diff options
Diffstat (limited to 'node')
| -rw-r--r-- | node/Filter.hpp | 2 | ||||
| -rw-r--r-- | node/Network.hpp | 56 | ||||
| -rw-r--r-- | node/OutboundMulticast.cpp | 26 | ||||
| -rw-r--r-- | node/OutboundMulticast.hpp | 5 |
4 files changed, 76 insertions, 13 deletions
diff --git a/node/Filter.hpp b/node/Filter.hpp index 0f02bf60..a4643352 100644 --- a/node/Filter.hpp +++ b/node/Filter.hpp @@ -21,8 +21,6 @@ #include <stdint.h> -#include <vector> - #include "Constants.hpp" #include "../include/ZeroTierOne.h" #include "Address.hpp" diff --git a/node/Network.hpp b/node/Network.hpp index 17eed4bd..10714a7a 100644 --- a/node/Network.hpp +++ b/node/Network.hpp @@ -78,6 +78,62 @@ public: ~Network(); /** + * Apply filters to an outgoing packet + * + * This applies filters from our network config and, if that doesn't match, + * our capabilities in ascending order of capability ID. If there is a match + * certain actions may be taken such as pushing credentials to ztDest and + * sending a copy of the packet to a TEE or REDIRECT target. + * + * @param ztSource Source ZeroTier address + * @param ztDest Destination ZeroTier address + * @param macSource Ethernet layer source address + * @param macDest Ethernet layer destination address + * @param frameData Ethernet frame data + * @param frameLen Ethernet frame payload length + * @param etherType 16-bit ethernet type ID + * @param vlanId 16-bit VLAN ID + * @return True if packet should be sent to destination peer + */ + bool filterOutgoingPacket( + const Address &ztSource, + const Address &ztDest, + const MAC &macSource, + const MAC &macDest, + const uint8_t *frameData, + const unsigned int frameLen, + const unsigned int etherType, + const unsigned int vlanId); + + /** + * Apply filters to an incoming packet + * + * This applies filters from our network config and, if that doesn't match, + * the peer's capabilities in ascending order of capability ID. If there is + * a match certain actions may be taken such as sending a copy of the packet + * to a TEE or REDIRECT target. + * + * @param ztSource Source Peer (to save an extra lookup) + * @param ztDest Destination ZeroTier address + * @param macSource Ethernet layer source address + * @param macDest Ethernet layer destination address + * @param frameData Ethernet frame data + * @param frameLen Ethernet frame payload length + * @param etherType 16-bit ethernet type ID + * @param vlanId 16-bit VLAN ID + * @return True if packet should be accepted locally + */ + bool filterIncomingPacket( + const SharedPtr<Peer> &ztSource, + const Address &ztDest, + const MAC &macSource, + const MAC &macDest, + const uint8_t *frameData, + const unsigned int frameLen, + const unsigned int etherType, + const unsigned int vlanId); + + /** * @return Network ID */ inline uint64_t id() const throw() { return _id; } diff --git a/node/OutboundMulticast.cpp b/node/OutboundMulticast.cpp index 344e0321..11268fe2 100644 --- a/node/OutboundMulticast.cpp +++ b/node/OutboundMulticast.cpp @@ -41,7 +41,13 @@ void OutboundMulticast::init( { _timestamp = timestamp; _nwid = nwid; + if (src) + _macSrc = src; + else _macSrc.fromAddress(RR->identity.address(),nwid); + _macDest = dest.mac(); _limit = limit; + _frameLen = (len < ZT_MAX_MTU) ? len : ZT_MAX_MTU; + _etherType = etherType; uint8_t flags = 0; if (gatherLimit) flags |= 0x02; @@ -68,23 +74,21 @@ void OutboundMulticast::init( dest.mac().appendTo(_packet); _packet.append((uint32_t)dest.adi()); _packet.append((uint16_t)etherType); - _packet.append(payload,len); + _packet.append(payload,_frameLen); _packet.compress(); + + memcpy(_frameData,payload,_frameLen); } void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr) { - // TODO: apply Filter - - SharedPtr<Peer> peer(RR->topology->getPeer(toAddr)); - if (peer) { - // TODO: push creds if needed + const SharedPtr<Network> nw(RR->node->network(_nwid)); + if ((nw)&&(nw->filterOutgoingPacket(RR->identity.address(),toAddr,_macSrc,_macDest,_frameData,_frameLen,_etherType,0))) { + //TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str()); + _packet.newInitializationVector(); + _packet.setDestination(toAddr); + RR->sw->send(_packet,true,_nwid); } - - //TRACE(">>MC %.16llx -> %s",(unsigned long long)this,toAddr.toString().c_str()); - _packet.newInitializationVector(); - _packet.setDestination(toAddr); - RR->sw->send(_packet,true,_nwid); } } // namespace ZeroTier diff --git a/node/OutboundMulticast.hpp b/node/OutboundMulticast.hpp index 7d1dff80..0ded8baf 100644 --- a/node/OutboundMulticast.hpp +++ b/node/OutboundMulticast.hpp @@ -133,9 +133,14 @@ public: private: uint64_t _timestamp; uint64_t _nwid; + MAC _macSrc; + MAC _macDest; unsigned int _limit; + unsigned int _frameLen; + unsigned int _etherType; Packet _packet; std::vector<Address> _alreadySentTo; + uint8_t _frameData[ZT_MAX_MTU]; }; } // namespace ZeroTier |