void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-05 03:53:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change logic a little for self-as-destination in TEE and REDIRECT.

Browse source
This commit is contained in:
Adam Ierymenko 2016-08-26 15:28:31 -07:00
parent a5383d83d8
commit e7dff1c785
1 changed files with 25 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
node/Network.cpp
View file

@ -166,25 +166,35 @@ static int _doZtFilter(
case ZT_NETWORK_RULE_ACTION_TEE: case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_REDIRECT: { case ZT_NETWORK_RULE_ACTION_REDIRECT: {
const Address fwdAddr(rules[rn].v.fwd.address); const Address fwdAddr(rules[rn].v.fwd.address);
if ((!noRedirect)&&(fwdAddr != RR->identity.address())) { if (fwdAddr == RR->identity.address()) {
Packet outp(fwdAddr,RR->identity.address(),Packet::VERB_EXT_FRAME); // If we are the TEE or REDIRECT destination, don't TEE or REDIRECT
outp.append(nconf.networkId); // to self. We should also accept here instead of interpreting
outp.append((uint8_t)( ((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02) | (inbound ? 0x08 : 0x00) )); // REDIRECT as DROP since we are the destination.
macDest.appendTo(outp);
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData,(rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen);
outp.compress();
RR->sw->send(outp,true);
}
if (rt == ZT_NETWORK_RULE_ACTION_REDIRECT) {
return -1; // match, drop packet (we redirected it)
} else {
#ifdef ZT_RULES_ENGINE_DEBUGGING #ifdef ZT_RULES_ENGINE_DEBUGGING
dlog.clear(); dlog.clear();
#endif // ZT_RULES_ENGINE_DEBUGGING #endif // ZT_RULES_ENGINE_DEBUGGING
thisSetMatches = 1; // TEE does not terminate evaluation thisSetMatches = 1; // TEE does not terminate evaluation
} else {
if (!noRedirect) {
Packet outp(fwdAddr,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(nconf.networkId);
outp.append((uint8_t)( ((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02) | (inbound ? 0x08 : 0x00) ));
macDest.appendTo(outp);
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData,(rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen);
outp.compress();
RR->sw->send(outp,true);
}
if (rt == ZT_NETWORK_RULE_ACTION_REDIRECT) {
return -1; // match, drop packet (we redirected it)
} else {
#ifdef ZT_RULES_ENGINE_DEBUGGING
dlog.clear();
#endif // ZT_RULES_ENGINE_DEBUGGING
thisSetMatches = 1; // TEE does not terminate evaluation
}
} }
} continue; } continue;
case ZT_NETWORK_RULE_ACTION_DEBUG_LOG: case ZT_NETWORK_RULE_ACTION_DEBUG_LOG: