Add a mask and value range to the IP tos rule field. This allows TOS to be matched more usefully. This will break anyone using tos in the beta, but nobody seems to be and its pre-release so now is the time.

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2017-02-07 09:33:39 -0800
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2017-02-07 09:33:39 -0800
commit: 672f17c6e9ae981a70c51fdd62882e4847c5b6ba (patch)
tree: 176f8ec5a5864c490c1d6ad009af6e79cdcf326f /node
parent: 723a9a6e9aa4254c7d740f9af6596ba8450924ac (diff)
download: infinitytier-672f17c6e9ae981a70c51fdd62882e4847c5b6ba.tar.gz
infinitytier-672f17c6e9ae981a70c51fdd62882e4847c5b6ba.zip
2 files changed, 12 insertions, 6 deletions
diff --git a/node/Capability.hpp b/node/Capability.hpp
index ddbfd9ee..08714038 100644
--- a/node/Capability.hpp
+++ b/node/Capability.hpp
@@ -216,8 +216,10 @@ public:
 					b.append((uint8_t)rules[i].v.ipv6.mask);
 					break;
 				case ZT_NETWORK_RULE_MATCH_IP_TOS:
-					b.append((uint8_t)1);
-					b.append((uint8_t)rules[i].v.ipTos);
+					b.append((uint8_t)3);
+					b.append((uint8_t)rules[i].v.ipTos.mask);
+					b.append((uint8_t)rules[i].v.ipTos.value[0]);
+					b.append((uint8_t)rules[i].v.ipTos.value[1]);
 					break;
 				case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL:
 					b.append((uint8_t)1);
@@ -308,7 +310,9 @@ public:
 					rules[ruleCount].v.ipv6.mask = (uint8_t)b[p + 16];
 					break;
 				case ZT_NETWORK_RULE_MATCH_IP_TOS:
-					rules[ruleCount].v.ipTos = (uint8_t)b[p];
+					rules[ruleCount].v.ipTos.mask = (uint8_t)b[p];
+					rules[ruleCount].v.ipTos.value[0] = (uint8_t)b[p+1];
+					rules[ruleCount].v.ipTos.value[1] = (uint8_t)b[p+2];
 					break;
 				case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL:
 					rules[ruleCount].v.ipProtocol = (uint8_t)b[p];
diff --git a/node/Network.cpp b/node/Network.cpp
index 5961b087..7412e3e7 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -368,11 +368,13 @@ static _doZtFilterResult _doZtFilter(
 				break;
 			case ZT_NETWORK_RULE_MATCH_IP_TOS:
 				if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
-					thisRuleMatches = (uint8_t)(rules[rn].v.ipTos == ((frameData[1] & 0xfc) >> 2));
+					//thisRuleMatches = (uint8_t)(rules[rn].v.ipTos == ((frameData[1] & 0xfc) >> 2));
+					const uint8_t tosMasked = frameData[1] & rules[rn].v.ipTos.mask;
+					thisRuleMatches = (uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0])&&(tosMasked <= rules[rn].v.ipTos.value[1]));
 					FILTER_TRACE("%u %s %c (IPv4) %u==%u -> %u",rn,_rtn(rt),(((rules[rn].t & 0x80) != 0) ? '!' : '='),(unsigned int)rules[rn].v.ipTos,(unsigned int)((frameData[1] & 0xfc) >> 2),(unsigned int)thisRuleMatches);
 				} else if ((etherType == ZT_ETHERTYPE_IPV6)&&(frameLen >= 40)) {
-					const uint8_t trafficClass = ((frameData[0] << 4) & 0xf0) | ((frameData[1] >> 4) & 0x0f);
-					thisRuleMatches = (uint8_t)(rules[rn].v.ipTos == ((trafficClass & 0xfc) >> 2));
+					const uint8_t tosMasked = (((frameData[0] << 4) & 0xf0) | ((frameData[1] >> 4) & 0x0f)) & rules[rn].v.ipTos.mask;
+					thisRuleMatches = (uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0])&&(tosMasked <= rules[rn].v.ipTos.value[1]));
 					FILTER_TRACE("%u %s %c (IPv6) %u==%u -> %u",rn,_rtn(rt),(((rules[rn].t & 0x80) != 0) ? '!' : '='),(unsigned int)rules[rn].v.ipTos,(unsigned int)((trafficClass & 0xfc) >> 2),(unsigned int)thisRuleMatches);
 				} else {
 					thisRuleMatches = 0;
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2017-02-07 09:33:39 -0800
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2017-02-07 09:33:39 -0800
commit	672f17c6e9ae981a70c51fdd62882e4847c5b6ba (patch)
tree	176f8ec5a5864c490c1d6ad009af6e79cdcf326f /node
parent	723a9a6e9aa4254c7d740f9af6596ba8450924ac (diff)
download	infinitytier-672f17c6e9ae981a70c51fdd62882e4847c5b6ba.tar.gz infinitytier-672f17c6e9ae981a70c51fdd62882e4847c5b6ba.zip