Work in progress on refactoring root-topology into World and adding in-band updates.

7 files changed, 317 insertions, 266 deletions

diff --git a/node/Defaults.cpp b/node/Defaults.cpp
deleted file mode 100644
index b311fb6a..00000000
--- a/node/Defaults.cpp
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * ZeroTier One - Network Virtualization Everywhere
- * Copyright (C) 2011-2015  ZeroTier, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * --
- *
- * ZeroTier may be used and distributed under the terms of the GPLv3, which
- * are available at: http://www.gnu.org/licenses/gpl-3.0.html
- *
- * If you would like to embed ZeroTier into a commercial application or
- * redistribute it in a modified binary form, please contact ZeroTier Networks
- * LLC. Start here: http://www.zerotier.com/
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../include/ZeroTierOne.h"
-
-#include "Constants.hpp"
-#include "Defaults.hpp"
-#include "Utils.hpp"
-
-// bin2c'd signed default root topology dictionary
-#include "../root-topology/ZT_DEFAULT_ROOT_TOPOLOGY.c"
-
-#ifdef __WINDOWS__
-#include <WinSock2.h>
-#include <Windows.h>
-#include <ShlObj.h>
-#endif
-
-namespace ZeroTier {
-
-const Defaults ZT_DEFAULTS;
-
-static inline std::map< Address,Identity > _mkRootTopologyAuth()
-{
-	std::map< Address,Identity > ua;
-
-	{ // 0001
-		Identity id("77792b1c02:0:b5c361e8e9c2154e82c3e902fdfc337468b092a7c4d8dc685c37eb10ee4f3c17cc0bb1d024167e8cb0824d12263428373582da3d0a9a14b36e4546c317e811e6");
-		ua[id.address()] = id;
-	}
-	{ // 0002
-		Identity id("86921e6de1:0:9ba04f9f12ed54ef567f548cb69d31e404537d7b0ee000c63f3d7c8d490a1a47a5a5b2af0cbe12d23f9194270593f298d936d7c872612ea509ef1c67ce2c7fc1");
-		ua[id.address()] = id;
-	}
-	{ // 0003
-		Identity id("90302b7025:0:358154a57af1b7afa07d0d91b69b92eaad2f11ade7f02343861f0c1b757d15626e8cb7f08fc52993d2202a39cbf5128c5647ee8c63d27d92db5a1d0fbe1eba19");
-		ua[id.address()] = id;
-	}
-	{ // 0004
-		Identity id("e5174078ee:0:c3f90daa834a74ee47105f5726ae2e29fc8ae0e939c9326788b52b16d847354de8de3b13a81896bbb509b91e1da21763073a30bbfb2b8e994550798d30a2d709");
-		ua[id.address()] = id;
-	}
-
-	return ua;
-}
-
-Defaults::Defaults() :
-	defaultRootTopology((const char *)ZT_DEFAULT_ROOT_TOPOLOGY,ZT_DEFAULT_ROOT_TOPOLOGY_LEN),
-	rootTopologyAuthorities(_mkRootTopologyAuth()),
-	v4Broadcast(((uint32_t)0xffffffff),ZT_DEFAULT_PORT)
-{
-}
-
-} // namespace ZeroTier
diff --git a/node/Defaults.hpp b/node/Defaults.hpp
deleted file mode 100644
index c1df919b..00000000
--- a/node/Defaults.hpp
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * ZeroTier One - Network Virtualization Everywhere
- * Copyright (C) 2011-2015  ZeroTier, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * --
- *
- * ZeroTier may be used and distributed under the terms of the GPLv3, which
- * are available at: http://www.gnu.org/licenses/gpl-3.0.html
- *
- * If you would like to embed ZeroTier into a commercial application or
- * redistribute it in a modified binary form, please contact ZeroTier Networks
- * LLC. Start here: http://www.zerotier.com/
- */
-
-#ifndef ZT_DEFAULTS_HPP
-#define ZT_DEFAULTS_HPP
-
-#include <stdexcept>
-#include <string>
-#include <vector>
-#include <map>
-
-#include "Constants.hpp"
-#include "Identity.hpp"
-#include "InetAddress.hpp"
-
-namespace ZeroTier {
-
-/**
- * Static configuration defaults
- * 
- * These are the default values that ship baked into the ZeroTier binary. They
- * define the basic parameters required for it to connect to the rest of the
- * network and obtain software updates.
- */
-class Defaults
-{
-public:
-	Defaults();
-
-	/**
-	 * Default root topology dictionary
-	 */
-	const std::string defaultRootTopology;
-
-	/**
-	 * Identities permitted to sign root topology dictionaries
-	 */
-	const std::map< Address,Identity > rootTopologyAuthorities;
-
-	/**
-	 * Address for IPv4 LAN auto-location broadcasts: 255.255.255.255:9993
-	 */
-	const InetAddress v4Broadcast;
-};
-
-extern const Defaults ZT_DEFAULTS;
-
-} // namespace ZeroTier
-
-#endif
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index 9f53a1c5..9fcc2e49 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -835,7 +835,7 @@ bool IncomingPacket::_doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const Sha
 		unsigned int ptr = ZT_PACKET_IDX_PAYLOAD + 2;
 
