diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-07-17 10:01:46 -0400 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-07-17 10:01:46 -0400 |
| commit | 557cc359b30aacff372f1b92a8f0f621fcd9c50f (patch) | |
| tree | 915470b3308bb030fe921bed34ac0fd7c5c96722 | |
| parent | 102b0865cb4a4c2d17dea7ba4e9717a7a6a6049f (diff) | |
| download | infinitytier-557cc359b30aacff372f1b92a8f0f621fcd9c50f.tar.gz infinitytier-557cc359b30aacff372f1b92a8f0f621fcd9c50f.zip | |
More filter work.
| -rw-r--r-- | node/Defaults.cpp | 7 | ||||
| -rw-r--r-- | node/Defaults.hpp | 6 | ||||
| -rw-r--r-- | node/Filter.cpp | 9 | ||||
| -rw-r--r-- | node/Filter.hpp | 16 | ||||
| -rw-r--r-- | node/NodeConfig.cpp | 8 | ||||
| -rw-r--r-- | node/NodeConfig.hpp | 8 |
6 files changed, 25 insertions, 29 deletions
diff --git a/node/Defaults.cpp b/node/Defaults.cpp index d5990600..f1454796 100644 --- a/node/Defaults.cpp +++ b/node/Defaults.cpp @@ -66,16 +66,11 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap() return sn; } -static inline Filter _mkDefaultNodeFilter() -{ -} - Defaults::Defaults() throw(std::runtime_error) : supernodes(_mkSupernodeMap()), configUrlPrefix("http://api.zerotier.com/one/nc/"), - configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj"), - defaultNodeFilter(_mkDefaultNodeFilter()) + configAuthority("f9f34184ac:1:AwGgrWjb8dARXzruqxiy1+Qf+gz4iM5IMfQTCWrJXkwERdvbvxTPZvtIyitw4gS90TGIxW+e7uJxweg9Vyq5lZJBrg==:QeEQLm9ymLC3EcnIw2OUqufUwb2wgHSAg6wQOXKyhT779p/8Hz5485PZLJCbr/aVHjwzop8APJk9B45Zm0Mb/LEhQTBMH2jvc7qqoYnMCNCO9jpADeMJwMW5e1VFgIObWl9uNjhRbf5/m8dZcn0pKKGwjSoP1QTeVWOC8GkZhE25bUWj") { } diff --git a/node/Defaults.hpp b/node/Defaults.hpp index 3493c5a8..b9c8ecf5 100644 --- a/node/Defaults.hpp +++ b/node/Defaults.hpp @@ -34,7 +34,6 @@ #include <map> #include "Identity.hpp" #include "InetAddress.hpp" -#include "Filter.hpp" namespace ZeroTier { @@ -66,11 +65,6 @@ public: * Identity used to encrypt and authenticate configuration from URL */ const std::string configAuthority; - - /** - * Default node filter for this platform - */ - const Filter defaultNodeFilter; }; extern const Defaults ZT_DEFAULTS; diff --git a/node/Filter.cpp b/node/Filter.cpp index d7d177b1..a0412173 100644 --- a/node/Filter.cpp +++ b/node/Filter.cpp @@ -38,6 +38,7 @@ namespace ZeroTier { const char *const Filter::UNKNOWN_NAME = "(unknown)"; +const Range<unsigned int> Filter::ANY; bool Filter::Rule::operator()(unsigned int etype,const void *data,unsigned int len) const throw(std::invalid_argument) @@ -338,19 +339,23 @@ Filter::Action Filter::operator()(const RuntimeEnvironment *_r,unsigned int ethe { Mutex::Lock _l(_chain_m); + TRACE("starting match against %d rules",(int)_chain.size()); + int ruleNo = 0; for(std::vector<Entry>::const_iterator r(_chain.begin());r!=_chain.end();++r,++ruleNo) { try { if (r->rule(etherType,frame,len)) { + TRACE("match: %s",r->rule.toString().c_str()); + switch(r->action) { case ACTION_ALLOW: case ACTION_DENY: return r->action; - case ACTION_LOG: - break; default: break; } + } else { + TRACE("no match: %s",r->rule.toString().c_str()); } } catch (std::invalid_argument &exc) { LOG("filter: unable to parse packet on rule %s (%d): %s",r->rule.toString().c_str(),ruleNo,exc.what()); diff --git a/node/Filter.hpp b/node/Filter.hpp index 0af52864..8b86b48f 100644 --- a/node/Filter.hpp +++ b/node/Filter.hpp @@ -139,6 +139,11 @@ public: static const char *const UNKNOWN_NAME; /** + * An empty range as a more idiomatic way of specifying a wildcard match + */ + static const Range<unsigned int> ANY; + + /** * A filter rule * * This behaves as an immutable value object. @@ -222,10 +227,9 @@ public: */ enum Action { - ACTION_DENY = 1, - ACTION_ALLOW = 2, - ACTION_LOG = 3, - ACTION_UNPARSEABLE = 4 + ACTION_DENY = 0, + ACTION_ALLOW = 1, + ACTION_UNPARSEABLE = 2 }; /** @@ -329,10 +333,6 @@ public: /** * Match against an Ethernet frame * - * Note that ACTION_LOG rules do not terminate rule evaluation and - * ACTION_LOG is never returned here as a result. It's primarily for - * debugging and rule testing. - * * @param _r Runtime environment * @param etherType Ethernet frame type * @param frame Ethernet frame data diff --git a/node/NodeConfig.cpp b/node/NodeConfig.cpp index fcbbc6bd..763a5899 100644 --- a/node/NodeConfig.cpp +++ b/node/NodeConfig.cpp @@ -57,6 +57,14 @@ NodeConfig::~NodeConfig() _autoconfigureLock.unlock(); } +void NodeConfig::whackAllTaps() +{ + std::vector< SharedPtr<Network> > nwlist; + Mutex::Lock _l(_networks_m); + for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n) + n->second->tap().whack(); +} + void NodeConfig::refreshConfiguration() { _autoconfigureLock.lock(); // unlocked when handler gets called diff --git a/node/NodeConfig.hpp b/node/NodeConfig.hpp index 5caf18ab..5c412c9b 100644 --- a/node/NodeConfig.hpp +++ b/node/NodeConfig.hpp @@ -81,13 +81,7 @@ public: /** * Call whack() on all networks' tap devices */ - inline void whackAllTaps() - { - std::vector< SharedPtr<Network> > nwlist; - Mutex::Lock _l(_networks_m); - for(std::map< uint64_t,SharedPtr<Network> >::const_iterator n(_networks.begin());n!=_networks.end();++n) - n->second->tap().whack(); - } + void whackAllTaps(); /** * @param nwid Network ID |