diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-11-08 14:24:30 -0800 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-11-08 14:24:30 -0800 |
| commit | 3d948a930e935f126ab661c63e698283ff937380 (patch) | |
| tree | b79226d9cf417a9a6361665b7d88711605da8fb6 /controller | |
| parent | 6f3595bfd23ca31510741ab66515f2fe06120007 (diff) | |
| download | infinitytier-3d948a930e935f126ab661c63e698283ff937380.tar.gz infinitytier-3d948a930e935f126ab661c63e698283ff937380.zip | |
Send a blanket rule to old versions. New versions will still bidirecitonally enforce on the inbound side.
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/EmbeddedNetworkController.cpp | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp index c7114758..2871df9b 100644 --- a/controller/EmbeddedNetworkController.cpp +++ b/controller/EmbeddedNetworkController.cpp @@ -673,12 +673,20 @@ NetworkController::ResultCode EmbeddedNetworkController::doNetworkConfigRequest( json &memberCapabilities = member["capabilities"]; json &memberTags = member["tags"]; - if (rules.is_array()) { - for(unsigned long i=0;i<rules.size();++i) { - if (nc.ruleCount >= ZT_MAX_NETWORK_RULES) - break; - if (_parseRule(rules[i],nc.rules[nc.ruleCount])) - ++nc.ruleCount; + if (metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_RULES_ENGINE_REV,0) <= 0) { + // Old versions with no rules engine support get an allow everything rule. + // Since rules are enforced bidirectionally, newer versions *will* still + // enforce rules on the inbound side. + nc.ruleCount = 1; + nc.rules[0].t = ZT_NETWORK_RULE_ACTION_ACCEPT; + } else { + if (rules.is_array()) { + for(unsigned long i=0;i<rules.size();++i) { + if (nc.ruleCount >= ZT_MAX_NETWORK_RULES) + break; + if (_parseRule(rules[i],nc.rules[nc.ruleCount])) + ++nc.ruleCount; + } } } |