A bit more remote tracing stuff.

include/ZeroTierOne.h

@@ -272,12 +272,20 @@ extern "C" {
 #define ZT_REMOTE_TRACE_FIELD__LOCAL_SOCKET "ls"
 #define ZT_REMOTE_TRACE_FIELD__IP_SCOPE "ipsc"
 #define ZT_REMOTE_TRACE_FIELD__NETWORK_ID "nwid"
+#define ZT_REMOTE_TRACE_FIELD__SOURCE_ZTADDR "szt"
+#define ZT_REMOTE_TRACE_FIELD__DEST_ZTADDR "dzt"
 #define ZT_REMOTE_TRACE_FIELD__SOURCE_MAC "seth"
 #define ZT_REMOTE_TRACE_FIELD__DEST_MAC "deth"
 #define ZT_REMOTE_TRACE_FIELD__ETHERTYPE "et"
 #define ZT_REMOTE_TRACE_FIELD__VLAN_ID "vlan"
 #define ZT_REMOTE_TRACE_FIELD__FRAME_LENGTH "fl"
 #define ZT_REMOTE_TRACE_FIELD__FRAME_DATA "fd"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_FLAG_NOTEE "ffnotee"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_FLAG_INBOUND "ffdir"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_RESULT "fresult"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_BASE_RULE_LOG "frlog"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_CAP_RULE_LOG "fclog"
+#define ZT_REMOTE_TRACE_FIELD__FILTER_CAP_ID "fcid"
 #define ZT_REMOTE_TRACE_FIELD__CREDENTIAL_TYPE "crtype"
 #define ZT_REMOTE_TRACE_FIELD__CREDENTIAL_ID "crid"
 #define ZT_REMOTE_TRACE_FIELD__CREDENTIAL_TIMESTAMP "crts"
@@ -285,6 +293,7 @@ extern "C" {
 #define ZT_REMOTE_TRACE_FIELD__CREDENTIAL_ISSUED_TO "criss"
 #define ZT_REMOTE_TRACE_FIELD__CREDENTIAL_REVOCATION_TARGET "crrevt"
 #define ZT_REMOTE_TRACE_FIELD__REASON "reason"
+#define ZT_REMOTE_TRACE_FIELD__NETWORK_CONTROLLER_ID "nwctrl"
 
 // Event types in remote traces
 #define ZT_REMOTE_TRACE_EVENT__RESETTING_PATHS_IN_SCOPE 0x1000
@@ -300,6 +309,8 @@ extern "C" {
 #define ZT_REMOTE_TRACE_EVENT__INCOMING_NETWORK_FRAME_DROPPED 0x2002
 #define ZT_REMOTE_TRACE_EVENT__CREDENTIAL_REJECTED 0x2003
 #define ZT_REMOTE_TRACE_EVENT__CREDENTIAL_ACCEPTED 0x2004
+#define ZT_REMOTE_TRACE_EVENT__NETWORK_CONFIG_REQUEST_SENT 0x2005
+#define ZT_REMOTE_TRACE_EVENT__NETWORK_FILTER_TRACE 0x2006
 
 // Event types in remote traces in hex string form
 #define ZT_REMOTE_TRACE_EVENT__RESETTING_PATHS_IN_SCOPE_S "1000"
@@ -315,6 +326,8 @@ extern "C" {
 #define ZT_REMOTE_TRACE_EVENT__INCOMING_NETWORK_FRAME_DROPPED_S "2002"
 #define ZT_REMOTE_TRACE_EVENT__CREDENTIAL_REJECTED_S "2003"
 #define ZT_REMOTE_TRACE_EVENT__CREDENTIAL_ACCEPTED_S "2004"
+#define ZT_REMOTE_TRACE_EVENT__NETWORK_CONFIG_REQUEST_SENT_S "2005"
+#define ZT_REMOTE_TRACE_EVENT__NETWORK_FILTER_TRACE_S "2006"
 
 /****************************************************************************/
 /* Structures and other types                                               */

node/IncomingPacket.cpp

@@ -683,19 +683,19 @@ bool IncomingPacket::_doEXT_FRAME(const RuntimeEnvironment *RR,void *tPtr,const
 							if (network->config().permitsBridging(peer->address())) {
 								network->learnBridgeRoute(from,peer->address());
 							} else {
-								RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to);
+								RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to,"bridging not allowed (remote)");
 								peer->received(tPtr,_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,true,nwid); // trustEstablished because COM is okay
 								return true;
 							}
 						} else if (to != network->mac()) {
 							if (to.isMulticast()) {
 								if (network->config().multicastLimit == 0) {
-									RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to);
+									RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to,"multicast disabled");
 									peer->received(tPtr,_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,true,nwid); // trustEstablished because COM is okay
 									return true;
 								}
 							} else if (!network->config().permitsBridging(RR->identity.address())) {
-								RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to);
+								RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_EXT_FRAME,from,to,"bridging not allowed (local)");
 								peer->received(tPtr,_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,true,nwid); // trustEstablished because COM is okay
 								return true;
 							}
@@ -1065,7 +1065,7 @@ bool IncomingPacket::_doMULTICAST_FRAME(const RuntimeEnvironment *RR,void *tPtr,
 			const unsigned int frameLen = size() - (offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME);
 
