diff options
| -rw-r--r-- | include/ZeroTierOne.h | 17 | ||||
| -rw-r--r-- | node/NetworkConfig.cpp | 11 |
2 files changed, 27 insertions, 1 deletions
diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h index d16e2a68..d46c64b8 100644 --- a/include/ZeroTierOne.h +++ b/include/ZeroTierOne.h @@ -507,7 +507,17 @@ enum ZT_VirtualNetworkRuleType /** * Match a range of relative TCP sequence numbers (e.g. approx first N bytes of stream) */ - ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE = 50 + ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE = 50, + + /** + * Match a certificate of network membership field from the ZT origin's COM: greater than or equal to + */ + ZT_NETWORK_RULE_MATCH_COM_FIELD_GE = 51, + + /** + * Match a certificate of network membership field from the ZT origin's COM: less than or equal to + */ + ZT_NETWORK_RULE_MATCH_COM_FIELD_LE = 52 }; /** @@ -618,6 +628,11 @@ typedef struct * Ethernet packet size in host byte order (start-end, inclusive) */ uint16_t frameSize[2]; + + /** + * COM ID and value for ZT_NETWORK_RULE_MATCH_COM_FIELD_GE and ZT_NETWORK_RULE_MATCH_COM_FIELD_LE + */ + uint64_t comIV[2]; } v; } ZT_VirtualNetworkRule; diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp index d906005e..7b5318e4 100644 --- a/node/NetworkConfig.cpp +++ b/node/NetworkConfig.cpp @@ -250,6 +250,12 @@ bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,b tmp.append((uint32_t)rules[i].v.tcpseq[0]); tmp.append((uint32_t)rules[i].v.tcpseq[1]); break; + case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE: + case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE: + tmp.append((uint8_t)16); + tmp.append((uint64_t)rules[i].v.comIV[0]); + tmp.append((uint64_t)rules[i].v.comIV[1]); + break; } } if (tmp.size()) { @@ -469,6 +475,11 @@ bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACI rules[ruleCount].v.tcpseq[0] = tmp.at<uint32_t>(p); rules[ruleCount].v.tcpseq[1] = tmp.at<uint32_t>(p + 4); break; + case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE: + case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE: + rules[ruleCount].v.comIV[0] = tmp.at<uint64_t>(p); + rules[ruleCount].v.comIV[1] = tmp.at<uint64_t>(p + 8); + break; } p += fieldLen; ++ruleCount; |