ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-03-10 22:44:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

More filter work.

Browse Source
This commit is contained in:
Adam Ierymenko 2013-07-17 10:01:46 -04:00
parent 102b0865cb
commit 557cc359b3
6 changed files with 25 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
node/Defaults.cpp
View File

@ -66,16 +66,11 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap()
return sn; return sn;
} }
static inline Filter _mkDefaultNodeFilter()
{
}
Defaults::Defaults() Defaults::Defaults()
throw(std::runtime_error) : throw(std::runtime_error) :
supernodes(_mkSupernodeMap()), supernodes(_mkSupernodeMap()),
configUrlPrefix("http://api.zerotier.com/one/nc/"), configUrlPrefix("http://api.zerotier.com/one/nc/"),
configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj"), configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj")
defaultNodeFilter(_mkDefaultNodeFilter())
{ {
} }

6
node/Defaults.hpp
View File

@ -34,7 +34,6 @@
#include <map> #include <map>
#include "Identity.hpp" #include "Identity.hpp"
#include "InetAddress.hpp" #include "InetAddress.hpp"
#include "Filter.hpp"
namespace ZeroTier { namespace ZeroTier {
@ -66,11 +65,6 @@ public:
* Identity used to encrypt and authenticate configuration from URL * Identity used to encrypt and authenticate configuration from URL
*/ */
const std::string configAuthority; const std::string configAuthority;
/**
* Default node filter for this platform
*/
const Filter defaultNodeFilter;
}; };
extern const Defaults ZT_DEFAULTS; extern const Defaults ZT_DEFAULTS;

9
node/Filter.cpp
View File

@ -38,6 +38,7 @@
namespace ZeroTier { namespace ZeroTier {
const char *const Filter::UNKNOWN_NAME = "(unknown)"; const char *const Filter::UNKNOWN_NAME = "(unknown)";
const Range<unsigned int> Filter::ANY;
bool Filter::Rule::operator()(unsigned int etype,const void *data,unsigned int len) const bool Filter::Rule::operator()(unsigned int etype,const void *data,unsigned int len) const
throw(std::invalid_argument) throw(std::invalid_argument)
@ -338,19 +339,23 @@ Filter::Action Filter::operator()(const RuntimeEnvironment *_r,unsigned int ethe
{ {
Mutex::Lock _l(_chain_m); Mutex::Lock _l(_chain_m);
TRACE("starting match against %d rules",(int)_chain.size());
int ruleNo = 0; int ruleNo = 0;
for(std::vector<Entry>::const_iterator r(_chain.begin());r!=_chain.end();++r,++ruleNo) { for(std::vector<Entry>::const_iterator r(_chain.begin());r!=_chain.end();++r,++ruleNo) {
try { try {
if (r->rule(etherType,frame,len)) { if (r->rule(etherType,frame,len)) {
TRACE("match: %s",r->rule.toString().c_str());
switch(r->action) { switch(r->action) {
case ACTION_ALLOW: case ACTION_ALLOW:
case ACTION_DENY: case ACTION_DENY:
return r->action; return r->action;
case ACTION_LOG:
break;
default: default:
break; break;
} }
} else {
TRACE("no match: %s",r->rule.toString().c_str());
} }
} catch (std::invalid_argument &exc) { } catch (std::invalid_argument &exc) {
LOG("filter: unable to parse packet on rule %s (%d): %s",r->rule.toString().c_str(),ruleNo,exc.what()); LOG("filter: unable to parse packet on rule %s (%d): %s",r->rule.toString().c_str(),ruleNo,exc.what());

16
node/Filter.hpp
View File

@ -138,6 +138,11 @@ public:
*/ */
static const char *const UNKNOWN_NAME; static const char *const UNKNOWN_NAME;
/**
* An empty range as a more idiomatic way of specifying a wildcard match
*/
static const Range<unsigned int> ANY;
/** /**
* A filter rule * A filter rule
* *
@ -222,10 +227,9 @@ public:
*/ */
enum Action enum Action
{ {
ACTION_DENY = 1, ACTION_DENY = 0,
ACTION_ALLOW = 2, ACTION_ALLOW = 1,
ACTION_LOG = 3, ACTION_UNPARSEABLE = 2
ACTION_UNPARSEABLE = 4
}; };
/** /**
@ -329,10 +333,6 @@ public:
/** /**
* Match against an Ethernet frame * Match against an Ethernet frame
* *
* Note that ACTION_LOG rules do not terminate rule evaluation and
* ACTION_LOG is never returned here as a result. It's primarily for
* debugging and rule testing.
*
* @param _r Runtime environment * @param _r Runtime environment
* @param etherType Ethernet frame type * @param etherType Ethernet frame type
* @param frame Ethernet frame data * @param frame Ethernet frame data

8
node/NodeConfig.cpp
View File

@ -57,6 +57,14 @@ NodeConfig::~NodeConfig()
_autoconfigureLock.unlock(); _autoconfigureLock.unlock();
} }
void NodeConfig::whackAllTaps()
{
std::vector< SharedPtr<Network> > nwlist;
Mutex::Lock _l(_networks_m);
for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n)
n->second->tap().whack();
}
void NodeConfig::refreshConfiguration() void NodeConfig::refreshConfiguration()
{ {
_autoconfigureLock.lock(); // unlocked when handler gets called _autoconfigureLock.lock(); // unlocked when handler gets called

8
node/NodeConfig.hpp
View File

@ -81,13 +81,7 @@ public:
/** /**
* Call whack() on all networks' tap devices * Call whack() on all networks' tap devices
*/ */
inline void whackAllTaps() void whackAllTaps();
{
std::vector< SharedPtr<Network> > nwlist;
Mutex::Lock _l(_networks_m);
for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n)
n->second->tap().whack();
}
/** /**
* @param nwid Network ID * @param nwid Network ID