX_DELTA "ctmd" 163 // binary serialized certificate of membership 164 #define ZT_NETWORKCONFIG_DICT_KEY_COM "C" 165 // specialists (binary array of uint64_t) 166 #define ZT_NETWORKCONFIG_DICT_KEY_SPECIALISTS "S" 167 // routes (binary blob) 168 #define ZT_NETWORKCONFIG_DICT_KEY_ROUTES "RT" 169 // static IPs (binary blob) 170 #define ZT_NETWORKCONFIG_DICT_KEY_STATIC_IPS "I" 171 // rules (binary blob) 172 #define ZT_NETWORKCONFIG_DICT_KEY_RULES "R" 173 // capabilities (binary blobs) 174 #define ZT_NETWORKCONFIG_DICT_KEY_CAPABILITIES "CAP" 175 // tags (binary blobs) 176 #define ZT_NETWORKCONFIG_DICT_KEY_TAGS "TAG" 177 // tags (binary blobs) 178 #define ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATES_OF_OWNERSHIP "COO" 179 // dns (binary blobs) 180 #define ZT_NETWORKCONFIG_DICT_KEY_DNS "DNS" 181 // sso enabld 182 #define ZT_NETWORKCONFIG_DICT_KEY_SSO_ENABLED "ssoe" 183 // authentication URL 184 #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_URL "aurl" 185 // authentication expiry 186 #define ZT_NETWORKCONFIG_DICT_KEY_AUTHENTICATION_EXPIRY_TIME "aexpt" 187 188 // Legacy fields -- these are obsoleted but are included when older clients query 189 190 // boolean (now a flag) 191 #define ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST_OLD "eb" 192 // IP/bits[,IP/bits,...] 193 // Note that IPs that end in all zeroes are routes with no assignment in them. 194 #define ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC_OLD "v4s" 195 // IP/bits[,IP/bits,...] 196 // Note that IPs that end in all zeroes are routes with no assignment in them. 197 #define ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC_OLD "v6s" 198 // 0/1 199 #define ZT_NETWORKCONFIG_DICT_KEY_PRIVATE_OLD "p" 200 // integer(hex)[,integer(hex),...] 201 #define ZT_NETWORKCONFIG_DICT_KEY_ALLOWED_ETHERNET_TYPES_OLD "et" 202 // string-serialized CertificateOfMembership 203 #define ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP_OLD "com" 204 // node[,node,...] 205 #define ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES_OLD "ab" 206 // node;IP/port[,node;IP/port] 207 #define ZT_NETWORKCONFIG_DICT_KEY_RELAYS_OLD "rl" 208 209 // End legacy fields 210 211 /** 212 * Network configuration received from network controller nodes 213 * 214 * This is a memcpy()'able structure and is safe (in a crash sense) to modify 215 * without locks. 216 */ 217 class NetworkConfig 218 { 219 public: NetworkConfig()220 NetworkConfig() : 221 networkId(0), 222 timestamp(0), 223 credentialTimeMaxDelta(0), 224 revision(0), 225 issuedTo(), 226 remoteTraceTarget(), 227 flags(0), 228 remoteTraceLevel(Trace::LEVEL_NORMAL), 229 mtu(0), 230 multicastLimit(0), 231 specialistCount(0), 232 routeCount(0), 233 staticIpCount(0), 234 ruleCount(0), 235 capabilityCount(0), 236 tagCount(0), 237 certificateOfOwnershipCount(0), 238 capabilities(), 239 tags(), 240 certificatesOfOwnership(), 241 type(ZT_NETWORK_TYPE_PRIVATE), 242 dnsCount(0), 243 ssoEnabled(false), 244 authenticationURL(), 245 authenticationExpiryTime(0) 246 { 247 name[0] = 0; 248 memset(specialists, 0, sizeof(uint64_t)*ZT_MAX_NETWORK_SPECIALISTS); 249 memset(routes, 0, sizeof(ZT_VirtualNetworkRoute)*ZT_MAX_NETWORK_ROUTES); 250 memset(staticIps, 0, sizeof(InetAddress)*ZT_MAX_ZT_ASSIGNED_ADDRESSES); 251 memset(rules, 0, sizeof(ZT_VirtualNetworkRule)*ZT_MAX_NETWORK_RULES); 252 memset(&dns, 0, sizeof(ZT_VirtualNetworkDNS)); 253 } 254 255 /** 256 * Write this network config to a dictionary for transport 257 * 258 * @param d Dictionary 259 * @param includeLegacy If true, include legacy fields for old node versions 260 * @return True if dictionary was successfully