From 9ddc2a4331e9dfa9d5aecd1c782d31527cf6e572 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 6 Feb 2017 14:00:49 -0800 Subject: [PATCH] Add a break action to rules engine to make capabilities easier to use. --- include/ZeroTierOne.h | 4 ++-- node/Network.cpp | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h index 6c50a0a61..860343ba6 100644 --- a/include/ZeroTierOne.h +++ b/include/ZeroTierOne.h @@ -563,9 +563,9 @@ enum ZT_VirtualNetworkRuleType ZT_NETWORK_RULE_ACTION_REDIRECT = 4, /** - * Log if match and if rule debugging is enabled in the build, otherwise does nothing (for developers) + * Stop evaluating rule set (drops unless there are capabilities, etc.) */ - ZT_NETWORK_RULE_ACTION_DEBUG_LOG = 5, + ZT_NETWORK_RULE_ACTION_BREAK = 5, /** * Maximum ID for an ACTION, anything higher is a MATCH diff --git a/node/Network.cpp b/node/Network.cpp index c5855418e..778109644 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -53,7 +53,7 @@ static const char *_rtn(const ZT_VirtualNetworkRuleType rt) case ZT_NETWORK_RULE_ACTION_TEE: return "ACTION_TEE"; case ZT_NETWORK_RULE_ACTION_WATCH: return "ACTION_WATCH"; case ZT_NETWORK_RULE_ACTION_REDIRECT: return "ACTION_REDIRECT"; - case ZT_NETWORK_RULE_ACTION_DEBUG_LOG: return "ACTION_DEBUG_LOG"; + case ZT_NETWORK_RULE_ACTION_BREAK: return "ACTION_BREAK"; case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS: return "MATCH_SOURCE_ZEROTIER_ADDRESS"; case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS: return "MATCH_DEST_ZEROTIER_ADDRESS"; case ZT_NETWORK_RULE_MATCH_VLAN_ID: return "MATCH_VLAN_ID"; @@ -251,13 +251,12 @@ static _doZtFilterResult _doZtFilter( } } continue; - // This is a no-op that exists for use with rules engine tracing and isn't for use in production - case ZT_NETWORK_RULE_ACTION_DEBUG_LOG: // a no-op target specifically for debugging purposes + case ZT_NETWORK_RULE_ACTION_BREAK: #ifdef ZT_RULES_ENGINE_DEBUGGING - _dumpFilterTrace("ACTION_DEBUG_LOG",thisSetMatches,inbound,ztSource,ztDest,macSource,macDest,dlog,frameLen,etherType,(const char *)0); + _dumpFilterTrace("ACTION_BREAK",thisSetMatches,inbound,ztSource,ztDest,macSource,macDest,dlog,frameLen,etherType,(const char *)0); dlog.clear(); #endif // ZT_RULES_ENGINE_DEBUGGING - continue; + return DOZTFILTER_NO_MATCH; // Unrecognized ACTIONs are ignored as no-ops default: