Move rest of NodeControl stuff out of node/ and into control/

10 files changed, 446 insertions, 291 deletions

diff --git a/control/IpcListener.hpp b/control/IpcListener.hpp
index e5872b99..e7346766 100644
--- a/control/IpcListener.hpp
+++ b/control/IpcListener.hpp
@@ -36,14 +36,6 @@
 #include <string>
 #include <stdexcept>
 
-#ifdef __WINDOWS__
-#include <WinSock2.h>
-#include <Windows.h>
-#define ZT_IPC_ENDPOINT_BASE "\\\\.\\pipe\\ZeroTierOne-"
-#else
-#define ZT_IPC_ENDPOINT_BASE "/tmp/.ZeroTierOne-"
-#endif
-
 namespace ZeroTier {
 
 /**
@@ -67,6 +59,7 @@ public:
 	 * some kind of actor model or something if it gets too unweildy. But for now the
 	 * use cases are simple enough that it's not too bad.
 	 *
+	 * @param IPC endpoint name (OS-specific)
 	 * @param commandHandler Function to call for each command
 	 * @param arg First argument to pass to handler
 	 * @throws std::runtime_error Unable to bind to endpoint
diff --git a/control/NodeControlClient.cpp b/control/NodeControlClient.cpp
index 9cec18c3..2281a8ad 100644
--- a/control/NodeControlClient.cpp
+++ b/control/NodeControlClient.cpp
@@ -26,13 +26,12 @@
  */
 
 #include "NodeControlClient.hpp"
-
 #include "../node/Constants.hpp"
 #include "../node/Utils.hpp"
 #include "../node/Defaults.hpp"
-
 #include "IpcConnection.hpp"
 #include "IpcListener.hpp"
+#include "NodeControlService.hpp"
 
 namespace ZeroTier {
 
diff --git a/control/NodeControlClient.hpp b/control/NodeControlClient.hpp
index 8060b20c..37184f7b 100644
--- a/control/NodeControlClient.hpp
+++ b/control/NodeControlClient.hpp
@@ -25,12 +25,12 @@
  * LLC. Start here: http://www.zerotier.com/
  */
 
-#include <string>
-#include <vector>
-
 #ifndef ZT_NODECONTROLCLIENT_HPP
 #define ZT_NODECONTROLCLIENT_HPP
 
