From 22e44c762bf77aefe988ed7b6874054f84f95b75 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 28 Jul 2016 10:58:10 -0700 Subject: More rules engine work: key/value pair matching for microsegmentation. --- include/ZeroTierOne.h | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h index 0d1ddd4b..6abc04f2 100644 --- a/include/ZeroTierOne.h +++ b/include/ZeroTierOne.h @@ -391,12 +391,15 @@ enum ZT_VirtualNetworkType /** * The type of a virtual network rules table entry * - * These must range from 0 to 127 (0x7f). + * These must range from 0 to 127 (0x7f) because the most significant bit + * is reserved as a NOT flag. * * Each rule is composed of one or more MATCHes followed by an ACTION. */ enum ZT_VirtualNetworkRuleType { + // 0 to 31 reserved for actions + /** * Drop frame */ @@ -408,16 +411,16 @@ enum ZT_VirtualNetworkRuleType ZT_NETWORK_RULE_ACTION_ACCEPT = 1, /** - * Forward a copy of this frame to an observer + * Forward a copy of this frame to an observer (by ZT address) */ ZT_NETWORK_RULE_ACTION_TEE = 2, /** - * Explicitly redirect this frame to another device (ignored if this is the target device) + * Drop and redirect this frame to another node (by ZT address) */ ZT_NETWORK_RULE_ACTION_REDIRECT = 3, - // <32 == actions + // 32 to 127 reserved for match criteria /** * Source ZeroTier address -- analogous to an Ethernet port ID on a switch -- cgit v1.2.3