created, false if e.g. overflow 261 */ 262 bool toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,bool includeLegacy) const; 263 264 /** 265 * Read this network config from a dictionary 266 * 267 * @param d Dictionary (non-const since it might be modified during parse, should not be used after call) 268 * @return True if dictionary was valid and network config successfully initialized 269 */ 270 bool fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d); 271 272 /** 273 * @return True if broadcast (ff:ff:ff:ff:ff:ff) address should work on this network 274 */ enableBroadcast() const275 inline bool enableBroadcast() const { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST) != 0); } 276 277 /** 278 * @return True if IPv6 NDP emulation should be allowed for certain "magic" IPv6 address patterns 279 */ ndpEmulation() const280 inline bool ndpEmulation() const { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION) != 0); } 281 282 /** 283 * @return True if frames should not be compressed 284 */ disableCompression() const285 inline bool disableCompression() const 286 { 287 #ifndef ZT_DISABLE_COMPRESSION 288 return ((this->flags & ZT_NETWORKCONFIG_FLAG_DISABLE_COMPRESSION) != 0); 289 #else 290 /* Compression is disabled for libzt builds since it causes non-obvious chaotic 291 interference with lwIP's TCP congestion algorithm. Compression is also disabled 292 for some NAS builds due to the usage of low-performance processors in certain 293 older and budget models. */ 294 return false; 295 #endif 296 } 297 298 /** 299 * @return Network type is public (no access control) 300 */ isPublic() const301 inline bool isPublic() const { return (this->type == ZT_NETWORK_TYPE_PUBLIC); } 302 303 /** 304 * @return Network type is private (certificate access control) 305 */ isPrivate() const306 inline bool isPrivate() const { return (this->type == ZT_NETWORK_TYPE_PRIVATE); } 307 308 /** 309 * @return ZeroTier addresses of devices on this network designated as active bridges 310 */ activeBridges() const311 inline std::vector<Address> activeBridges() const 312 { 313 std::vector<Address> r; 314 for(unsigned int i=0;i<specialistCount;++i) { 315 if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0) 316 r.push_back(Address(specialists[i])); 317 } 318 return r; 319 } 320 activeBridges(Address ab[ZT_MAX_NETWORK_SPECIALISTS]) const321 inline unsigned int activeBridges(Address ab[ZT_MAX_NETWORK_SPECIALISTS]) const 322 { 323 unsigned int c = 0; 324 for(unsigned int i=0;i<specialistCount;++i) { 325 if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0) 326 ab[c++] = specialists[i]; 327 } 328 return c; 329 } 330 isActiveBridge(const Address & a) const331 inline bool isActiveBridge(const Address &a) const 332 { 333 for(unsigned int i=0;i<specialistCount;++i) { 334 if (((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0)&&(a == specialists[i])) 335 return true; 336 } 337 return false; 338 } 339 anchors() const340 inline std::vector<Address> anchors() const 341 { 342 std::vector<Address> r; 343 for(unsigned int i=0;i<specialistCount;++i) { 344 if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR) != 0) 345 r.push_back(Address(specialists[i])); 346 } 347 return r; 348 } 349 multicastReplicators() const350 inline std::vector<Address> multicastReplicators() const 351 { 352 std::vector<Address> r; 353 for(unsigned int i=0;i<specialistCount;++i) { 354 if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR) != 0) 355 r.push_back(Address(specialists[i])); 356 } 357 return r; 358 } 359 multicastReplicators(Address mr[ZT_MAX_NETWORK_SPECIALISTS]) const360 inline unsigned int