+#include <string>
+#include <vector>
+
 namespace ZeroTier {
 
 /**
diff --git a/control/NodeControlService.cpp b/control/NodeControlService.cpp
index e69de29b..a3b1eca6 100644
--- a/control/NodeControlService.cpp
+++ b/control/NodeControlService.cpp
@@ -0,0 +1,229 @@
+/*
+ * ZeroTier One - Global Peer to Peer Ethernet
+ * Copyright (C) 2011-2014  ZeroTier Networks LLC
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "NodeControlService.hpp"
+#include "../node/Node.hpp"
+#include "../node/Utils.hpp"
+
+namespace ZeroTier {
+
+NodeControlService::NodeControlService(Node *node,const char *authToken) :
+	_node(node),
+	_listener((IpcListener *)0),
+	_authToken(authToken),
+	_running(true),
+	_thread(Thread::start(this))
+{
+}
+
+NodeControlService::~NodeControlService()
+{
+	_running = false;
+	Thread::join(_thread);
+	{
+		Mutex::Lock _l(_connections_m);
+		for(std::map< IpcConnection *,bool >::iterator c(_connections.begin());c!=_connections.end();++c)
+			delete c->first;
+		_connections.clear();
+	}
+	delete _listener;
+}
+
+void NodeControlService::threadMain()
+	throw()
+{
+	char tmp[1024];
+	try {
+		while (_running) {
+			if (!_node->running()) {
+				break;
+			} else if ((_node->initialized())&&(_node->address())) {
+				Utils::snprintf(tmp,sizeof(tmp),"%s%.10llx",ZT_IPC_ENDPOINT_BASE,(unsigned long long)_node->address());
+				_listener = new IpcListener(tmp,&_CBcommandHandler,this);
+			}
+		}
+	} catch ( ... ) {
+		delete _listener;
+		_listener = (IpcListener *)0;
+	}
+}
+
+void NodeControlService::_CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine)
+{
+	if (!((NodeControlService *)arg)->_running)
+		return;
+	if ((!commandLine)||(!commandLine[0]))
+		return;
+	switch(event) {
+		case IpcConnection::IPC_EVENT_COMMAND: {
+			((NodeControlService *)arg)->_doCommand(ipcc,commandLine);
+		}	break;
+		case IpcConnection::IPC_EVENT_NEW_CONNECTION: {
+			Mutex::Lock _l(((NodeControlService *)arg)->_connections_m);
+			((NodeControlService *)arg)->_connections[ipcc] = false; // not yet authenticated
+		}	break;
+		case IpcConnection::IPC_EVENT_CONNECTION_CLOSED: {
+			Mutex::Lock _l(((NodeControlService *)arg)->_connections_m);
+			((NodeControlService *)arg)->_connections.erase(ipcc);
+			delete ipcc;
+		}	break;
+	}
+}
+
+void NodeControlService::_doCommand(IpcConnection *ipcc,const char *commandLine)
+{
+	std::vector<std::string> r;
+	std::vector<std::string> cmd(Utils::split(commandLine,"\r\n \t","\\","'"));
+
+	if ((cmd.empty())||(cmd[0] == "help")) {
+		ipcc->printf("200 help help"ZT_EOL_S);
+		ipcc->printf("200 help auth <token>"ZT_EOL_S);
+		ipcc->printf("200 help info"ZT_EOL_S);
+		ipcc->printf("200 help listpeers"ZT_EOL_S);
+		ipcc->printf("200 help listnetworks"ZT_EOL_S);
+		ipcc->printf("200 help join <network ID>"ZT_EOL_S);
+		ipcc->printf("200 help leave <network ID>"ZT_EOL_S);
+		ipcc->printf("200 help terminate [<reason>]"ZT_EOL_S);
+		ipcc->printf("200 help updatecheck"ZT_EOL_S);
+	} else if (cmd[0] == "auth") {
+		if ((cmd.size() > 1)&&(_authToken == cmd[1])) {
+			Mutex::Lock _l(_connections_m);
+			_connections[ipcc] = true;
+			ipcc->printf("200 auth OK"ZT_EOL_S);
+		} else ipcc->printf("403 auth failed"ZT_EOL_S);
+	} else {
+		{
+			Mutex::Lock _l(_connections_m);
+			if (!_connections[ipcc]) {
+				ipcc->printf("403 %s unauthorized"ZT_EOL_S"."ZT_EOL_S,cmd[0].c_str());
+				return;
+			}
+		}
+
+		if (cmd[0] == "info") {
+			ipcc->printf("200 info %.10llx %s %s"ZT_EOL_S,_node->address(),(_node->online() ? "ONLINE" : "OFFLINE"),Node::versionString());
+		} else if (cmd[0] == "listpeers") {
+			ipcc->printf("200 listpeers <ztaddr> <paths> <latency> <version>"ZT_EOL_S);
+			ZT1_Node_PeerList *pl = _node->listPeers();
+			if (pl) {
+				for(unsigned int i=0;i<pl->numPeers;++i) {
+					ipcc->printf("200 listpeers %.10llx ",(unsigned long long)pl->peers[i].rawAddress);
+					for(unsigned int j=0;j<pl->peers[i].numPaths;++j) {
+						if (j > 0)
+							ipcc->printf(",");
+						switch(pl->peers[i].paths[j].type) {
+							default:
+								ipcc->printf("unknown;");
+								break;
+							case ZT1_Node_PhysicalPath::ZT1_Node_PhysicalPath_TYPE_UDP:
+								ipcc->printf("udp;");
+								break;
+							case ZT1_Node_PhysicalPath::ZT1_Node_PhysicalPath_TYPE_TCP_OUT:
+								ipcc->printf("tcp_out;");
+								break;
+							case ZT1_Node_PhysicalPath::ZT1_Node_PhysicalPath_TYPE_TCP_IN:
+								ipcc->printf("tcp_in;");
+								break;
+							case ZT1_Node_PhysicalPath::ZT1_Node_PhysicalPath_TYPE_ETHERNET:
+								ipcc->printf("eth;");
+								break;
+						}
+						ipcc->printf("%s/%d;%ld;%ld;%ld;%s",
+							pl->peers[i].paths[j].address.ascii,
+							(int)pl->peers[i].paths[j].address.port,
+							pl->peers[i].paths[j].lastSend,
+							pl->peers[i].paths[j].lastReceive,
+							pl->peers[i].paths[j].lastPing,
+							(pl->peers[i].paths[j].fixed ? "fixed" : (pl->peers[i].paths[j].active ? "active" : "inactive")));
+					}
+					ipcc->printf(ZT_EOL_S);
+				}
+				_node->freeQueryResult(pl);
+			}
+		} else if (cmd[0] == "listnetworks") {
+			ipcc->printf("200 listnetworks <nwid> <name> <mac> <status> <config age> <type> <dev> <ips>"ZT_EOL_S);
+			ZT1_Node_NetworkList *nl = _node->listNetworks();
+			if (nl) {
+				for(unsigned int i=0;i<nl->numNetworks;++i) {
+					ipcc->printf("200 listnetworks %s %s %s %s %ld %s %s ",
+						nl->networks[i].nwidHex,
+						nl->networks[i].name,
+						nl->networks[i].macStr,
+						nl->networks[i].statusStr,
+						nl->networks[i].configAge,
+						(nl->networks[i].isPrivate ? "private" : "public"),
+						nl->networks[i].device);
+					if (nl->networks[i].numIps > 0) {
+						for(unsigned int j=0;j<nl->networks[i].numIps;++j) {
+							if (j > 0)
+								ipcc->printf(",");
+							ipcc->printf("%s/%d",nl->networks[i].ips[j].ascii,(int)nl->networks[i].ips[j].port);
+						}
+					} else ipcc->printf("-");
+					ipcc->printf(ZT_EOL_S);
+				}
+				_node->freeQueryResult(nl);
+			}
+		} else if (cmd[0] == "join") {
+			if (cmd.size() > 1) {
+				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
+				_node->join(nwid);
+				ipcc->printf("200 join %.16llx OK"ZT_EOL_S,(unsigned long long)nwid);
+			} else {
+				ipcc->printf("400 join requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
+			}
+		} else if (cmd[0] == "leave") {
+			if (cmd.size() > 1) {
+				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
+				_node->leave(nwid);
+				ipcc->printf("200 leave %.16llx OK"ZT_EOL_S,(unsigned long long)nwid);
+			} else {
+				ipcc->printf("400 leave requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
+			}
+		} else if (cmd[0] == "terminate") {
+			if (cmd.size() > 1)
+				_node->terminate(Node::NODE_NORMAL_TERMINATION,cmd[1].c_str());
+			else _node->terminate(Node::NODE_NORMAL_TERMINATION,"terminate via IPC command");
+		} else if (cmd[0] == "updatecheck") {
+			if (_node->updateCheck()) {
+				ipcc->printf("500 software updates are not enabled"ZT_EOL_S);
+			} else {
+				ipcc->printf("200 OK"ZT_EOL_S);
+			}
+		} else {
+			ipcc->printf("404 %s No such command. Use 'help' for help."ZT_EOL_S,cmd[0].c_str());
+		}
+	}
+
+	ipcc->printf("."ZT_EOL_S); // blank line ends response
+}
+
+} // namespace ZeroTier
diff --git a/control/NodeControlService.hpp b/control/NodeControlService.hpp
index e69de29b..453e943b 100644
--- a/control/NodeControlService.hpp
+++ b/control/NodeControlService.hpp
@@ -0,0 +1,89 @@
+/*
+ * ZeroTier One - Global Peer to Peer Ethernet
+ * Copyright (C) 2011-2014  ZeroTier Networks LLC
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_NODECONTROLSERVICE_HPP
+#define ZT_NODECONTROLSERVICE_HPP
+
+#include <string>
+#include <map>
+
+#include "IpcConnection.hpp"
+#include "IpcListener.hpp"
+
+#include "../node/Constants.hpp"
+#include "../node/NonCopyable.hpp"
+#include "../node/Thread.hpp"
+
+#ifdef __WINDOWS__
+#define ZT_IPC_ENDPOINT_BASE "\\\\.\\pipe\\ZeroTierOne-"
+#else
+#define ZT_IPC_ENDPOINT_BASE "/tmp/.ZeroTierOne-"
+#endif
+
+namespace ZeroTier {
+
+class Node;
+
+/**
+ * Background controller service that controls and configures a node
+ *
+ * This is used with system-installed instances of ZeroTier One to
+ * provide the IPC-based control bus service for node configuration.
+ */
+class NodeControlService : NonCopyable
+{
+public:
+	/**
+	 * @param node Node to control and configure
+	 * @param authToken Authorization token for clients
+	 */
+	NodeControlService(Node *node,const char *authToken);
+
+	~NodeControlService();
+
+	// Background thread waits for node to initialize, then creates IpcListener
+	void threadMain()
+		throw();
+
+private:
+	static void _CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine);
+	void _doCommand(IpcConnection *ipcc,const char *commandLine);
+
+	Node *_node;
+	IpcListener *_listener;
+	std::string _authToken;
+
+	std::map< IpcConnection *,bool > _connections;
+	Mutex _connections_m;
+
+	volatile bool _running;
+	Thread _thread;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Node.cpp b/node/Node.cpp
index 9fe7a3cb..36a199b9 100644
--- a/node/Node.cpp
+++ b/node/Node.cpp
@@ -338,35 +338,37 @@ Node::ReasonForTermination Node::run()
 		_r->prng = new CMWC4096();
 
