Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add rules compiler script.

Adam Ierymenko 8 years ago
parent
af4e79735c
commit
8b82f1c609
5 changed files with 270 additions and 0 deletions
Unified View Show Diff Stats
  1. 5 0
      rule-compiler/README.md
  2. 29 0
      rule-compiler/cli.js
  3. 40 0
      rule-compiler/examples/capabilities-and-tags.ztrules
  4. 18 0
      rule-compiler/package.json
  5. 178 0
      rule-compiler/rule-compiler.js

+ 5 - 0
rule-compiler/README.md
View File 

@@ -0,0 +1,5 @@
 
+ZeroTier Rules Compiler
 
+======
 
+
 
+This script converts ZeroTier rules in human-readable format into rules suitable for import into a ZeroTier network controller. It's the script that is used in the rules editor on [ZeroTier Central](https://my.zerotier.com/).
 
+

+ 29 - 0
rule-compiler/cli.js
View File 

@@ -0,0 +1,29 @@
 
+'use strict';
 
+
 
+var fs = require('fs');
 
+
 
+var RuleCompiler = require('./rule-compiler.js');
 
+
 
+if (process.argv.length < 3) {
 
+	console.log('Usage: node cli.js <rules script>');
 
+	process.exit(1);
 
+}
 
+
 
+var src = fs.readFileSync(process.argv[2]).toString();
 
+
 
+var rules = [];
 
+var caps = {};
 
+var tags = {};
 
+var err = RuleCompiler.compile(src,rules,caps,tags);
 
+
 
+if (err) {
 
+	console.log('ERROR parsing '+process.argv[2]+' line '+err[0]+' column '+err[1]+': '+err[2]);
 
+	process.exit(1);
 
+} else {
 
+	console.log(JSON.stringify({
 
+		rules: rules,
 
+		caps: caps,
 
+		tags: tags
 
+	},null,2));
 
+	process.exit(0);
 
+}

+ 40 - 0
rule-compiler/examples/capabilities-and-tags.ztrules
View File 

@@ -0,0 +1,40 @@
 
+# This is a default rule set that allows IPv4 and IPv6 traffic.
 
+# You can edit as needed. If your rule set gets large we recommend
 
+# cutting and pasting it somewhere to keep a backup.
 
+
 
+# Drop all Ethernet frame types that are not IPv4 or IPv6
 
+drop
 
+	not ethertype 0x0800 # IPv4
 
+	not ethertype 0x0806 # IPv4 ARP
 
+	not ethertype 0x86dd # IPv6
 
+;
 
+
 
+# Capability: outgoing SSH
 
+cap ssh
 
+	id 1000
 
+	accept
 
+		ipprotocol tcp
 
+		dport 22
 
+	;
 
+;
 
+
 
+# A tag indicating which department people belong to
 
+tag department
 
+	id 1000
 
+	enum 100 sales
 
+	enum 200 marketing
 
+	enum 300 accounting
 
+	enum 400 engineering
 
+;
 
+
 
+# Accept all traffic between members of the same department
 
+accept
 
+	tdiff department 0
 
+;
 
+
 
+# You can insert other drop, tee, etc. rules here. This rule
 
+# set ends with a blanket accept, making it permissive by
 
+# default.
 
+
 
+accept;
 
+

+ 18 - 0
rule-compiler/package.json
View File 

@@ -0,0 +1,18 @@
 
+{
 
+  "name": "zerotier-rule-compiler",
 
+  "version": "1.1.17",
 
+  "description": "ZeroTier Rule Script Compiler",
 
+  "main": "cli.js",
 
+  "scripts": {
 
+    "test": "echo \"Error: no test specified\" && exit 1"
 
+  },
 
+  "repository": {
 
+    "type": "git",
 
+    "url": "https://github.com/zerotier/ZeroTierOne/rule-compiler"
 
+  },
 
+  "keywords": [
 
+    "ZeroTier"
 
+  ],
 
+  "author": "ZeroTier, Inc. <[email protected]>",
 
+  "license": "GPL-2.0"
 
+}

File diff suppressed because it is too large
+ 178 - 0
rule-compiler/rule-compiler.js


Some files were not shown because too many files changed in this diff