Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Integrate Filter into OutboundMulticast properly.

Adam Ierymenko 9 years ago
parent
8a7753cfe3
commit
37d139177d
4 changed files with 76 additions and 13 deletions
Unified View Show Diff Stats
  1. 0 2
      node/Filter.hpp
  2. 56 0
      node/Network.hpp
  3. 15 11
      node/OutboundMulticast.cpp
  4. 5 0
      node/OutboundMulticast.hpp

+ 0 - 2
node/Filter.hpp
View File 

@@ -21,8 +21,6 @@
 
 
 
 #include <stdint.h>
 
 #include <stdint.h>
 
 
 
-#include <vector>
 
-
 
 #include "Constants.hpp"
 
 #include "Constants.hpp"
 
 #include "../include/ZeroTierOne.h"
 
 #include "../include/ZeroTierOne.h"
 
 #include "Address.hpp"
 
 #include "Address.hpp"

+ 56 - 0
node/Network.hpp
View File 

@@ -77,6 +77,62 @@ public:
 
 
 
 	~Network();
 
 	~Network();
 
 
 
+	/**
 
+	 * Apply filters to an outgoing packet
 
+	 *
 
+	 * This applies filters from our network config and, if that doesn't match,
 
+	 * our capabilities in ascending order of capability ID. If there is a match
 
+	 * certain actions may be taken such as pushing credentials to ztDest and
 
+	 * sending a copy of the packet to a TEE or REDIRECT target.
 
+	 *
 
+	 * @param ztSource Source ZeroTier address
 
+	 * @param ztDest Destination ZeroTier address
 
+	 * @param macSource Ethernet layer source address
 
+	 * @param macDest Ethernet layer destination address
 
+	 * @param frameData Ethernet frame data
 
+	 * @param frameLen Ethernet frame payload length
 
+	 * @param etherType 16-bit ethernet type ID
 
+	 * @param vlanId 16-bit VLAN ID
 
+	 * @return True if packet should be sent to destination peer
 
+	 */
 
+	bool filterOutgoingPacket(
 
+		const Address &ztSource,
 
+		const Address &ztDest,
 
+		const MAC &macSource,
 
+		const MAC &macDest,
 
+		const uint8_t *frameData,
 
+		const unsigned int frameLen,
 
+		const unsigned int etherType,
 
+		const unsigned int vlanId);
 
+
 
+	/**
 
+	 * Apply filters to an incoming packet
 
+	 *
 
+	 * This applies filters from our network config and, if that doesn't match,
 
+	 * the peer's capabilities in ascending order of capability ID. If there is
 
+	 * a match certain actions may be taken such as sending a copy of the packet
 
+	 * to a TEE or REDIRECT target.
 
+	 *
 
+	 * @param ztSource Source Peer (to save an extra lookup)
 
+	 * @param ztDest Destination ZeroTier address
 
+	 * @param macSource Ethernet layer source address
 
+	 * @param macDest Ethernet layer destination address
 
+	 * @param frameData Ethernet frame data
 
+	 * @param frameLen Ethernet frame payload length
 
+	 * @param etherType 16-bit ethernet type ID
 
+	 * @param vlanId 16-bit VLAN ID
 
+	 * @return True if packet should be accepted locally
 
+	 */
 
+	bool filterIncomingPacket(
 
+		const SharedPtr<Peer> &ztSource,
 
+		const Address &ztDest,
 
+		const MAC &macSource,
 
+		const MAC &macDest,
 
+		const uint8_t *frameData,
 
+		const unsigned int frameLen,
 
+		const unsigned int etherType,
 
+		const unsigned int vlanId);
 
+
 
 	/**
 
 	/**
 
 	 * @return Network ID
 
 	 * @return Network ID
 
 	 */
 
 	 */

+ 15 - 11
node/OutboundMulticast.cpp
View File 

@@ -41,7 +41,13 @@ void OutboundMulticast::init(
 
 {
 
 {
 
 	_timestamp = timestamp;
 
 	_timestamp = timestamp;
 
 	_nwid = nwid;
 
 	_nwid = nwid;
 
+	if (src)
 
+		_macSrc = src;
 
+	else _macSrc.fromAddress(RR->identity.address(),nwid);
 
+	_macDest = dest.mac();
 
 	_limit = limit;
 
 	_limit = limit;
 
+	_frameLen = (len < ZT_MAX_MTU) ? len : ZT_MAX_MTU;
 
+	_etherType = etherType;
 
 
 
 	uint8_t flags = 0;
 
 	uint8_t flags = 0;
 
 	if (gatherLimit) flags |= 0x02;
 
 	if (gatherLimit) flags |= 0x02;
 
@@ -68,23 +74,21 @@ void OutboundMulticast::init(
 
 	dest.mac().appendTo(_packet);
 
 	dest.mac().appendTo(_packet);
 
 	_packet.append((uint32_t)dest.adi());
 
 	_packet.append((uint32_t)dest.adi());
 
 	_packet.append((uint16_t)etherType);
 
 	_packet.append((uint16_t)etherType);
 
-	_packet.append(payload,len);
 
+	_packet.append(payload,_frameLen);
 
 	_packet.compress();
 
 	_packet.compress();
 
+
 
+	memcpy(_frameData,payload,_frameLen);
 
 }
 
 }
 
 
 
 void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
 
 void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
 
 {
 
 {
 
-	// TODO: apply Filter
 
-
 
-	SharedPtr<Peer> peer(RR->topology->getPeer(toAddr));
 
-	if (peer) {
 
-		// TODO: push creds if needed
 
+	const SharedPtr<Network> nw(RR->node->network(_nwid));
 
+	if ((nw)&&(nw->filterOutgoingPacket(RR->identity.address(),toAddr,_macSrc,_macDest,_frameData,_frameLen,_etherType,0))) {
 
+		//TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str());
 
+		_packet.newInitializationVector();
 
+		_packet.setDestination(toAddr);
 
+		RR->sw->send(_packet,true,_nwid);
 
 	}
 
 	}
 
-
 
-	//TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str());
 
-	_packet.newInitializationVector();
 
-	_packet.setDestination(toAddr);
 
-	RR->sw->send(_packet,true,_nwid);
 
 }
 
 }
 
 
 
 } // namespace ZeroTier
 
 } // namespace ZeroTier

+ 5 - 0
node/OutboundMulticast.hpp
View File 

@@ -133,9 +133,14 @@ public:
 
 private:
 
 private:
 
 	uint64_t _timestamp;
 
 	uint64_t _timestamp;
 
 	uint64_t _nwid;
 
 	uint64_t _nwid;
 
+	MAC _macSrc;
 
+	MAC _macDest;
 
 	unsigned int _limit;
 
 	unsigned int _limit;
 
+	unsigned int _frameLen;
 
+	unsigned int _etherType;
 
 	Packet _packet;
 
 	Packet _packet;
 
 	std::vector<Address> _alreadySentTo;
 
 	std::vector<Address> _alreadySentTo;
 
+	uint8_t _frameData[ZT_MAX_MTU];
 
 };
 
 };
 
 
 
 } // namespace ZeroTier
 
 } // namespace ZeroTier