From 8e3463d47a8e7565784f349f359ebe7f4a4d0e57 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Wed, 24 Aug 2016 13:37:57 -0700
Subject: Add length limit to TEE and REDIRECT, and completely factor out old C
 json-parser to eliminate a dependency.

---
 node/Capability.hpp | 9 +++++++++
 node/Network.cpp    | 6 +++---
 node/Packet.hpp     | 1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

(limited to 'node')

diff --git a/node/Capability.hpp b/node/Capability.hpp
index b0620891..0b352725 100644
--- a/node/Capability.hpp
+++ b/node/Capability.hpp
@@ -181,6 +181,11 @@ public:
 					break;
 				case ZT_NETWORK_RULE_ACTION_TEE:
 				case ZT_NETWORK_RULE_ACTION_REDIRECT:
+					b.append((uint8_t)14);
+					b.append((uint64_t)rules[i].v.fwd.address);
+					b.append((uint32_t)rules[i].v.fwd.flags);
+					b.append((uint16_t)rules[i].v.fwd.length);
+					break;
 				case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
 				case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
 					b.append((uint8_t)5);
@@ -266,6 +271,10 @@ public:
 					break;
 				case ZT_NETWORK_RULE_ACTION_TEE:
 				case ZT_NETWORK_RULE_ACTION_REDIRECT:
+					rules[ruleCount].v.fwd.address = b.template at<uint64_t>(p);
+					rules[ruleCount].v.fwd.flags = b.template at<uint32_t>(p + 8);
+					rules[ruleCount].v.fwd.length = b.template at<uint16_t>(p + 12);
+					break;
 				case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
 				case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
 					rules[ruleCount].v.zt = Address(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt();
diff --git a/node/Network.cpp b/node/Network.cpp
index 1319df4e..e12dd027 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -154,13 +154,13 @@ static int _doZtFilter(
 				break;
 			case ZT_NETWORK_RULE_ACTION_TEE:
 			case ZT_NETWORK_RULE_ACTION_REDIRECT: {
-				Packet outp(Address(rules[rn].v.zt),RR->identity.address(),Packet::VERB_EXT_FRAME);
+				Packet outp(Address(rules[rn].v.fwd.address),RR->identity.address(),Packet::VERB_EXT_FRAME);
 				outp.append(nconf.networkId);
-				outp.append((uint8_t)((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02));
+				outp.append((uint8_t)( ((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02) | (inbound ? 0x08 : 0x00) ));
 				macDest.appendTo(outp);
 				macSource.appendTo(outp);
 				outp.append((uint16_t)etherType);
-				outp.append(frameData,frameLen);
+				outp.append(frameData,(rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen);
 				outp.compress();
 				RR->sw->send(outp,true);
 
diff --git a/node/Packet.hpp b/node/Packet.hpp
index 0a5d3fec..570bace9 100644
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@@ -657,6 +657,7 @@ public:
 		 *   0x01 - Certificate of network membership attached (DEPRECATED)
 		 *   0x02 - Packet is a TEE'd packet
 		 *   0x04 - Packet is a REDIRECT'ed packet
+		 *   0x08 - TEE/REDIRECT'ed packet is on inbound side of connection
 		 *
 		 * An extended frame carries full MAC addressing, making them a
 		 * superset of VERB_FRAME. They're used for bridging or when we
-- 
cgit v1.2.3