Filter cleanup, prep for filter integration in a few places.

2025-02-01 00:45:27 +00:00 · 2016-08-04 12:35:25 -07:00 · 2016-08-04 12:35:25 -07:00 · 8a7753cfe3
commit 8a7753cfe3
parent 331382cf2f
4 changed files with 40 additions and 63 deletions
--- a/node/Filter.cpp
+++ b/node/Filter.cpp
@ -66,7 +66,8 @@ bool Filter::run(
 	const unsigned int vlanId,
 	const ZT_VirtualNetworkRule *rules,
 	const unsigned int ruleCount,
-	const Tag *tags,
+	const uint32_t *tagKeys,
+	const uint32_t *tagValues,
 	const unsigned int tagCount,
 	Address &sendCopyOfPacketTo)
 {
@ -248,13 +249,13 @@ bool Filter::run(
 			case ZT_NETWORK_RULE_MATCH_TAG_VALUE_BITS_ALL:
 			case ZT_NETWORK_RULE_MATCH_TAG_VALUE_BITS_ANY:
 				for(unsigned int i=0;i<tagCount;++i) { // sequential scan is probably fastest since this is going to be <64 entries (usually only one or two)
-					if (tags[i].id() == rules[rn].v.tag.id) {
+					if (tagKeys[i] == rules[rn].v.tag.id) {
 						if (rt == ZT_NETWORK_RULE_MATCH_TAG_VALUE_RANGE) {
-							thisRuleMatches = (uint8_t)((tags[i].value() >= rules[rn].v.tag.value[0])&&(tags[i].value() <= rules[rn].v.tag.value[1]));
+							thisRuleMatches = (uint8_t)((tagValues[i] >= rules[rn].v.tag.value[0])&&(tagValues[i] <= rules[rn].v.tag.value[1]));
 						} else if (rt == ZT_NETWORK_RULE_MATCH_TAG_VALUE_BITS_ALL) {
-							thisRuleMatches = (uint8_t)((tags[i].value() & rules[rn].v.tag.value[0]) == rules[rn].v.tag.value[0]);
+							thisRuleMatches = (uint8_t)((tagValues[i] & rules[rn].v.tag.value[0]) == rules[rn].v.tag.value[0]);
 						} else if (rt == ZT_NETWORK_RULE_MATCH_TAG_VALUE_BITS_ANY) {
-							thisRuleMatches = (uint8_t)((tags[i].value() & rules[rn].v.tag.value[0]) != 0);
+							thisRuleMatches = (uint8_t)((tagValues[i] & rules[rn].v.tag.value[0]) != 0);
 						}
 						break;
 					}
--- a/node/Filter.hpp
+++ b/node/Filter.hpp
@ -27,12 +27,11 @@
 #include "../include/ZeroTierOne.h"
 #include "Address.hpp"
 #include "MAC.hpp"
-#include "Tag.hpp"

 namespace ZeroTier {

 /**
- * Network packet filter for rules engine
+ * A simple network packet filter with VL1, L2, and basic L3 rule support (and tags!)
 */
 class Filter
 {
@ -55,8 +54,9 @@ public:
 	 * @param vlanId 16-bit VLAN ID
 	 * @param rules Pointer to array of rules
 	 * @param ruleCount Number of rules
-	 * @param tags Tags associated with this node on this network
-	 * @param tagCount Number of tags
+	 * @param tagKeys Tag keys for tags that may be relevant
+	 * @param tagValues Tag values for tags that may be relevant
+	 * @param tagCount Size of tagKeys[] and tagValues[]
 	 * @param sendCopyOfPacketTo Result parameter: if non-NULL send a copy of this packet to another node
 	 * @return True if packet should be accepted for send or receive
 	 */
@ -73,7 +73,8 @@ public:
 		const unsigned int vlanId,
 		const ZT_VirtualNetworkRule *rules,
 		const unsigned int ruleCount,
-		const Tag *tags,
+		const uint32_t *tagKeys,
+		const uint32_t *tagValues,
 		const unsigned int tagCount,
 		Address &sendCopyOfPacketTo);
 };
--- a/node/OutboundMulticast.cpp
+++ b/node/OutboundMulticast.cpp
@ -21,8 +21,9 @@
 #include "OutboundMulticast.hpp"
 #include "Switch.hpp"
 #include "Network.hpp"
-#include "CertificateOfMembership.hpp"
 #include "Node.hpp"
+#include "Peer.hpp"
+#include "Topology.hpp"

 namespace ZeroTier {

@ -30,7 +31,6 @@ void OutboundMulticast::init(
 	const RuntimeEnvironment *RR,
 	uint64_t timestamp,
 	uint64_t nwid,
-	const CertificateOfMembership *com,
 	unsigned int limit,
 	unsigned int gatherLimit,
 	const MAC &src,
@ -48,7 +48,7 @@ void OutboundMulticast::init(
 	if (src) flags |= 0x04;