 		while (count--) { // if ptr overflows Buffer will throw
-			// TODO: properly handle blacklisting, support other features... see Packet.hpp.
+			// TODO: some flags are not yet implemented
 
 			unsigned int flags = (*this)[ptr++];
 			unsigned int extLen = at<uint16_t>(ptr); ptr += 2;
@@ -846,14 +846,14 @@ bool IncomingPacket::_doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const Sha
 			switch(addrType) {
 				case 4: {
 					InetAddress a(field(ptr,4),4,at<uint16_t>(ptr + 4));
-					if ( ((flags & (0x01 | 0x02)) == 0) && (Path::isAddressValidForPath(a)) ) {
+					if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) ) {
 						TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
 						peer->attemptToContactAt(RR,_localAddress,a,RR->node->now());
 					}
 				}	break;
 				case 6: {
 					InetAddress a(field(ptr,16),16,at<uint16_t>(ptr + 16));
-					if ( ((flags & (0x01 | 0x02)) == 0) && (Path::isAddressValidForPath(a)) ) {
+					if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) ) {
 						TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
 						peer->attemptToContactAt(RR,_localAddress,a,RR->node->now());
 					}
diff --git a/node/Packet.hpp b/node/Packet.hpp
index 6c178e66..958d0f3e 100644
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@@ -564,6 +564,8 @@ public:
 		 *   <[2] software revision (of responder)>
 		 *   <[1] destination address type (for this OK, not copied from HELLO)>
 		 *   [<[...] destination address>]
+		 *   <[8] 64-bit world ID of current world>
+		 *   <[8] 64-bit timestamp of current world>
 		 *
 		 * ERROR has no payload.
 		 */
@@ -911,7 +913,7 @@ public:
 		 *
 		 * Path record flags:
 		 *   0x01 - Forget this path if it is currently known
-		 *   0x02 - Blacklist this path, do not use
+		 *   0x02 - (Unused)
 		 *   0x04 - Disable encryption (trust: privacy)
 		 *   0x08 - Disable encryption and authentication (trust: ultimate)
 		 *
@@ -1094,7 +1096,36 @@ public:
 		 *
 		 * ERROR has no payload.
 		 */
-		VERB_REQUEST_PROOF_OF_WORK = 19
+		VERB_REQUEST_PROOF_OF_WORK = 19,
+
+		/**
+		 * Generic binary object access:
+		 *   <[8] 64-bit request ID>
+		 *   <[4] 32-bit index in blob to retrieve>
+		 *   <[2] 16-bit max length of block to retrieve>
+		 *   <[2] 16-bit length of blob identifier>
+		 *   <[...] blob identifier>
+		 *
+		 * This is used as a generic remote object retrieval mechanism. It returns
+		 * OK if the object is accessible, INVALID_REQUEST if the index is beyond
+		 * the size of the blob or another element is invalid, and OBJ_NOT_FOUND
+		 * if no blob with the given identifier is available.
+		 *
+		 * Blob identifiers follow a de facto path-like schema, with the following
+		 * names reserved:
+		 *   world - Current world definition (see World.hpp)
+		 *   updates.d/<any> - Software updates (not used yet, but reserved)
+		 *
+		 * OK payload:
+		 *   <[8] 64-bit request ID>
+		 *   <[4] 32-bit total length of blob>
+		 *   <[4] 32-bit index of this data in blob>
+		 *   <[...] data>
+		 *
+		 * ERROR payload:
+		 *   <[8] 64-bit request ID>
+		 */
+		VERB_GET_OBJECT = 20
 	};
 
