diff options
Diffstat (limited to 'node')
| -rw-r--r-- | node/Capability.hpp | 9 | ||||
| -rw-r--r-- | node/Network.cpp | 6 | ||||
| -rw-r--r-- | node/Packet.hpp | 1 |
3 files changed, 13 insertions, 3 deletions
diff --git a/node/Capability.hpp b/node/Capability.hpp index b0620891..0b352725 100644 --- a/node/Capability.hpp +++ b/node/Capability.hpp @@ -181,6 +181,11 @@ public: break; case ZT_NETWORK_RULE_ACTION_TEE: case ZT_NETWORK_RULE_ACTION_REDIRECT: + b.append((uint8_t)14); + b.append((uint64_t)rules[i].v.fwd.address); + b.append((uint32_t)rules[i].v.fwd.flags); + b.append((uint16_t)rules[i].v.fwd.length); + break; case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS: case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS: b.append((uint8_t)5); @@ -266,6 +271,10 @@ public: break; case ZT_NETWORK_RULE_ACTION_TEE: case ZT_NETWORK_RULE_ACTION_REDIRECT: + rules[ruleCount].v.fwd.address = b.template at<uint64_t>(p); + rules[ruleCount].v.fwd.flags = b.template at<uint32_t>(p + 8); + rules[ruleCount].v.fwd.length = b.template at<uint16_t>(p + 12); + break; case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS: case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS: rules[ruleCount].v.zt = Address(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt(); diff --git a/node/Network.cpp b/node/Network.cpp index 1319df4e..e12dd027 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -154,13 +154,13 @@ static int _doZtFilter( break; case ZT_NETWORK_RULE_ACTION_TEE: case ZT_NETWORK_RULE_ACTION_REDIRECT: { - Packet outp(Address(rules[rn].v.zt),RR->identity.address(),Packet::VERB_EXT_FRAME); + Packet outp(Address(rules[rn].v.fwd.address),RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(nconf.networkId); - outp.append((uint8_t)((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02)); + outp.append((uint8_t)( ((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02) | (inbound ? 0x08 : 0x00) )); macDest.appendTo(outp); macSource.appendTo(outp); outp.append((uint16_t)etherType); - outp.append(frameData,frameLen); + outp.append(frameData,(rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen); outp.compress(); RR->sw->send(outp,true); diff --git a/node/Packet.hpp b/node/Packet.hpp index 0a5d3fec..570bace9 100644 --- a/node/Packet.hpp +++ b/node/Packet.hpp @@ -657,6 +657,7 @@ public: * 0x01 - Certificate of network membership attached (DEPRECATED) * 0x02 - Packet is a TEE'd packet * 0x04 - Packet is a REDIRECT'ed packet + * 0x08 - TEE/REDIRECT'ed packet is on inbound side of connection * * An extended frame carries full MAC addressing, making them a * superset of VERB_FRAME. They're used for bridging or when we |