 		// Read identity public and secret, generating if not present
-		bool gotId = false;
-		std::string identitySecretPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.secret");
-		std::string identityPublicPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.public");
-		std::string idser;
-		if (Utils::readFile(identitySecretPath.c_str(),idser))
-			gotId = _r->identity.fromString(idser);
-		if ((gotId)&&(!_r->identity.locallyValidate()))
-			gotId = false;
-		if (gotId) {
-			// Make sure identity.public matches identity.secret
-			idser = std::string();
-			Utils::readFile(identityPublicPath.c_str(),idser);
-			std::string pubid(_r->identity.toString(false));
-			if (idser != pubid) {
-				if (!Utils::writeFile(identityPublicPath.c_str(),pubid))
+		{
+			bool gotId = false;
+			std::string identitySecretPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.secret");
+			std::string identityPublicPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.public");
+			std::string idser;
+			if (Utils::readFile(identitySecretPath.c_str(),idser))
+				gotId = _r->identity.fromString(idser);
+			if ((gotId)&&(!_r->identity.locallyValidate()))
+				gotId = false;
+			if (gotId) {
+				// Make sure identity.public matches identity.secret
+				idser = std::string();
+				Utils::readFile(identityPublicPath.c_str(),idser);
+				std::string pubid(_r->identity.toString(false));
+				if (idser != pubid) {
+					if (!Utils::writeFile(identityPublicPath.c_str(),pubid))
+						return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write identity.public (home path not writable?)");
+				}
+			} else {
+				LOG("no identity found or identity invalid, generating one... this might take a few seconds...");
+				_r->identity.generate();
+				LOG("generated new identity: %s",_r->identity.address().toString().c_str());
+				idser = _r->identity.toString(true);
+				if (!Utils::writeFile(identitySecretPath.c_str(),idser))
+					return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write identity.secret (home path not writable?)");
+				idser = _r->identity.toString(false);
+				if (!Utils::writeFile(identityPublicPath.c_str(),idser))
 					return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write identity.public (home path not writable?)");
 			}
-		} else {
-			LOG("no identity found or identity invalid, generating one... this might take a few seconds...");
-			_r->identity.generate();
-			LOG("generated new identity: %s",_r->identity.address().toString().c_str());
-			idser = _r->identity.toString(true);
-			if (!Utils::writeFile(identitySecretPath.c_str(),idser))
-				return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write identity.secret (home path not writable?)");
-			idser = _r->identity.toString(false);
-			if (!Utils::writeFile(identityPublicPath.c_str(),idser))
-				return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write identity.public (home path not writable?)");
+			Utils::lockDownFile(identitySecretPath.c_str(),false);
 		}
-		Utils::lockDownFile(identitySecretPath.c_str(),false);
 