 	/**
diff --git a/node/Topology.cpp b/node/Topology.cpp
index 908acbc8..5aedae86 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -28,17 +28,37 @@
 #include "Constants.hpp"
 #include "Topology.hpp"
 #include "RuntimeEnvironment.hpp"
-#include "Defaults.hpp"
 #include "Dictionary.hpp"
 #include "Node.hpp"
 #include "Buffer.hpp"
 
 namespace ZeroTier {
 
+// Default World
+#define ZT_DEFAULT_WORLD_LENGTH 1
+static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = { 0 };
+
 Topology::Topology(const RuntimeEnvironment *renv) :
 	RR(renv),
 	_amRoot(false)
 {
+	try {
+		std::string dsWorld(RR->node->dataStoreGet("world"));
+		Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> dswtmp(dsWorld.data(),dsWorld.length());
+		_world.deserialize(dswtmp,0);
+	} catch ( ... ) {
+		_world = World(); // set to null if cached world is invalid
+	}
+	{
+		World defaultWorld;
+		Buffer<ZT_DEFAULT_WORLD_LENGTH> wtmp(ZT_DEFAULT_WORLD,ZT_DEFAULT_WORLD_LENGTH);
+		defaultWorld.deserialize(wtmp,0); // throws on error, which would indicate a bad static variable up top
+		if (_world.verifyUpdate(defaultWorld)) {
+			_world = defaultWorld;
+			RR->node->dataStorePut("world",ZT_DEFAULT_WORLD,ZT_DEFAULT_WORLD_LENGTH,false);
+		}
+	}
+
 	std::string alls(RR->node->dataStoreGet("peers.save"));
 	const uint8_t *all = reinterpret_cast<const uint8_t *>(alls.data());
 	RR->node->dataStoreDelete("peers.save");
@@ -76,6 +96,20 @@ Topology::Topology(const RuntimeEnvironment *renv) :
 	}
 
 	clean(RR->node->now());
+
+	for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
+		if (r->identity == RR->identity)
+			_amRoot = true;
+		_rootAddresses.push_back(r->identity.address());
+		SharedPtr<Peer> *rp = _peers.get(r->identity.address());
+		if (rp) {
+			_rootPeers.push_back(*rp);
+		} else if (r->identity.address() != RR->identity.address()) {
+			SharedPtr<Peer> newrp(new Peer(RR->identity,r->identity));
+			_peers.set(r->identity.address(),newrp);
+			_rootPeers.push_back(newrp);
+		}
+	}
 }
 
 Topology::~Topology()
@@ -103,55 +137,6 @@ Topology::~Topology()
 	RR->node->dataStorePut("peers.save",all,true);
 }
 
-void Topology::setRootServers(const std::map< Identity,std::vector<InetAddress> > &sn)
-{
-	Mutex::Lock _l(_lock);
-
-	if (_roots == sn)
-		return; // no change
-
-	_roots = sn;
-	_rootAddresses.clear();
-	_rootPeers.clear();
-	const uint64_t now = RR->node->now();
-
-	for(std::map< Identity,std::vector<InetAddress> >::const_iterator i(sn.begin());i!=sn.end();++i) {
-		if (i->first != RR->identity) { // do not add self as a peer
-			SharedPtr<Peer> &p = _peers[i->first.address()];
-			if (!p)
-				p = SharedPtr<Peer>(new Peer(RR->identity,i->first));
-			for(std::vector<InetAddress>::const_iterator j(i->second.begin());j!=i->second.end();++j)
-				p->addPath(RemotePath(InetAddress(),*j,true),now);
-			p->use(now);
-			_rootPeers.push_back(p);
-		}
-		_rootAddresses.push_back(i->first.address());
-	}
-
-	std::sort(_rootAddresses.begin(),_rootAddresses.end());
-
-	_amRoot = (_roots.find(RR->identity) != _roots.end());
-}
-
-void Topology::setRootServers(const Dictionary &sn)
-{
-	std::map< Identity,std::vector<InetAddress> > m;
-	for(Dictionary::const_iterator d(sn.begin());d!=sn.end();++d) {
-		if ((d->first.length() == ZT_ADDRESS_LENGTH_HEX)&&(d->second.length() > 0)) {
-			try {
-				Dictionary snspec(d->second);
-				std::vector<InetAddress> &a = m[Identity(snspec.get("id",""))];
-				std::string udp(snspec.get("udp",std::string()));
-				if (udp.length() > 0)
-					a.push_back(InetAddress(udp));
-			} catch ( ... ) {
-				TRACE("root server list contained invalid entry for: %s",d->first.c_str());
-			}
-		}
-	}
-	this->setRootServers(m);
-}
-
 SharedPtr<Peer> Topology::addPeer(const SharedPtr<Peer> &peer)
 {
 	if (peer->address() == RR->identity.address()) {
@@ -298,13 +283,6 @@ keep_searching_for_roots:
 	return bestRoot;
 }
 
