From 330c80f3f5958eb99b44632563dbe4dc0522120f Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 21 Jun 2016 08:09:20 -0700
Subject: [PATCH] Add rule type to match a COM field of the peer by ID and
 value because this will be powerful.

---
 include/ZeroTierOne.h  | 17 ++++++++++++++++-
 node/NetworkConfig.cpp | 11 +++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h
index d16e2a686..d46c64b8d 100644
--- a/include/ZeroTierOne.h
+++ b/include/ZeroTierOne.h
@@ -507,7 +507,17 @@ enum ZT_VirtualNetworkRuleType
 	/**
 	 * Match a range of relative TCP sequence numbers (e.g. approx first N bytes of stream)
 	 */
-	ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE = 50
+	ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE = 50,
+
+	/**
+	 * Match a certificate of network membership field from the ZT origin's COM: greater than or equal to
+	 */
+	ZT_NETWORK_RULE_MATCH_COM_FIELD_GE = 51,
+
+	/**
+	 * Match a certificate of network membership field from the ZT origin's COM: less than or equal to
+	 */
+	ZT_NETWORK_RULE_MATCH_COM_FIELD_LE = 52
 };
 
 /**
@@ -618,6 +628,11 @@ typedef struct
 		 * Ethernet packet size in host byte order (start-end, inclusive)
 		 */
 		uint16_t frameSize[2];
+
+		/**
+		 * COM ID and value for ZT_NETWORK_RULE_MATCH_COM_FIELD_GE and ZT_NETWORK_RULE_MATCH_COM_FIELD_LE
+		 */
+		uint64_t comIV[2];
 	} v;
 } ZT_VirtualNetworkRule;
 
diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp
index d906005e7..7b5318e45 100644
--- a/node/NetworkConfig.cpp
+++ b/node/NetworkConfig.cpp
@@ -250,6 +250,12 @@ bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,b
 				tmp.append((uint32_t)rules[i].v.tcpseq[0]);
 				tmp.append((uint32_t)rules[i].v.tcpseq[1]);
 				break;
+			case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE:
+			case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE:
+				tmp.append((uint8_t)16);
+				tmp.append((uint64_t)rules[i].v.comIV[0]);
+				tmp.append((uint64_t)rules[i].v.comIV[1]);
+				break;
 		}
 	}
 	if (tmp.size()) {
@@ -469,6 +475,11 @@ bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACI
 							rules[ruleCount].v.tcpseq[0] = tmp.at<uint32_t>(p);
 							rules[ruleCount].v.tcpseq[1] = tmp.at<uint32_t>(p + 4);
 							break;
+						case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE:
+						case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE:
+							rules[ruleCount].v.comIV[0] = tmp.at<uint64_t>(p);
+							rules[ruleCount].v.comIV[1] = tmp.at<uint64_t>(p + 8);
+							break;
 					}
 					p += fieldLen;
 					++ruleCount;