multicastReplicators(Address mr[ZT_MAX_NETWORK_SPECIALISTS]) const 361 { 362 unsigned int c = 0; 363 for(unsigned int i=0;i<specialistCount;++i) { 364 if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR) != 0) 365 mr[c++] = specialists[i]; 366 } 367 return c; 368 } 369 isMulticastReplicator(const Address & a) const370 inline bool isMulticastReplicator(const Address &a) const 371 { 372 for(unsigned int i=0;i<specialistCount;++i) { 373 if (((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR) != 0)&&(a == specialists[i])) 374 return true; 375 } 376 return false; 377 } 378 alwaysContactAddresses() const379 inline std::vector<Address> alwaysContactAddresses() const 380 { 381 std::vector<Address> r; 382 for(unsigned int i=0;i<specialistCount;++i) { 383 if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) 384 r.push_back(Address(specialists[i])); 385 } 386 return r; 387 } 388 alwaysContactAddresses(Address ac[ZT_MAX_NETWORK_SPECIALISTS]) const389 inline unsigned int alwaysContactAddresses(Address ac[ZT_MAX_NETWORK_SPECIALISTS]) const 390 { 391 unsigned int c = 0; 392 for(unsigned int i=0;i<specialistCount;++i) { 393 if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) 394 ac[c++] = specialists[i]; 395 } 396 return c; 397 } 398 alwaysContactAddresses(Hashtable<Address,std::vector<InetAddress>> & a) const399 inline void alwaysContactAddresses(Hashtable< Address,std::vector<InetAddress> > &a) const 400 { 401 for(unsigned int i=0;i<specialistCount;++i) { 402 if ((specialists[i] & (ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR | ZT_NETWORKCONFIG_SPECIALIST_TYPE_MULTICAST_REPLICATOR)) != 0) { 403 a[Address(specialists[i])]; 404 } 405 } 406 } 407 408 /** 409 * @param fromPeer Peer attempting to bridge other Ethernet peers onto network 410 * @return True if this network allows bridging 411 */ permitsBridging(const Address & fromPeer) const412 inline bool permitsBridging(const Address &fromPeer) const 413 { 414 for(unsigned int i=0;i<specialistCount;++i) { 415 if ((fromPeer == specialists[i])&&((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0)) 416 return true; 417 } 418 return false; 419 } 420 operator bool() const421 inline operator bool() const { return (networkId != 0); } operator ==(const NetworkConfig & nc) const422 inline bool operator==(const NetworkConfig &nc) const { return (memcmp(this,&nc,sizeof(NetworkConfig)) == 0); } operator !=(const NetworkConfig & nc) const423 inline bool operator!=(const NetworkConfig &nc) const { return (!(*this == nc)); } 424 425 /** 426 * Add a specialist or mask flags if already present 427 * 428 * This masks the existing flags if the specialist is already here or adds 429 * it otherwise. 430 * 431 * @param a Address of specialist 432 * @param f Flags (OR of specialist role/type flags) 433 * @return True if successfully masked or added 434 */ addSpecialist(const Address & a,const uint64_t f)435 inline bool addSpecialist(const Address &a,const uint64_t f) 436 { 437 const uint64_t aint = a.toInt(); 438 for(unsigned int i=0;i<specialistCount;++i) { 439 if ((specialists[i] & 0xffffffffffULL) == aint) { 440 specialists[i] |= f; 441 return true; 442 } 443 } 444 if (specialistCount < ZT_MAX_NETWORK_SPECIALISTS) { 445 specialists[specialistCount++] = f | aint; 446 return true; 447 } 448 return false; 449 } 450 capability(const uint32_t id) const451 const Capability *capability(const uint32_t id) const 452 { 453 for(unsigned int i=0;i<capabilityCount;++i) { 454 if (capabilities[i].id() == id) 455 return &(capabilities[i]); 456 } 457 return (Capability *)0; 458 } 459 tag(const uint32_t id) const460 const Tag *tag(const uint32_t id) const 