 		// Make sure networks.d exists
 		{
@@ -378,21 +380,6 @@ Node::ReasonForTermination Node::run()
 #endif
 		}
 
-		// Read configuration authentication token, generating if not present
-		std::string configAuthTokenPath(_r->homePath + ZT_PATH_SEPARATOR_S + "authtoken.secret");
-		std::string configAuthToken;
-		if (!Utils::readFile(configAuthTokenPath.c_str(),configAuthToken)) {
-			configAuthToken = "";
-			unsigned int sr = 0;
-			for(unsigned int i=0;i<24;++i) {
-				Utils::getSecureRandom(&sr,sizeof(sr));
-				configAuthToken.push_back("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"[sr % 62]);
-			}
-			if (!Utils::writeFile(configAuthTokenPath.c_str(),configAuthToken))
-				return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"could not write authtoken.secret (home path not writable?)");
-		}
-		Utils::lockDownFile(configAuthTokenPath.c_str(),false);
-
 		_r->http = new HttpClient();
 		_r->antiRec = new AntiRecursion();
 		_r->mc = new Multicaster();
@@ -400,7 +387,7 @@ Node::ReasonForTermination Node::run()
 		_r->sm = new SocketManager(impl->udpPort,impl->tcpPort,&_CBztTraffic,_r);
 		_r->topology = new Topology(_r,Utils::fileExists((_r->homePath + ZT_PATH_SEPARATOR_S + "iddb.d").c_str()));
 		try {
-			_r->nc = new NodeConfig(_r,configAuthToken.c_str());
+			_r->nc = new NodeConfig(_r);
 		} catch (std::exception &exc) {
 			return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"unable to initialize IPC socket: is ZeroTier One already running?");
 		}
@@ -416,28 +403,30 @@ Node::ReasonForTermination Node::run()
 #endif
 