 			if (network->config().multicastLimit == 0) {
-				RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_MULTICAST_FRAME,from,to.mac());
+				RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_MULTICAST_FRAME,from,to.mac(),"multicast disabled");
 				peer->received(tPtr,_path,hops(),packetId(),Packet::VERB_MULTICAST_FRAME,0,Packet::VERB_NOP,false,nwid);
 				return true;
 			}
@@ -1086,7 +1086,7 @@ bool IncomingPacket::_doMULTICAST_FRAME(const RuntimeEnvironment *RR,void *tPtr,
 					if (network->config().permitsBridging(peer->address())) {
 						network->learnBridgeRoute(from,peer->address());
 					} else {
-						RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_MULTICAST_FRAME,from,to.mac());
+						RR->t->incomingNetworkFrameDropped(tPtr,network,_path,packetId(),size(),peer->address(),Packet::VERB_MULTICAST_FRAME,from,to.mac(),"bridging not allowed (remote)");
 						peer->received(tPtr,_path,hops(),packetId(),Packet::VERB_MULTICAST_FRAME,0,Packet::VERB_NOP,true,nwid); // trustEstablished because COM is okay
 						return true;
 					}

node/Trace.cpp

@@ -120,8 +120,9 @@ void Trace::outgoingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network
 	d.add(ZT_REMOTE_TRACE_FIELD__ETHERTYPE,(uint64_t)etherType);
 	d.add(ZT_REMOTE_TRACE_FIELD__VLAN_ID,(uint64_t)vlanId);
 	d.add(ZT_REMOTE_TRACE_FIELD__FRAME_LENGTH,(uint64_t)frameLen);
-	if (reason)
+	if (reason) {
 		d.add(ZT_REMOTE_TRACE_FIELD__REASON,reason);
+	}
 	_send(tPtr,d,network);
 }
 
@@ -133,18 +134,34 @@ void Trace::incomingNetworkAccessDenied(void *const tPtr,const SharedPtr<Network
 	d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__INCOMING_NETWORK_ACCESS_DENIED_S);
 	d.add(ZT_REMOTE_TRACE_FIELD__PACKET_ID,packetId);
 	d.add(ZT_REMOTE_TRACE_FIELD__PACKET_VERB,(uint64_t)verb);
-	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_ID,network->id());
 	d.add(ZT_REMOTE_TRACE_FIELD__REMOTE_ZTADDR,source);
 	if (path) {
 		d.add(ZT_REMOTE_TRACE_FIELD__REMOTE_PHYADDR,path->address().toString(tmp));
 		d.add(ZT_REMOTE_TRACE_FIELD__LOCAL_SOCKET,path->localSocket());
 	}
+	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_ID,network->id());
+	_send(tPtr,d,network);
 }
 
-void Trace::incomingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network> &network,const SharedPtr<Path> &path,const uint64_t packetId,const unsigned int packetLength,const Address &source,const Packet::Verb verb,const MAC &sourceMac,const MAC &destMac)
+void Trace::incomingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network> &network,const SharedPtr<Path> &path,const uint64_t packetId,const unsigned int packetLength,const Address &source,const Packet::Verb verb,const MAC &sourceMac,const MAC &destMac,const char *reason)
 {
-	//Dictionary<ZT_MAX_REMOTE_TRACE_SIZE> d;
-	//d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__INCOMING_NETWORK_FRAME_DROPPED_S);
+	if (!network) return; // sanity check
+	char tmp[128];
+	Dictionary<ZT_MAX_REMOTE_TRACE_SIZE> d;
+	d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__INCOMING_NETWORK_FRAME_DROPPED_S);
+	d.add(ZT_REMOTE_TRACE_FIELD__PACKET_ID,packetId);
+	d.add(ZT_REMOTE_TRACE_FIELD__PACKET_VERB,(uint64_t)verb);
+	d.add(ZT_REMOTE_TRACE_FIELD__REMOTE_ZTADDR,source);
+	if (path) {
+		d.add(ZT_REMOTE_TRACE_FIELD__REMOTE_PHYADDR,path->address().toString(tmp));
+		d.add(ZT_REMOTE_TRACE_FIELD__LOCAL_SOCKET,path->localSocket());
+	}
+	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_ID,network->id());
+	d.add(ZT_REMOTE_TRACE_FIELD__SOURCE_MAC,sourceMac.toInt());
+	d.add(ZT_REMOTE_TRACE_FIELD__DEST_MAC,destMac.toInt());
+	if (reason)
+		d.add(ZT_REMOTE_TRACE_FIELD__REASON,reason);
+	_send(tPtr,d,network);
 }
 
