More filter work.

node/Defaults.cpp

@@ -66,16 +66,11 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap()
 	return sn;
 }
 
-static inline Filter _mkDefaultNodeFilter()
-{
-}
-
 Defaults::Defaults()
 	throw(std::runtime_error) :
 	supernodes(_mkSupernodeMap()),
 	configUrlPrefix("http://api.zerotier.com/one/nc/"),
-	configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj"),
-	defaultNodeFilter(_mkDefaultNodeFilter())
+	configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj")
 {
 }
 

node/Defaults.hpp

@@ -34,7 +34,6 @@
 #include <map>
 #include "Identity.hpp"
 #include "InetAddress.hpp"
-#include "Filter.hpp"
 
 namespace ZeroTier {
 
@@ -66,11 +65,6 @@ public:
 	 * Identity used to encrypt and authenticate configuration from URL
 	 */
 	const std::string configAuthority;
-
-	/**
-	 * Default node filter for this platform
-	 */
-	const Filter defaultNodeFilter;
 };
 
 extern const Defaults ZT_DEFAULTS;

node/Filter.cpp

@@ -38,6 +38,7 @@
 namespace ZeroTier {
 
 const char *const Filter::UNKNOWN_NAME = "(unknown)";
+const Range<unsigned int> Filter::ANY;
 
 bool Filter::Rule::operator()(unsigned int etype,const void *data,unsigned int len) const
 	throw(std::invalid_argument)
@@ -338,19 +339,23 @@ Filter::Action Filter::operator()(const RuntimeEnvironment *_r,unsigned int ethe
 {
 	Mutex::Lock _l(_chain_m);
 
+	TRACE("starting match against %d rules",(int)_chain.size());
+
 	int ruleNo = 0;
 	for(std::vector<Entry>::const_iterator r(_chain.begin());r!=_chain.end();++r,++ruleNo) {
 		try {
 			if (r->rule(etherType,frame,len)) {
+				TRACE("match: %s",r->rule.toString().c_str());
+
 				switch(r->action) {
 					case ACTION_ALLOW:
 					case ACTION_DENY:
 						return r->action;
-					case ACTION_LOG:
-						break;
 					default:
 						break;
 				}
+			} else {
+				TRACE("no match: %s",r->rule.toString().c_str());
 			}
 		} catch (std::invalid_argument &exc) {
 			LOG("filter: unable to parse packet on rule %s (%d): %s",r->rule.toString().c_str(),ruleNo,exc.what());

node/Filter.hpp

@@ -138,6 +138,11 @@ public:
 	 */
 	static const char *const UNKNOWN_NAME;
 
+	/**
+	 * An empty range as a more idiomatic way of specifying a wildcard match
+	 */
+	static const Range<unsigned int> ANY;
+
 	/**
 	 * A filter rule
 	 *
@@ -222,10 +227,9 @@ public:
 	 */
 	enum Action
 	{
-		ACTION_DENY = 1,
-		ACTION_ALLOW = 2,
-		ACTION_LOG = 3,
-		ACTION_UNPARSEABLE = 4
+		ACTION_DENY = 0,
+		ACTION_ALLOW = 1,
+		ACTION_UNPARSEABLE = 2
 	};
 
 	/**
@@ -329,10 +333,6 @@ public:
 	/**
 	 * Match against an Ethernet frame
 	 *
-	 * Note that ACTION_LOG rules do not terminate rule evaluation and
-	 * ACTION_LOG is never returned here as a result. It's primarily for
-	 * debugging and rule testing.
-	 *
 	 * @param _r Runtime environment
 	 * @param etherType Ethernet frame type
 	 * @param frame Ethernet frame data

node/NodeConfig.cpp

@@ -57,6 +57,14 @@ NodeConfig::~NodeConfig()
 	_autoconfigureLock.unlock();
 }
 
+void NodeConfig::whackAllTaps()
+{
+	std::vector< SharedPtr<Network> > nwlist;
+	Mutex::Lock _l(_networks_m);
+	for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n)
+		n->second->tap().whack();
+}
+
 void NodeConfig::refreshConfiguration()
 {
 	_autoconfigureLock.lock(); // unlocked when handler gets called

node/NodeConfig.hpp

@@ -81,13 +81,7 @@ public:
 	/**
 	 * Call whack() on all networks' tap devices
 	 */
-	inline void whackAllTaps()
-	{
-		std::vector< SharedPtr<Network> > nwlist;
-		Mutex::Lock _l(_networks_m);
-		for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n)
-			n->second->tap().whack();
-	}
+	void whackAllTaps();
 
 	/**
 	 * @param nwid Network ID