-bool Topology::isRoot(const Identity &id) const
-	throw()
-{
-	Mutex::Lock _l(_lock);
-	return (_roots.count(id) != 0);
-}
-
 void Topology::clean(uint64_t now)
 {
 	Mutex::Lock _l(_lock);
@@ -320,24 +298,6 @@ void Topology::clean(uint64_t now)
 	}
 }
 
-bool Topology::authenticateRootTopology(const Dictionary &rt)
-{
-	try {
-		std::string signer(rt.signingIdentity());
-		if (!signer.length())
-			return false;
-		Identity signerId(signer);
-		std::map< Address,Identity >::const_iterator authority(ZT_DEFAULTS.rootTopologyAuthorities.find(signerId.address()));
-		if (authority == ZT_DEFAULTS.rootTopologyAuthorities.end())
-			return false;
-		if (signerId != authority->second)
-			return false;
-		return rt.verify(authority->second);
-	} catch ( ... ) {
-		return false;
-	}
-}
-
 Identity Topology::_getIdentity(const Address &zta)
 {
 	char p[128];
diff --git a/node/Topology.hpp b/node/Topology.hpp
index 4df545e1..ed8f3d86 100644
--- a/node/Topology.hpp
+++ b/node/Topology.hpp
@@ -43,8 +43,8 @@
 #include "Peer.hpp"
 #include "Mutex.hpp"
 #include "InetAddress.hpp"
-#include "Dictionary.hpp"
 #include "Hashtable.hpp"
+#include "World.hpp"
 
 namespace ZeroTier {
 
@@ -60,21 +60,6 @@ public:
 	~Topology();
 
 	/**
-	 * @param sn Root server identities and addresses
-	 */
-	void setRootServers(const std::map< Identity,std::vector<InetAddress> > &sn);
-
-	/**
-	 * Set up root servers for this network
-	 *
-	 * This performs no signature verification of any kind. The caller must
-	 * check the signature of the root topology dictionary first.
-	 *
-	 * @param sn 'rootservers' key from root-topology Dictionary (deserialized as Dictionary)
-	 */
-	void setRootServers(const Dictionary &sn);
-
-	/**
 	 * Add a peer to database
 	 *
 	 * This will not replace existing peers. In that case the existing peer
@@ -128,10 +113,20 @@ public:
 
 	/**
 	 * @param id Identity to check
-	 * @return True if this is a designated root server
+	 * @return True if this is a designated root server in this world
 	 */
-	bool isRoot(const Identity &id) const
-		throw();
+	inline bool isRoot(const Identity &id) const
+	{
+		Mutex::Lock _l(_lock);
+		if (std::find(_rootAddresses.begin(),_rootAddresses.end(),id.address()) != _rootAddresses.end()) {
+			// Double check full identity for security reasons
+			for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
+				if (id == r->identity)
+					return true;
+			}
+		}
+		return false;
+	}
 
 	/**
 	 * @return Vector of root server addresses
@@ -143,6 +138,15 @@ public:
 	}
 