 		// Initialize root topology from defaults or root-toplogy file in home path on disk
-		std::string rootTopologyPath(_r->homePath + ZT_PATH_SEPARATOR_S + "root-topology");
-		std::string rootTopology;
-		if (!Utils::readFile(rootTopologyPath.c_str(),rootTopology))
-			rootTopology = ZT_DEFAULTS.defaultRootTopology;
-		try {
-			Dictionary rt(rootTopology);
-
-			if (Topology::authenticateRootTopology(rt)) {
-				// Set supernodes if root topology signature is valid
-				_r->topology->setSupernodes(Dictionary(rt.get("supernodes",""))); // set supernodes from root-topology
-
-				// If root-topology contains noupdate=1, disable further updates and only use what was on disk
-				impl->disableRootTopologyUpdates = (Utils::strToInt(rt.get("noupdate","0").c_str()) > 0);
-			} else {
-				// Revert to built-in defaults if root topology fails signature check
-				LOG("%s failed signature check, using built-in defaults instead",rootTopologyPath.c_str());
-				Utils::rm(rootTopologyPath.c_str());
-				_r->topology->setSupernodes(Dictionary(Dictionary(ZT_DEFAULTS.defaultRootTopology).get("supernodes","")));
-				impl->disableRootTopologyUpdates = false;
+		{
+			std::string rootTopologyPath(_r->homePath + ZT_PATH_SEPARATOR_S + "root-topology");
+			std::string rootTopology;
+			if (!Utils::readFile(rootTopologyPath.c_str(),rootTopology))
+				rootTopology = ZT_DEFAULTS.defaultRootTopology;
+			try {
+				Dictionary rt(rootTopology);
+
+				if (Topology::authenticateRootTopology(rt)) {
+					// Set supernodes if root topology signature is valid
+					_r->topology->setSupernodes(Dictionary(rt.get("supernodes",""))); // set supernodes from root-topology
+
+					// If root-topology contains noupdate=1, disable further updates and only use what was on disk
+					impl->disableRootTopologyUpdates = (Utils::strToInt(rt.get("noupdate","0").c_str()) > 0);
+				} else {
+					// Revert to built-in defaults if root topology fails signature check
+					LOG("%s failed signature check, using built-in defaults instead",rootTopologyPath.c_str());
+					Utils::rm(rootTopologyPath.c_str());
+					_r->topology->setSupernodes(Dictionary(Dictionary(ZT_DEFAULTS.defaultRootTopology).get("supernodes","")));
+					impl->disableRootTopologyUpdates = false;
+				}
+			} catch ( ... ) {
+				return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"invalid root-topology format");
 			}
-		} catch ( ... ) {
-			return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"invalid root-topology format");
 		}
 	} catch (std::bad_alloc &exc) {
 		return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"memory allocation failure");
@@ -487,6 +476,9 @@ Node::ReasonForTermination Node::run()
 		uint64_t networkConfigurationFingerprint = 0;
 		_r->timeOfLastResynchronize = Utils::now();
 
+		// We are up and running
+		_r->initialized = true;
+
 		while (impl->reasonForTermination == NODE_RUNNING) {
 			/* This is how the service automatically shuts down when the OSX .app is
 			 * thrown in the trash. It's not used on any other platform for now but
@@ -705,6 +697,38 @@ bool Node::online()
 	return false;
 }
 
+bool Node::started()
+	throw()
+{
+	_NodeImpl *impl = (_NodeImpl *)_impl;
+	return impl->started;
+}
+
+bool Node::running()
+	throw()
+{
+	_NodeImpl *impl = (_NodeImpl *)_impl;
+	return impl->running;
+}
+
+bool Node::initialized()
+	throw()
+{
+	_NodeImpl *impl = (_NodeImpl *)_impl;
+	RuntimeEnvironment *_r = (RuntimeEnvironment *)&(impl->renv);
+	return ((_r)&&(_r->initialized));
+}
+
+uint64_t Node::address()
+	throw()
+{
+	_NodeImpl *impl = (_NodeImpl *)_impl;
+	RuntimeEnvironment *_r = (RuntimeEnvironment *)&(impl->renv);
+	if ((!_r)||(!_r->initialized))
+		return 0;
+	return _r->identity.address().toInt();
+}
+
 void Node::join(uint64_t nwid)
 	throw()
 {
@@ -957,7 +981,8 @@ ZT1_Node_NetworkList *Node::listNetworks()
 void Node::freeQueryResult(void *qr)
 	throw()
 {
-	::free(qr);
+	if (qr)
+		::free(qr);
 }
 
 bool Node::updateCheck()
diff --git a/node/Node.hpp b/node/Node.hpp
index 29fe494c..32342349 100644
--- a/node/Node.hpp
+++ b/node/Node.hpp
@@ -28,6 +28,8 @@
 #ifndef ZT_NODE_HPP
 #define ZT_NODE_HPP
 