461 { 462 for(unsigned int i=0;i<tagCount;++i) { 463 if (tags[i].id() == id) 464 return &(tags[i]); 465 } 466 return (Tag *)0; 467 } 468 469 /** 470 * Network ID that this configuration applies to 471 */ 472 uint64_t networkId; 473 474 /** 475 * Controller-side time of config generation/issue 476 */ 477 int64_t timestamp; 478 479 /** 480 * Max difference between timestamp and tag/capability timestamp 481 */ 482 int64_t credentialTimeMaxDelta; 483 484 /** 485 * Controller-side revision counter for this configuration 486 */ 487 uint64_t revision; 488 489 /** 490 * Address of device to which this config is issued 491 */ 492 Address issuedTo; 493 494 /** 495 * If non-NULL, remote traces related to this network are sent here 496 */ 497 Address remoteTraceTarget; 498 499 /** 500 * Flags (64-bit) 501 */ 502 uint64_t flags; 503 504 /** 505 * Remote trace level 506 */ 507 Trace::Level remoteTraceLevel; 508 509 /** 510 * Network MTU 511 */ 512 unsigned int mtu; 513 514 /** 515 * Maximum number of recipients per multicast (not including active bridges) 516 */ 517 unsigned int multicastLimit; 518 519 /** 520 * Number of specialists 521 */ 522 unsigned int specialistCount; 523 524 /** 525 * Number of routes 526 */ 527 unsigned int routeCount; 528 529 /** 530 * Number of ZT-managed static IP assignments 531 */ 532 unsigned int staticIpCount; 533 534 /** 535 * Number of rule table entries 536 */ 537 unsigned int ruleCount; 538 539 /** 540 * Number of capabilities 541 */ 542 unsigned int capabilityCount; 543 544 /** 545 * Number of tags 546 */ 547 unsigned int tagCount; 548 549 /** 550 * Number of certificates of ownership 551 */ 552 unsigned int certificateOfOwnershipCount; 553 554 /** 555 * Specialist devices 556 * 557 * For each entry the least significant 40 bits are the device's ZeroTier 558 * address and the most significant 24 bits are flags indicating its role. 559 */ 560 uint64_t specialists[ZT_MAX_NETWORK_SPECIALISTS]; 561 562 /** 563 * Statically defined "pushed" routes (including default gateways) 564 */ 565 ZT_VirtualNetworkRoute routes[ZT_MAX_NETWORK_ROUTES]; 566 567 /** 568 * Static IP assignments 569 */ 570 InetAddress staticIps[ZT_MAX_ZT_ASSIGNED_ADDRESSES]; 571 572 /** 573 * Base network rules 574 */ 575 ZT_VirtualNetworkRule rules[ZT_MAX_NETWORK_RULES]; 576 577 /** 578 * Capabilities for this node on this network, in ascending order of capability ID 579 */ 580 Capability capabilities[ZT_MAX_NETWORK_CAPABILITIES]; 581 582 /** 583 * Tags for this node on this network, in ascending order of tag ID 584 */ 585 Tag tags[ZT_MAX_NETWORK_TAGS]; 586 587 /** 588 * Certificates of ownership for this network member 589 */ 590 CertificateOfOwnership certificatesOfOwnership[ZT_MAX_CERTIFICATES_OF_OWNERSHIP]; 591 592 /** 593 * Network type (currently just public or private) 594 */ 595 ZT_VirtualNetworkType type; 596 597 /** 598 * Network short name or empty string if not defined 599 */ 600 char name[ZT_MAX_NETWORK_SHORT_NAME_LENGTH + 1]; 601 602 /** 603 * Certificate of membership (for private networks) 604 */ 605 CertificateOfMembership com; 606 607 /** 608 * Number of ZT-pushed DNS configurations 609 */ 610 unsigned int dnsCount; 611 612 /** 613 * ZT pushed DNS configuration 614 */ 615 ZT_VirtualNetworkDNS dns; 616 617 /** 618 * SSO enabled flag. 619 */ 620 bool ssoEnabled; 621 622 /** 623 * Authentication URL if authentication is required 624 */ 625 char authenticationURL[2048]; 626 627 /** 628 * Time current authentication expires or 0 if external authentication is disabled 629 */ 630 uint64_t authenticationExpiryTime; 631 }; 632 633 } // namespace ZeroTier 634 635 #endif 636