 	/**
+	 * @return Current World (copy)
+	 */
+	inline World world() const
+	{
+		Mutex::Lock _l(_lock);
+		return _world;
+	}
+
+	/**
 	 * Clean and flush database
 	 */
 	void clean(uint64_t now);
@@ -180,28 +184,19 @@ public:
 		return _peers.entries();
 	}
 
-	/**
-	 * Validate a root topology dictionary against the identities specified in Defaults
-	 *
-	 * @param rt Root topology dictionary
-	 * @return True if dictionary signature is valid
-	 */
-	static bool authenticateRootTopology(const Dictionary &rt);
-
 private:
 	Identity _getIdentity(const Address &zta);
 	void _saveIdentity(const Identity &id);
 
 	const RuntimeEnvironment *RR;
 
+	World _world;
 	Hashtable< Address,SharedPtr<Peer> > _peers;
-	std::map< Identity,std::vector<InetAddress> > _roots;
 	std::vector< Address > _rootAddresses;
 	std::vector< SharedPtr<Peer> > _rootPeers;
+	bool _amRoot;
 
 	Mutex _lock;
-
-	bool _amRoot;
 };
 
 } // namespace ZeroTier
diff --git a/node/World.hpp b/node/World.hpp
new file mode 100644
index 00000000..0d26021f
--- /dev/null
+++ b/node/World.hpp
@@ -0,0 +1,221 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_WORLD_HPP
+#define ZT_WORLD_HPP
+
+#include <vector>
+#include <string>
+
+#include "Constants.hpp"
+#include "InetAddress.hpp"
+#include "Identity.hpp"
+#include "Buffer.hpp"
+#include "C25519.hpp"
+
+/**
+ * Maximum number of roots (sanity limit, okay to increase)
+ *
+ * A given root can (through multi-homing) be distributed across any number of
+ * physical endpoints, but having more than one is good to permit total failure
+ * of one root or its withdrawal due to compromise without taking the whole net
+ * down.
+ */
+#define ZT_WORLD_MAX_ROOTS 4
+
+/**
+ * Maximum number of stable endpoints per root (sanity limit, okay to increase)
+ */
+#define ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT 32
+
+/**
+ * The (more than) maximum length of a serialized World
+ */
+#define ZT_WORLD_MAX_SERIALIZED_LENGTH (((1024 + (32 * ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT)) * ZT_WORLD_MAX_ROOTS) + ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_SIGNATURE_LEN + 64)
+
+/**
+ * World ID indicating null / empty World object
+ */
+#define ZT_WORLD_ID_NULL 0
+
+/**
+ * World ID for a test network with ephemeral or temporary roots
+ */
+#define ZT_WORLD_ID_TESTNET 1
+
+/**
+ * World ID for Earth -- its approximate distance from the sun in kilometers
+ *
+ * This is the ID for the ZeroTier World used on planet Earth. It is unrelated
+ * to the public network 8056c2e21c000001 of the same name.
+ *
+ * It's advisable to create a new World for network regions spaced more than
+ * 2-3 light seconds, since RTT times in excess of 5s are problematic for some
+ * protocols. Earth could therefore include its low and high orbits, the Moon,
+ * and nearby Lagrange points.
+ */
+#define ZT_WORLD_ID_EARTH 149604618
+
+/**
+ * World ID for Mars -- for future use by SpaceX or others
+ */
+#define ZT_WORLD_ID_MARS 227883110
+
+namespace ZeroTier {
+
+/**
+ * A world definition (formerly known as a root topology)
+ *
+ * A world consists of a set of root servers and a signature scheme enabling
+ * it to be updated going forward. It defines a single ZeroTier VL1 network
+ * area within which any device can reach any other.
+ */
+class World
+{
+public:
+	struct Root
+	{
+		Identity identity;
+		std::vector<InetAddress> stableEndpoints;
+
+		inline bool operator==(const Root &r) const throw() { return ((identity == r.identity)&&(stableEndpoints == r.stableEndpoints)); }
+		inline bool operator!=(const Root &r) const throw() { return (!(*this == r)); }