+#include <stdint.h>
+
 #include "../include/ZeroTierOne.h"
 
 namespace ZeroTier {
@@ -138,6 +140,30 @@ public:
 		throw();
 
 	/**
+	 * @return True if run() has been called
+	 */
+	bool started()
+		throw();
+
+	/**
+	 * @return True if run() has not yet returned
+	 */
+	bool running()
+		throw();
+
+	/**
+	 * @return True if initialization phase of startup is complete
+	 */
+	bool initialized()
+		throw();
+
+	/**
+	 * @return This node's address (in least significant 40 bits of 64-bit int) or 0 if not yet initialized
+	 */
+	uint64_t address()
+		throw();
+
+	/**
 	 * Join a network
 	 *
 	 * Use getNetworkStatus() to check the network's status after joining. If you
diff --git a/node/NodeConfig.cpp b/node/NodeConfig.cpp
index 996163d0..bd676660 100644
--- a/node/NodeConfig.cpp
+++ b/node/NodeConfig.cpp
@@ -51,10 +51,8 @@
 
 namespace ZeroTier {
 
-NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken) :
+NodeConfig::NodeConfig(const RuntimeEnvironment *renv) :
 	_r(renv)
-//	_ipcListener((std::string(ZT_IPC_ENDPOINT_BASE) + renv->identity.address().toString()).c_str(),&_CBcommandHandler,this),
-//	_authToken(authToken)
 {
 	{
 		Mutex::Lock _l(_localConfig_m);
@@ -89,14 +87,6 @@ NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken) :
 NodeConfig::~NodeConfig()
 {
 	_writeLocalConfig();
-
-	// Close any open IPC connections
-	/*
-	Mutex::Lock _l(_connections_m);
-	for(std::map< IpcConnection *,bool >::iterator c(_connections.begin());c!=_connections.end();++c)
-		delete c->first;
-	_connections.clear();
-	*/
 }
 
 void NodeConfig::putLocalConfig(const std::string &key,const char *value)
@@ -129,192 +119,6 @@ void NodeConfig::clean()
 		n->second->clean();
 }
 
-/*
-void NodeConfig::_CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine)
-{
-	switch(event) {
-		case IpcConnection::IPC_EVENT_COMMAND:
-			((NodeConfig *)arg)->_doCommand(ipcc,commandLine);
-			break;
-		case IpcConnection::IPC_EVENT_NEW_CONNECTION: {
-			Mutex::Lock _l(((NodeConfig *)arg)->_connections_m);
-			((NodeConfig *)arg)->_connections[ipcc] = false; // not yet authenticated
-		}	break;
-		case IpcConnection::IPC_EVENT_CONNECTION_CLOSED: {
-			Mutex::Lock _l(((NodeConfig *)arg)->_connections_m);
-			((NodeConfig *)arg)->_connections.erase(ipcc);
-			delete ipcc;
-		}	break;
-	}
-}
-
-// Used with Topology::eachPeer to dump peer stats
-class _DumpPeerStatistics
-{
-public:
-	_DumpPeerStatistics(IpcConnection *i) :
-		ipcc(i),
-		now(Utils::now())
-	{
-	}
-	inline void operator()(Topology &t,const SharedPtr<Peer> &p)
-	{
-		std::vector<Path> pp(p->paths());
-		std::string pathsStr;
-		for(std::vector<Path>::const_iterator ppp(pp.begin());ppp!=pp.end();++ppp) {
-			if (pathsStr.length())
-				pathsStr.push_back(',');
-			pathsStr.append(ppp->toString());
-		}
-		ipcc->printf("200 listpeers %s %s %u %s"ZT_EOL_S,
-			p->address().toString().c_str(),
-			((pathsStr.length() > 0) ? pathsStr.c_str() : "-"),
-			p->latency(),
-			p->remoteVersion().c_str());
-	}
-	IpcConnection *ipcc;
-	uint64_t now;
-};
-
-void NodeConfig::_doCommand(IpcConnection *ipcc,const char *commandLine)
-{
-	if ((!commandLine)||(!commandLine[0]))
-		return;
-	std::vector<std::string> r;
-	std::vector<std::string> cmd(Utils::split(commandLine,"\r\n \t","\\","'"));
-
-	if ((cmd.empty())||(cmd[0] == "help")) {
-		ipcc->printf("200 help help"ZT_EOL_S);
-		ipcc->printf("200 help auth <token>"ZT_EOL_S);
-		ipcc->printf("200 help info"ZT_EOL_S);
-		ipcc->printf("200 help listpeers"ZT_EOL_S);
-		ipcc->printf("200 help listnetworks"ZT_EOL_S);
-		ipcc->printf("200 help join <network ID>"ZT_EOL_S);
-		ipcc->printf("200 help leave <network ID>"ZT_EOL_S);
-		ipcc->printf("200 help terminate [<reason>]"ZT_EOL_S);
-		ipcc->printf("200 help updatecheck"ZT_EOL_S);
-	} else if (cmd[0] == "auth") {
-		if ((cmd.size() > 1)&&(_authToken == cmd[1])) {
-			Mutex::Lock _l(_connections_m);
-			_connections[ipcc] = true;
-			ipcc->printf("200 auth OK"ZT_EOL_S);
-		} else ipcc->printf("403 auth failed"ZT_EOL_S);
-	} else {
-		{
-			Mutex::Lock _l(_connections_m);
-			if (!_connections[ipcc]) {
-				ipcc->printf("403 %s unauthorized"ZT_EOL_S"."ZT_EOL_S,cmd[0].c_str());
-				return;
-			}
-		}
-
-		if (cmd[0] == "info") {
-			// We are online if at least one supernode has spoken to us since the last time our
-			// network environment changed and also less than ZT_PEER_LINK_ACTIVITY_TIMEOUT ago.
-			bool isOnline = false;
-			uint64_t now = Utils::now();
-			uint64_t since = _r->timeOfLastResynchronize;
-			std::vector< SharedPtr<Peer> > snp(_r->topology->supernodePeers());
-			for(std::vector< SharedPtr<Peer> >::const_iterator sn(snp.begin());sn!=snp.end();++sn) {
-				uint64_t lastRec = (*sn)->lastDirectReceive();
-				if ((lastRec)&&(lastRec > since)&&((now - lastRec) < ZT_PEER_PATH_ACTIVITY_TIMEOUT)) {
-					isOnline = true;
-					break;
-				}
-			}
-
-			ipcc->printf("200 info %s %s %s"ZT_EOL_S,_r->identity.address().toString().c_str(),(isOnline ? "ONLINE" : "OFFLINE"),Node::versionString());
-		} else if (cmd[0] == "listpeers") {
-			ipcc->printf("200 listpeers <ztaddr> <paths> <latency> <version>"ZT_EOL_S);
-			_r->topology->eachPeer(_DumpPeerStatistics(ipcc));
-		} else if (cmd[0] == "listnetworks") {
-			Mutex::Lock _l(_networks_m);
-			ipcc->printf("200 listnetworks <nwid> <name> <mac> <status> <config age> <type> <dev> <ips>"ZT_EOL_S);
-			for(std::map< uint64_t,SharedPtr<Network> >::const_iterator nw(_networks.begin());nw!=_networks.end();++nw) {
-				std::string tmp;
-				std::set<InetAddress> ips(nw->second->ips());
-				for(std::set<InetAddress>::iterator i(ips.begin());i!=ips.end();++i) {
-					if (tmp.length())
-						tmp.push_back(',');
-					tmp.append(i->toString());
-				}
-
-				SharedPtr<NetworkConfig> nconf(nw->second->config2());
-
-				long long age = (nconf) ? ((long long)Utils::now() - (long long)nconf->timestamp()) : (long long)0;
-				if (age < 0)
-					age = 0;
-				age /= 1000;
-
-				std::string dn(nw->second->tapDeviceName());
-				ipcc->printf("200 listnetworks %.16llx %s %s %s %lld %s %s %s"ZT_EOL_S,
-					(unsigned long long)nw->first,
-					((nconf) ? nconf->name().c_str() : "?"),
-					nw->second->mac().toString().c_str(),
-					Network::statusString(nw->second->status()),
-					age,
-					((nconf) ? (nconf->isPublic() ? "public" : "private") : "?"),
-					(dn.length() > 0) ? dn.c_str() : "?",
-					((tmp.length() > 0) ? tmp.c_str() : "-"));
-			}
-		} else if (cmd[0] == "join") {
-			if (cmd.size() > 1) {
-				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
-				if (nwid > 0) {
-					Mutex::Lock _l(_networks_m);
-					if (_networks.count(nwid)) {
-						ipcc->printf("409 already a member of %.16llx"ZT_EOL_S,(unsigned long long)nwid);
-					} else {
-						try {
-							SharedPtr<Network> nw(Network::newInstance(_r,this,nwid));
-							_networks[nwid] = nw;
-							ipcc->printf("200 join %.16llx OK"ZT_EOL_S,(unsigned long long)nwid);
-						} catch (std::exception &exc) {
-							ipcc->printf("500 join %.16llx ERROR: %s"ZT_EOL_S,(unsigned long long)nwid,exc.what());
-						} catch ( ... ) {
-							ipcc->printf("500 join %.16llx ERROR: (unknown exception)"ZT_EOL_S,(unsigned long long)nwid);
-						}
-					}
-				} else {
-					ipcc->printf("400 join requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
-				}
-			} else {
-				ipcc->printf("400 join requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
-			}
-		} else if (cmd[0] == "leave") {
-			if (cmd.size() > 1) {
-				Mutex::Lock _l(_networks_m);
-				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
-				std::map< uint64_t,SharedPtr<Network> >::iterator nw(_networks.find(nwid));
-				if (nw == _networks.end()) {
-					ipcc->printf("404 leave %.16llx ERROR: not a member of that network"ZT_EOL_S,(unsigned long long)nwid);
-				} else {
-					nw->second->destroy();
-					_networks.erase(nw);
-				}
-			} else {
-				ipcc->printf("400 leave requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
-			}
-		} else if (cmd[0] == "terminate") {
-			if (cmd.size() > 1)
-				_r->node->terminate(Node::NODE_NORMAL_TERMINATION,cmd[1].c_str());
-			else _r->node->terminate(Node::NODE_NORMAL_TERMINATION,"terminate via IPC command");
-		} else if (cmd[0] == "updatecheck") {
-			if (_r->updater) {
-				ipcc->printf("200 checking for software updates now at: %s"ZT_EOL_S,ZT_DEFAULTS.updateLatestNfoURL.c_str());
-				_r->updater->checkNow();
-			} else {
-				ipcc->printf("500 software updates are not enabled"ZT_EOL_S);
-			}
-		} else {
-			ipcc->printf("404 %s No such command. Use 'help' for help."ZT_EOL_S,cmd[0].c_str());
-		}
-	}
-
-	ipcc->printf("."ZT_EOL_S); // blank line ends response
-}
-*/
-
 void NodeConfig::_readLocalConfig()
 {
 	// assumes _localConfig_m is locked
diff --git a/node/NodeConfig.hpp b/node/NodeConfig.hpp
index d374eee6..c53ffd6e 100644
--- a/node/NodeConfig.hpp
+++ b/node/NodeConfig.hpp
@@ -54,10 +54,9 @@ class NodeConfig
 public:
 	/**
 	 * @param renv Runtime environment
-	 * @param authToken Configuration authentication token
 	 * @throws std::runtime_error Unable to initialize or listen for IPC connections
 	 */
-	NodeConfig(const RuntimeEnvironment *renv,const char *authToken);
+	NodeConfig(const RuntimeEnvironment *renv);
 