 void Trace::incomingPacketTrustedPath(void *const tPtr,const SharedPtr<Path> &path,const uint64_t packetId,const Address &source,const uint64_t trustedPathId,bool approved)
@@ -197,6 +214,11 @@ void Trace::incomingPacketDroppedHELLO(void *const tPtr,const SharedPtr<Path> &p
 
 void Trace::networkConfigRequestSent(void *const tPtr,const Network &network,const Address &controller)
 {
+	Dictionary<ZT_MAX_REMOTE_TRACE_SIZE> d;
+	d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__NETWORK_CONFIG_REQUEST_SENT_S);
+	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_ID,network.id());
+	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_CONTROLLER_ID,controller);
+	_send(tPtr,d,0);
 }
 
 void Trace::networkFilter(
@@ -217,9 +239,27 @@ void Trace::networkFilter(
 	const bool inbound,
 	const int accept)
 {
-	//char tmp[128];
-	//Dictionary<ZT_MAX_REMOTE_TRACE_SIZE> d;
-	//_send(tPtr,d,network.id());
+	Dictionary<ZT_MAX_REMOTE_TRACE_SIZE> d;
+	d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__NETWORK_FILTER_TRACE_S);
+	d.add(ZT_REMOTE_TRACE_FIELD__NETWORK_ID,network.id());
+	d.add(ZT_REMOTE_TRACE_FIELD__SOURCE_ZTADDR,ztSource);
+	d.add(ZT_REMOTE_TRACE_FIELD__DEST_ZTADDR,ztDest);
+	d.add(ZT_REMOTE_TRACE_FIELD__SOURCE_MAC,macSource.toInt());
+	d.add(ZT_REMOTE_TRACE_FIELD__DEST_MAC,macDest.toInt());
+	d.add(ZT_REMOTE_TRACE_FIELD__ETHERTYPE,(uint64_t)etherType);
+	d.add(ZT_REMOTE_TRACE_FIELD__VLAN_ID,(uint64_t)vlanId);
+	d.add(ZT_REMOTE_TRACE_FIELD__FILTER_FLAG_NOTEE,noTee ? "1" : "0");
+	d.add(ZT_REMOTE_TRACE_FIELD__FILTER_FLAG_INBOUND,inbound ? "1" : "0");
+	d.add(ZT_REMOTE_TRACE_FIELD__FILTER_RESULT,(int64_t)accept);
+	d.add(ZT_REMOTE_TRACE_FIELD__FILTER_BASE_RULE_LOG,(const char *)primaryRuleSetLog.data(),(int)primaryRuleSetLog.sizeBytes());
+	if (matchingCapabilityRuleSetLog)
+		d.add(ZT_REMOTE_TRACE_FIELD__FILTER_CAP_RULE_LOG,(const char *)matchingCapabilityRuleSetLog->data(),(int)matchingCapabilityRuleSetLog->sizeBytes());
+	if (matchingCapability)
+		d.add(ZT_REMOTE_TRACE_FIELD__FILTER_CAP_ID,(uint64_t)matchingCapability->id());
+	d.add(ZT_REMOTE_TRACE_FIELD__FRAME_LENGTH,(uint64_t)frameLen);
+	if (frameLen > 0)
+		d.add(ZT_REMOTE_TRACE_FIELD__FRAME_DATA,(const char *)frameData,(frameLen > 256) ? (int)256 : (int)frameLen);
+	_send(tPtr,d,network.id());
 }
 
 void Trace::credentialRejected(void *const tPtr,const CertificateOfMembership &c,const char *reason)

node/Trace.hpp

@@ -93,7 +93,7 @@ public:
 		}
 
 		inline const uint8_t *data() const { return _l; }
-		inline unsigned int sizeBytes() const { return (unsigned int)sizeof(_l); }
+		inline unsigned int sizeBytes() const { return (ZT_MAX_NETWORK_RULES / 2); }
 
 	private:
 		uint8_t _l[ZT_MAX_NETWORK_RULES / 2];
@@ -115,7 +115,7 @@ public:
 
 	void outgoingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network> &network,const MAC &sourceMac,const MAC &destMac,const unsigned int etherType,const unsigned int vlanId,const unsigned int frameLen,const char *reason);
 	void incomingNetworkAccessDenied(void *const tPtr,const SharedPtr<Network> &network,const SharedPtr<Path> &path,const uint64_t packetId,const unsigned int packetLength,const Address &source,const Packet::Verb verb,bool credentialsRequested);
-	void incomingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network> &network,const SharedPtr<Path> &path,const uint64_t packetId,const unsigned int packetLength,const Address &source,const Packet::Verb verb,const MAC &sourceMac,const MAC &destMac);
+	void incomingNetworkFrameDropped(void *const tPtr,const SharedPtr<Network> &network,const SharedPtr<Path> &path,const uint64_t packetId,const unsigned int packetLength,const Address &source,const Packet::Verb verb,const MAC &sourceMac,const MAC &destMac,const char *reason);
 
 	void networkConfigRequestSent(void *const tPtr,const Network &network,const Address &controller);
 	void networkFilter(