+		inline bool operator<(const Root &r) const throw() { return (identity < r.identity); } // for sorting
+	};
+
+	/**
+	 * Construct an empty / null World
+	 */
+	World() :
+		_id(ZT_WORLD_ID_NULL),
+		_ts(0) {}
+
+	/**
+	 * @return Root servers for this world and their stable endpoints
+	 */
+	inline const std::vector<World::Root> &roots() const throw() { return _roots; }
+
+	/**
+	 * @return World unique identifier
+	 */
+	inline uint64_t id() const throw() { return _id; }
+
+	/**
+	 * @return World definition timestamp
+	 */
+	inline uint64_t timestamp() const throw() { return _ts; }
+
+	/**
+	 * Verify a world update
+	 *
+	 * A new world update is valid if it is for the same world ID, is newer,
+	 * and is signed by the current world's signing key. If this world object
+	 * is null, it can always be updated.
+	 *
+	 * @param update Candidate update
+	 * @return True if update is newer than current and is properly signed
+	 */
+	inline bool verifyUpdate(const World &update)
+	{
+		if (_id == ZT_WORLD_ID_NULL)
+			return true;
+		if ((update._id != _id)||(update._ts <= _ts))
+			return false;
+		Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> tmp;
+		update.serialize(tmp);
+		return C25519::verify(_updateSigningKey,tmp.data(),tmp.size(),update._signature);
+	}
+
+	/**
+	 * @return True if this World is non-empty
+	 */
+	inline operator bool() const throw() { return (_id != ZT_WORLD_ID_NULL); }
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b) const
+	{
+		b.append((uint8_t)0x01); // version -- only one valid value for now
+		b.append((uint64_t)_id);
+		b.append((uint64_t)_ts);
+		b.append(_updateSigningKey.data,ZT_C25519_PUBLIC_KEY_LEN);
+		b.append(_signature.data,ZT_C25519_SIGNATURE_LEN);
+		b.append((uint8_t)_roots.size());
+		for(std::vector<Root>::const_iterator r(_roots.begin());r!=_roots.end();++r) {
+			r->identity.serialize(b);
+			b.append((uint8_t)r->stableEndpoints.size());
+			for(std::vector<InetAddress>::const_iterator ep(r->stableEndpoints.begin());ep!=r->stableEndpoints.end();++ep)
+				ep->serialize(b);
+		}
+	}
+
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		unsigned int p = startAt;
+
+		_roots.clear();
+
+		if (b[p++] != 0x01)
+			throw std::invalid_argument("invalid World serialized version");
+
+		_id = b.template at<uint64_t>(p); p += 8;
+		_ts = b.template at<uint64_t>(p); p += 8;
+		memcpy(_updateSigningKey.data,b.field(p,ZT_C25519_PUBLIC_KEY_LEN),ZT_C25519_PUBLIC_KEY_LEN); p += ZT_C25519_PUBLIC_KEY_LEN;
+		memcpy(_signature.data,b.field(p,ZT_C25519_SIGNATURE_LEN),ZT_C25519_SIGNATURE_LEN); p += ZT_C25519_SIGNATURE_LEN;
+		unsigned int numRoots = b[p++];
+		if (numRoots > ZT_WORLD_MAX_ROOTS)
+			throw std::invalid_argument("too many roots in World");
+		for(unsigned int k=0;k<numRoots;++k) {
+			_roots.push_back(Root());
+			Root &r = _roots.back();
+			p += r.identity.deserialize(b,p);
+			unsigned int numStableEndpoints = b[p++];
+			if (numStableEndpoints > ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT)
+				throw std::invalid_argument("too many stable endpoints in World/Root");
+			for(unsigned int kk=0;kk<numStableEndpoints;++kk) {
+				r.stableEndpoints.push_back(InetAddress());
+				p += r.stableEndpoints.back().deserialize(b,p);
+			}
+		}
+
+		return (p - startAt);
+	}
+
+	inline bool operator==(const World &w) const throw() { return ((_id == w._id)&&(_ts == w._ts)&&(_roots == w._roots)); }
+	inline bool operator!=(const World &w) const throw() { return (!(*this == w)); }
+
+protected:
+	uint64_t _id;
+	uint64_t _ts;
+	C25519::Public _updateSigningKey;
+	C25519::Signature _signature;
+	std::vector<Root> _roots;
+};
+
+} // namespace ZeroTier
+
+#endif