 	~NodeConfig();
 
@@ -164,27 +163,12 @@ public:
 		return tapDevs;
 	}
 
-private:
-	/*
-	static void _CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine);
-	void _doCommand(IpcConnection *ipcc,const char *commandLine);
-	*/
-
 	void _readLocalConfig();
 	void _writeLocalConfig();
 
 	const RuntimeEnvironment *_r;
-
-	/*
-	IpcListener _ipcListener;
-	std::string _authToken;
-	std::map< IpcConnection *,bool > _connections;
-	Mutex _connections_m;
-	*/
-
 	Dictionary _localConfig; // persisted as local.conf
 	Mutex _localConfig_m;
-
 	std::map< uint64_t,SharedPtr<Network> > _networks; // persisted in networks.d/
 	Mutex _networks_m;
 };
diff --git a/node/RuntimeEnvironment.hpp b/node/RuntimeEnvironment.hpp
index 21fbc73a..767dd564 100644
--- a/node/RuntimeEnvironment.hpp
+++ b/node/RuntimeEnvironment.hpp
@@ -66,6 +66,9 @@ class RuntimeEnvironment
 {
 public:
 	RuntimeEnvironment() :
+		homePath(),
+		identity(),
+		initialized(false),
 		shutdownInProgress(false),
 		tcpTunnelingEnabled(false),
 		timeOfLastResynchronize(0),
@@ -94,6 +97,9 @@ public:
 	// This node's identity
 	Identity identity;
 
+	// Are we initialized?
+	volatile bool initialized;
+
 	// Indicates that we are shutting down -- this is hacky, want to factor out
 	volatile bool shutdownInProgress;