3 files changed, 17 insertions, 15 deletions

diff --git a/controller/SqliteNetworkController.cpp b/controller/SqliteNetworkController.cpp
index bdf337ec..b41c7ef5 100644
--- a/controller/SqliteNetworkController.cpp
+++ b/controller/SqliteNetworkController.cpp
@@ -66,7 +66,7 @@
 
 // Drop requests for a given peer and network ID that occur more frequently
 // than this (ms).
-#define ZT_NETCONF_MIN_REQUEST_PERIOD 5000
+#define ZT_NETCONF_MIN_REQUEST_PERIOD 1000
 
 namespace ZeroTier {
 
@@ -689,7 +689,7 @@ NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(co
 		// TODO: IPv6 auto-assign once it's supported in UI
 
 		if (network.isPrivate) {
-			CertificateOfMembership com(network.revision,ZT1_CERTIFICATE_OF_MEMBERSHIP_REVISION_MAX_DELTA,nwid,identity.address());
+			CertificateOfMembership com(OSUtils::now(),ZT_NETWORK_AUTOCONF_DELAY + (ZT_NETWORK_AUTOCONF_DELAY / 2),nwid,identity.address());
 			if (com.sign(signingId)) // basically can't fail unless our identity is invalid
 				netconf[ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP] = com.toString();
 			else {
@@ -757,6 +757,8 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 					char addrs[24];
 					Utils::snprintf(addrs,sizeof(addrs),"%.10llx",address);
 
+					int64_t addToNetworkRevision = 0;
+
 					int64_t memberRowId = 0;
 					sqlite3_reset(_sGetMember);
 					sqlite3_bind_text(_sGetMember,1,nwids,16,SQLITE_STATIC);
@@ -780,6 +782,7 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 						sqlite3_reset(_sIncrementMemberRevisionCounter);
 						sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
 						sqlite3_step(_sIncrementMemberRevisionCounter);
+						addToNetworkRevision = 1;
 					}
 
 					json_value *j = json_parse(body.c_str(),body.length());
@@ -799,6 +802,7 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 										sqlite3_reset(_sIncrementMemberRevisionCounter);
 										sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
 										sqlite3_step(_sIncrementMemberRevisionCounter);
+										addToNetworkRevision = 1;
 									}
 								} else if (!strcmp(j->u.object.values[k].name,"activeBridge")) {
 									if (j->u.object.values[k].value->type == json_boolean) {
@@ -812,6 +816,7 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 										sqlite3_reset(_sIncrementMemberRevisionCounter);
 										sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
 										sqlite3_step(_sIncrementMemberRevisionCounter);
+										addToNetworkRevision = 1;
 									}
 								} else if (!strcmp(j->u.object.values[k].name,"ipAssignments")) {
 									if (j->u.object.values[k].value->type == json_array) {
@@ -855,6 +860,7 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 												}
 											}
 										}
+										addToNetworkRevision = 1;
 									}
 								}
 
@@ -863,6 +869,13 @@ unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
 						json_value_free(j);
 					}
 
+					if ((addToNetworkRevision > 0)&&(revision > 0)) {
+						sqlite3_reset(_sSetNetworkRevision);
+						sqlite3_bind_int64(_sSetNetworkRevision,1,revision + addToNetworkRevision);
+						sqlite3_bind_text(_sSetNetworkRevision,2,nwids,16,SQLITE_STATIC);
+						sqlite3_step(_sSetNetworkRevision);
+					}
+
 					return _doCPGet(path,urlArgs,headers,body,responseBody,responseContentType);
 				} // else 404
 
diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h
index 7ae524a8..dc2243f2 100644
--- a/include/ZeroTierOne.h
+++ b/include/ZeroTierOne.h
@@ -106,17 +106,6 @@ extern "C" {
 #define ZT1_MAX_PEER_NETWORK_PATHS 4
 
 /**
- * Maximum number of revisions over which a network COM can differ and still be in-horizon (agree)
- *
- * This is the default max delta for the revision field in COMs issued
- * by network controllers, and is defined here for documentation purposes.
- * When a network is changed so as to de-authorize a member, its revision
- * should be incremented by this number. Otherwise all other changes that
- * materially affect the network should result in increment by one.
- */
-#define ZT1_CERTIFICATE_OF_MEMBERSHIP_REVISION_MAX_DELTA 16
-
-/**
  * Feature flag: ZeroTier One was built to be thread-safe -- concurrent processXXX() calls are okay
  */
 #define ZT1_FEATURE_FLAG_THREAD_SAFE 0x00000001
diff --git a/node/Constants.hpp b/node/Constants.hpp
index d15fef13..c192381c 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -158,7 +158,7 @@
 
 /**
  * Maximum number of packet fragments we'll support
- * 
+ *
  * The actual spec allows 16, but this is the most we'll support right
  * now. Packets with more than this many fragments are dropped.
  */
@@ -216,7 +216,7 @@
 
 /**
  * Maximum number of ZT hops allowed (this is not IP hops/TTL)
- * 
+ *
  * The protocol allows up to 7, but we limit it to something smaller.
  */
 #define ZT_RELAY_MAX_HOPS 3