void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Integrate Filter into OutboundMulticast properly.

Browse source
This commit is contained in:
Adam Ierymenko 2016-08-04 13:01:14 -07:00
parent 8a7753cfe3
commit 37d139177d
4 changed files with 76 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
node/Filter.hpp
View file

@ -21,8 +21,6 @@
#include <stdint.h> #include <stdint.h>
#include <vector>
#include "Constants.hpp" #include "Constants.hpp"
#include "../include/ZeroTierOne.h" #include "../include/ZeroTierOne.h"
#include "Address.hpp" #include "Address.hpp"

56
node/Network.hpp
View file

@ -77,6 +77,62 @@ public:
~Network(); ~Network();
/**
* Apply filters to an outgoing packet
*
* This applies filters from our network config and, if that doesn't match,
* our capabilities in ascending order of capability ID. If there is a match
* certain actions may be taken such as pushing credentials to ztDest and
* sending a copy of the packet to a TEE or REDIRECT target.
*
* @param ztSource Source ZeroTier address
* @param ztDest Destination ZeroTier address
* @param macSource Ethernet layer source address
* @param macDest Ethernet layer destination address
* @param frameData Ethernet frame data
* @param frameLen Ethernet frame payload length
* @param etherType 16-bit ethernet type ID
* @param vlanId 16-bit VLAN ID
* @return True if packet should be sent to destination peer
*/
bool filterOutgoingPacket(
const Address &ztSource,
const Address &ztDest,
const MAC &macSource,
const MAC &macDest,
const uint8_t *frameData,
const unsigned int frameLen,
const unsigned int etherType,
const unsigned int vlanId);
/**
* Apply filters to an incoming packet
*
* This applies filters from our network config and, if that doesn't match,
* the peer's capabilities in ascending order of capability ID. If there is
* a match certain actions may be taken such as sending a copy of the packet
* to a TEE or REDIRECT target.
*
* @param ztSource Source Peer (to save an extra lookup)
* @param ztDest Destination ZeroTier address
* @param macSource Ethernet layer source address
* @param macDest Ethernet layer destination address
* @param frameData Ethernet frame data
* @param frameLen Ethernet frame payload length
* @param etherType 16-bit ethernet type ID
* @param vlanId 16-bit VLAN ID
* @return True if packet should be accepted locally
*/
bool filterIncomingPacket(
const SharedPtr<Peer> &ztSource,
const Address &ztDest,
const MAC &macSource,
const MAC &macDest,
const uint8_t *frameData,
const unsigned int frameLen,
const unsigned int etherType,
const unsigned int vlanId);
/** /**
* @return Network ID * @return Network ID
*/ */

26
node/OutboundMulticast.cpp
View file

@ -41,7 +41,13 @@ void OutboundMulticast::init(
{ {
_timestamp = timestamp; _timestamp = timestamp;
_nwid = nwid; _nwid = nwid;
if (src)
_macSrc = src;
else _macSrc.fromAddress(RR->identity.address(),nwid);
_macDest = dest.mac();
_limit = limit; _limit = limit;
_frameLen = (len < ZT_MAX_MTU) ? len : ZT_MAX_MTU;
_etherType = etherType;
uint8_t flags = 0; uint8_t flags = 0;
if (gatherLimit) flags |= 0x02; if (gatherLimit) flags |= 0x02;
@ -68,23 +74,21 @@ void OutboundMulticast::init(
dest.mac().appendTo(_packet); dest.mac().appendTo(_packet);
_packet.append((uint32_t)dest.adi()); _packet.append((uint32_t)dest.adi());
_packet.append((uint16_t)etherType); _packet.append((uint16_t)etherType);
_packet.append(payload,len); _packet.append(payload,_frameLen);
_packet.compress(); _packet.compress();
memcpy(_frameData,payload,_frameLen);
} }
void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr) void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
{ {
// TODO: apply Filter const SharedPtr<Network> nw(RR->node->network(_nwid));
if ((nw)&&(nw->filterOutgoingPacket(RR->identity.address(),toAddr,_macSrc,_macDest,_frameData,_frameLen,_etherType,0))) {
SharedPtr<Peer> peer(RR->topology->getPeer(toAddr)); //TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str());
if (peer) { _packet.newInitializationVector();
// TODO: push creds if needed _packet.setDestination(toAddr);
RR->sw->send(_packet,true,_nwid);
} }
//TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str());
_packet.newInitializationVector();
_packet.setDestination(toAddr);
RR->sw->send(_packet,true,_nwid);
} }
} // namespace ZeroTier } // namespace ZeroTier

5
node/OutboundMulticast.hpp
View file

@ -133,9 +133,14 @@ public:
private: private:
uint64_t _timestamp; uint64_t _timestamp;
uint64_t _nwid; uint64_t _nwid;
MAC _macSrc;
MAC _macDest;
unsigned int _limit; unsigned int _limit;
unsigned int _frameLen;
unsigned int _etherType;
Packet _packet; Packet _packet;
std::vector<Address> _alreadySentTo; std::vector<Address> _alreadySentTo;
uint8_t _frameData[ZT_MAX_MTU];
}; };
} // namespace ZeroTier } // namespace ZeroTier