Bridging in NetworkConfig - GitHub Issue #68

netconf-service/index.js

@@ -42,6 +42,8 @@ var ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC = "v4s";
 var ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC = "v6s";
 var ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP = "com";
 var ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST = "eb";
+var ZT_NETWORKCONFIG_DICT_KEY_BRIDGING_MODE = "br";
+var ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES = "ab";
 
 // Path to zerotier-idtool binary, invoked to enerate certificates of membership
 var ZEROTIER_IDTOOL = '/usr/local/bin/zerotier-idtool';

node/Constants.hpp

@@ -108,6 +108,11 @@ error_no_byte_order_defined;
  */
 #define ZT_ADDRESS_LENGTH 5
 
+/**
+ * Length of a hexadecimal ZeroTier address
+ */
+#define ZT_ADDRESS_LENGTH_HEX 10
+
 /**
  * Addresses beginning with this byte are reserved for the joy of in-band signaling
  */

node/NetworkConfig.cpp

@@ -86,6 +86,7 @@ void NetworkConfig::_fromDictionary(const Dictionary &d)
 	_issuedTo = Address(d.get(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO));
 	_multicastPrefixBits = Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_PREFIX_BITS,zero).c_str());
 	_multicastDepth = Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_DEPTH,zero).c_str());
+	_bridgingMode = (BridgingMode)Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_BRIDGING_MODE,zero).c_str());
 	_private = (Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_PRIVATE,one).c_str()) != 0);
 	_enableBroadcast = (Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST,one).c_str()) != 0);
 	_name = d.get(ZT_NETWORKCONFIG_DICT_KEY_NAME);
@@ -121,6 +122,15 @@ void NetworkConfig::_fromDictionary(const Dictionary &d)
 		_staticIps.insert(addr);
 	}
 
+	std::vector<std::string> ab(Utils::split(d.get(ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES,"").c_str(),",","",""));
+	for(std::vector<std::string>::const_iterator a(ab.begin());a!=ab.end();++a) {
+		if (a->length() == ZT_ADDRESS_LENGTH_HEX) {
+			Address tmp(*a);
+			if (!tmp.isReserved())
+				_activeBridges.insert(tmp);
+		}
+	}
+
 	Dictionary mr(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_RATES,std::string()));
 	for(Dictionary::const_iterator i(mr.begin());i!=mr.end();++i) {
 		std::vector<std::string> params(Utils::split(i->second.c_str(),",","",""));

node/NetworkConfig.hpp

@@ -62,19 +62,29 @@ namespace ZeroTier {
 #define ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC "v6s"
 #define ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP "com"
 #define ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST "eb"
+#define ZT_NETWORKCONFIG_DICT_KEY_BRIDGING_MODE "br"
+#define ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES "ab"
 
 /**
  * Network configuration received from netconf master nodes
  *
- * This is designed to work as an immutable value object held in a shared
- * pointer so that it can be both updated and used without too much mutex
- * boogie.
+ * This is an immutable value object created from a dictionary received from netconf master.
  */
 class NetworkConfig
 {
 public:
 	friend class SharedPtr<NetworkConfig>;
 
+	/**
+	 * Network bridging mode
+	 */
+	enum BridgingMode
+	{
+		BRIDGING_DISABLED = 0,    // no bridging
+		BRIDGING_ACTIVE_ONLY = 1, // only active bridges may bridge
+		BRIDGING_PERMISSIVE = 2   // allow passive bridging by any peer
+	};
+
 	/**
 	 * Tuple of multicast rate parameters
 	 */
@@ -102,7 +112,7 @@ public:
 	 * @param etherType Ethernet frame type to check
 	 * @return True if allowed on this network
 	 */
-	inline bool permitsEtherType(unsigned int etherType)
+	inline bool permitsEtherType(unsigned int etherType) const
 		throw()
 	{
 		if ((!etherType)||(etherType > 0xffff)) // sanity checks
@@ -124,6 +134,7 @@ public:
 	inline const std::string &name() const throw() { return _name; }
 	inline const std::string &description() const throw() { return _description; }
 	inline const std::set<InetAddress> &staticIps() const throw() { return _staticIps; }
+	inline const std::set<Address> &activeBridges() const throw() { return _activeBridges; }
 	inline const CertificateOfMembership &com() const throw() { return _com; }
 	inline bool enableBroadcast() const throw() { return _enableBroadcast; }
 
@@ -134,7 +145,15 @@ public:
 	inline bool permitsBridging(const Address &fromPeer) const
 		throw()
 	{
-		return false; // TODO: bridging not implemented yet
+		switch(_bridgingMode) {
+			case BRIDGING_ACTIVE_ONLY:
+				return (_activeBridges.count(fromPeer) > 0);
+			case BRIDGING_PERMISSIVE:
+				return true;
+			//case BRIDGING_DISABLED:
+			default:
+				return false;
+		}
 	}
 
 	/**
@@ -156,11 +175,13 @@ private:
 	Address _issuedTo;
 	unsigned int _multicastPrefixBits;
 	unsigned int _multicastDepth;
+	BridgingMode _bridgingMode;
 	bool _private;
 	bool _enableBroadcast;
 	std::string _name;
 	std::string _description;
 	std::set<InetAddress> _staticIps;
+	std::set<Address> _activeBridges;
 	std::map<MulticastGroup,MulticastRate> _multicastRates;
 	CertificateOfMembership _com;