3 files changed, 41 insertions, 5 deletions

diff --git a/node/Constants.hpp b/node/Constants.hpp
index 6d1ade22..37a3b3a9 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -109,6 +109,11 @@ error_no_byte_order_defined;
 #define ZT_ADDRESS_LENGTH 5
 
 /**
+ * Length of a hexadecimal ZeroTier address
+ */
+#define ZT_ADDRESS_LENGTH_HEX 10
+
+/**
  * Addresses beginning with this byte are reserved for the joy of in-band signaling
  */
 #define ZT_ADDRESS_RESERVED_PREFIX 0xff
diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp
index d4721a32..98a44557 100644
--- a/node/NetworkConfig.cpp
+++ b/node/NetworkConfig.cpp
@@ -86,6 +86,7 @@ void NetworkConfig::_fromDictionary(const Dictionary &d)
 	_issuedTo = Address(d.get(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO));
 	_multicastPrefixBits = Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_PREFIX_BITS,zero).c_str());
 	_multicastDepth = Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_DEPTH,zero).c_str());
+	_bridgingMode = (BridgingMode)Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_BRIDGING_MODE,zero).c_str());
 	_private = (Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_PRIVATE,one).c_str()) != 0);
 	_enableBroadcast = (Utils::hexStrToUInt(d.get(ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST,one).c_str()) != 0);
 	_name = d.get(ZT_NETWORKCONFIG_DICT_KEY_NAME);
@@ -121,6 +122,15 @@ void NetworkConfig::_fromDictionary(const Dictionary &d)
 		_staticIps.insert(addr);
 	}
 
+	std::vector<std::string> ab(Utils::split(d.get(ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES,"").c_str(),",","",""));
+	for(std::vector<std::string>::const_iterator a(ab.begin());a!=ab.end();++a) {
+		if (a->length() == ZT_ADDRESS_LENGTH_HEX) {
+			Address tmp(*a);
+			if (!tmp.isReserved())
+				_activeBridges.insert(tmp);
+		}
+	}
+
 	Dictionary mr(d.get(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_RATES,std::string()));
 	for(Dictionary::const_iterator i(mr.begin());i!=mr.end();++i) {
 		std::vector<std::string> params(Utils::split(i->second.c_str(),",","",""));
diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp
index a53841de..05c395c0 100644
--- a/node/NetworkConfig.hpp
+++ b/node/NetworkConfig.hpp
@@ -62,13 +62,13 @@ namespace ZeroTier {
 #define ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC "v6s"
 #define ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP "com"
 #define ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST "eb"
+#define ZT_NETWORKCONFIG_DICT_KEY_BRIDGING_MODE "br"
+#define ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES "ab"
 
 /**
  * Network configuration received from netconf master nodes
  *
- * This is designed to work as an immutable value object held in a shared
- * pointer so that it can be both updated and used without too much mutex
- * boogie.
+ * This is an immutable value object created from a dictionary received from netconf master.
  */
 class NetworkConfig
 {
@@ -76,6 +76,16 @@ public:
 	friend class SharedPtr<NetworkConfig>;
 
 	/**
+	 * Network bridging mode
+	 */
+	enum BridgingMode
+	{
+		BRIDGING_DISABLED = 0,    // no bridging
+		BRIDGING_ACTIVE_ONLY = 1, // only active bridges may bridge
+		BRIDGING_PERMISSIVE = 2   // allow passive bridging by any peer
+	};
+
+	/**
 	 * Tuple of multicast rate parameters
 	 */
 	struct MulticastRate
@@ -102,7 +112,7 @@ public:
 	 * @param etherType Ethernet frame type to check
 	 * @return True if allowed on this network
 	 */
-	inline bool permitsEtherType(unsigned int etherType)
+	inline bool permitsEtherType(unsigned int etherType) const
 		throw()
 	{
 		if ((!etherType)||(etherType > 0xffff)) // sanity checks
@@ -124,6 +134,7 @@ public:
 	inline const std::string &name() const throw() { return _name; }
 	inline const std::string &description() const throw() { return _description; }
 	inline const std::set<InetAddress> &staticIps() const throw() { return _staticIps; }
+	inline const std::set<Address> &activeBridges() const throw() { return _activeBridges; }
 	inline const CertificateOfMembership &com() const throw() { return _com; }
 	inline bool enableBroadcast() const throw() { return _enableBroadcast; }
 
@@ -134,7 +145,15 @@ public:
 	inline bool permitsBridging(const Address &fromPeer) const
 		throw()
 	{
-		return false; // TODO: bridging not implemented yet
+		switch(_bridgingMode) {
+			case BRIDGING_ACTIVE_ONLY:
+				return (_activeBridges.count(fromPeer) > 0);
+			case BRIDGING_PERMISSIVE:
+				return true;
+			//case BRIDGING_DISABLED:
+			default:
+				return false;
+		}
 	}
 
 	/**
@@ -156,11 +175,13 @@ private:
 	Address _issuedTo;
 	unsigned int _multicastPrefixBits;
 	unsigned int _multicastDepth;
+	BridgingMode _bridgingMode;
 	bool _private;
 	bool _enableBroadcast;
 	std::string _name;
 	std::string _description;
 	std::set<InetAddress> _staticIps;
+	std::set<Address> _activeBridges;
 	std::map<MulticastGroup,MulticastRate> _multicastRates;
 	CertificateOfMembership _com;