 	/*
-	TRACE(">>MC %.16llx INIT %.16llx/%s limit %u gatherLimit %u from %s to %s length %u com==%d",
+	TRACE(">>MC %.16llx INIT %.16llx/%s limit %u gatherLimit %u from %s to %s length %u",
 		(unsigned long long)this,
 		nwid,
 		dest.toString().c_str(),
@ -56,58 +56,35 @@ void OutboundMulticast::init(
 		gatherLimit,
 		(src) ? src.toString().c_str() : MAC(RR->identity.address(),nwid).toString().c_str(),
 		dest.toString().c_str(),
-		len,
-		(com) ? 1 : 0);
+		len);
 	*/

-	_packetNoCom.setSource(RR->identity.address());
-	_packetNoCom.setVerb(Packet::VERB_MULTICAST_FRAME);
-	_packetNoCom.append((uint64_t)nwid);
-	_packetNoCom.append(flags);
-	if (gatherLimit) _packetNoCom.append((uint32_t)gatherLimit);
-	if (src) src.appendTo(_packetNoCom);
-	dest.mac().appendTo(_packetNoCom);
-	_packetNoCom.append((uint32_t)dest.adi());
-	_packetNoCom.append((uint16_t)etherType);
-	_packetNoCom.append(payload,len);
-	_packetNoCom.compress();
-
-	if (com) {
-		_haveCom = true;
-		flags |= 0x01;
-
-		_packetWithCom.setSource(RR->identity.address());
-		_packetWithCom.setVerb(Packet::VERB_MULTICAST_FRAME);
-		_packetWithCom.append((uint64_t)nwid);
-		_packetWithCom.append(flags);
-		com->serialize(_packetWithCom);
-		if (gatherLimit) _packetWithCom.append((uint32_t)gatherLimit);
-		if (src) src.appendTo(_packetWithCom);
-		dest.mac().appendTo(_packetWithCom);
-		_packetWithCom.append((uint32_t)dest.adi());
-		_packetWithCom.append((uint16_t)etherType);
-		_packetWithCom.append(payload,len);
-		_packetWithCom.compress();
-	} else _haveCom = false;
+	_packet.setSource(RR->identity.address());
+	_packet.setVerb(Packet::VERB_MULTICAST_FRAME);
+	_packet.append((uint64_t)nwid);
+	_packet.append(flags);
+	if (gatherLimit) _packet.append((uint32_t)gatherLimit);
+	if (src) src.appendTo(_packet);
+	dest.mac().appendTo(_packet);
+	_packet.append((uint32_t)dest.adi());
+	_packet.append((uint16_t)etherType);
+	_packet.append(payload,len);
+	_packet.compress();
 }

 void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
 {
-	if (_haveCom) {
-		SharedPtr<Peer> peer(RR->topology->getPeer(toAddr));
-		if ( (!peer) || (peer->needsOurNetworkMembershipCertificate(_nwid,RR->node->now(),true)) ) {
-			//TRACE(">>MC %.16llx -> %s (with COM)",(unsigned long long)this,toAddr.toString().c_str());
-			_packetWithCom.newInitializationVector();
-			_packetWithCom.setDestination(toAddr);
-			RR->sw->send(_packetWithCom,true,_nwid);
-			return;
-		}
+	// TODO: apply Filter
+
+	SharedPtr<Peer> peer(RR->topology->getPeer(toAddr));
+	if (peer) {
+		// TODO: push creds if needed
 	}

-	//TRACE(">>MC %.16llx -> %s (without COM)",(unsigned long long)this,toAddr.toString().c_str());
-	_packetNoCom.newInitializationVector();
-	_packetNoCom.setDestination(toAddr);
-	RR->sw->send(_packetNoCom,true,_nwid);
+	//TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str());
+	_packet.newInitializationVector();
+	_packet.setDestination(toAddr);
+	RR->sw->send(_packet,true,_nwid);
 }

 } // namespace ZeroTier
--- a/node/OutboundMulticast.hpp
+++ b/node/OutboundMulticast.hpp
@ -56,7 +56,6 @@ public:
 	 * @param RR Runtime environment
 	 * @param timestamp Creation time
 	 * @param nwid Network ID
-	 * @param com Certificate of membership or NULL if none available
 	 * @param limit Multicast limit for desired number of packets to send
 	 * @param gatherLimit Number to lazily/implicitly gather with this frame or 0 for none
 	 * @param src Source MAC address of frame or NULL to imply compute from sender ZT address
@ -70,7 +69,6 @@ public:
 		const RuntimeEnvironment *RR,
 		uint64_t timestamp,
 		uint64_t nwid,
-		const CertificateOfMembership *com,
 		unsigned int limit,
 		unsigned int gatherLimit,
 		const MAC &src,
@ -127,17 +125,17 @@ public:
 		if (std::find(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr) == _alreadySentTo.end()) {
 			sendAndLog(RR,toAddr);
 			return true;
-		} else return false;
+		} else {
+			return false;
+		}
 	}

 private:
 	uint64_t _timestamp;
 	uint64_t _nwid;
 	unsigned int _limit;
-	Packet _packetNoCom;
-	Packet _packetWithCom;
+	Packet _packet;
 	std::vector<Address> _alreadySentTo;
-	bool _haveCom;
 };

 } // namespace ZeroTier