diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2015-08-25 09:46:59 -0700 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2015-08-25 09:46:59 -0700 |
| commit | b4487cefc978491ae40ba29c8c84ce0c23ba8fdb (patch) | |
| tree | 46a1051433670204b7f2a6174ff1e403e6210147 /service | |
| parent | 867258de8b5cbc3e3b26baa9b9e7332df9048328 (diff) | |
| download | infinitytier-b4487cefc978491ae40ba29c8c84ce0c23ba8fdb.tar.gz infinitytier-b4487cefc978491ae40ba29c8c84ce0c23ba8fdb.zip | |
Document rules requirement in controller.
Diffstat (limited to 'service')
| -rw-r--r-- | service/README.md | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/service/README.md b/service/README.md index 7ffabba3..05f340d8 100644 --- a/service/README.md +++ b/service/README.md @@ -156,9 +156,7 @@ By making queries to this path you can create, configure, and delete networks. D It's important to understand how network IDs work. The first ten digits (most significant 40 bits) of a network ID are the ZeroTier address of the controller. This is how clients find it. The last six digits (least significant 24 bits) are arbitrary and serve to identify the network uniquely on the controller. -Thus a network's first ten digits *must* be the controller's address. If your controller is *deadbeef01*, then the networks it controls must have IDs like *deadbeef01feed02* or *deadbeef01beef03*. This API however *does not* enforce this requirement. It will allow you to add arbitrary network IDs, but they won't work since clients will never be able to find them. - -To create a new network with a random last six digits safely and atomically, you can POST to */controller/network/##########\_\_\_\_\_\_* where ########## is the controller's address and the underscores are as shown. This will pick a random unallocated network ID, which will be returned in the 'nwid' field of the returned JSON object. +Thus a network's first ten digits *must* be the controller's address. If your controller is *deadbeef01*, then the networks it controls must have IDs like *deadbeef01feed02* or *deadbeef01beef03*. This API however *does not* enforce this requirement. It will allow you to add arbitrary network IDs, but they won't work since clients will never be able to find them. To create a new network with a random last six digits safely and atomically, you can POST to */controller/network/##########\_\_\_\_\_\_* where ########## is the controller's address and the underscores are as shown. This will pick a random unallocated network ID, which will be returned in the 'nwid' field of the returned JSON object. <table> <tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr> @@ -181,9 +179,9 @@ To create a new network with a random last six digits safely and atomically, you <tr><td>rules</td><td>[object]</td><td>Array of network flow rules (see below)</td><td>yes</td></tr> </table> -The network member list includes both authorized and unauthorized members. DELETE unauthorized members to remove them from the list. +The network member list includes both authorized and unauthorized members. DELETE unauthorized members to remove them from the list. Relays, IP assignment pools, and rules are edited via direct POSTs to the network object. New values replace all previous values. -Relays, IP assignment pools, and rules are edited via direct POSTs to the network object. New values replace all previous values. +Networks must have rules. If there are no rules, the default action is 'deny'. As also documented in the Rule object definition below, rules currently only support etherType and allow/deny. Thus to make a functioning network, add etherType allow entries for IPV4/ARP and/or IPv6. Alternately you can add a null allow entry to allow all traffic, causing the network to behave like a normal pass-through switch. **Relay object format:** |