ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-19 04:57:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Also need to send credentials when TEEing and REDIRECTing.

Browse Source
This commit is contained in:
Adam Ierymenko 2016-08-31 17:56:59 -07:00
parent 994b25af4e
commit 25056de5d3
2 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
node/Membership.hpp
View File

@ -124,7 +124,7 @@ public:
* *
* @param RR Runtime environment * @param RR Runtime environment
* @param now Current time * @param now Current time
* @param peerAddress Address of member peer * @param peerAddress Address of member peer (the one that this Membership describes)
* @param nconf My network config * @param nconf My network config
* @param cap Capability to send or 0 if none * @param cap Capability to send or 0 if none
*/ */

31
node/Network.cpp
View File

@ -663,10 +663,16 @@ bool Network::filterOutgoingPacket(
case DOZTFILTER_NO_MATCH: case DOZTFILTER_NO_MATCH:
case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern
break; break;
case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter() case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
case DOZTFILTER_ACCEPT: case DOZTFILTER_ACCEPT:
case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side
relevantCap = &(_config.capabilities[c]);
accept = true;
if ((!noTee)&&(cc2)) { if ((!noTee)&&(cc2)) {
_memberships[cc2].sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,relevantCap);
Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02
@ -677,8 +683,7 @@ bool Network::filterOutgoingPacket(
outp.compress(); outp.compress();
RR->sw->send(outp,true); RR->sw->send(outp,true);
} }
relevantCap = &(_config.capabilities[c]);
accept = true;
break; break;
} }
if (accept) if (accept)
@ -697,10 +702,9 @@ bool Network::filterOutgoingPacket(
} }
if (accept) { if (accept) {
if (ztDest2)
m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap);
if ((!noTee)&&(cc)) { if ((!noTee)&&(cc)) {
_memberships[cc].sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,relevantCap);
Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02
@ -712,7 +716,9 @@ bool Network::filterOutgoingPacket(
RR->sw->send(outp,true); RR->sw->send(outp,true);
} }
if (ztDest != ztDest2) { if ((ztDest != ztDest2)&&(ztDest2)) {
_memberships[ztDest2].sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap);
Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02
@ -722,7 +728,10 @@ bool Network::filterOutgoingPacket(
outp.append(frameData,frameLen); outp.append(frameData,frameLen);
outp.compress(); outp.compress();
RR->sw->send(outp,true); RR->sw->send(outp,true);
return false; // DROP locally, since we redirected return false; // DROP locally, since we redirected
} else if (ztDest) {
m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config,relevantCap);
} }
} }
@ -772,8 +781,11 @@ int Network::filterIncomingPacket(
accept = 2; // super-ACCEPT accept = 2; // super-ACCEPT
break; break;
} }
if (accept) { if (accept) {
if (cc2) { if (cc2) {
_memberships[cc2].sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,(const Capability *)0);
Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06
@ -803,6 +815,8 @@ int Network::filterIncomingPacket(
if (accept) { if (accept) {
if (cc) { if (cc) {
_memberships[cc].sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,(const Capability *)0);
Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06
@ -814,7 +828,9 @@ int Network::filterIncomingPacket(
RR->sw->send(outp,true); RR->sw->send(outp,true);
} }
if (ztDest != ztDest2) { if ((ztDest != ztDest2)&&(ztDest2)) {
_memberships[ztDest2].sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,(const Capability *)0);
Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(_id); outp.append(_id);
outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06
@ -824,6 +840,7 @@ int Network::filterIncomingPacket(
outp.append(frameData,frameLen); outp.append(frameData,frameLen);
outp.compress(); outp.compress();
RR->sw->send(outp,true); RR->sw->send(outp,true);
return 0; // DROP locally, since we redirected return 0; // DROP locally, since we redirected
} }
} }