From d73607430131dd352cf9248f37e76c2618dd39e5 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 22 Apr 2016 15:40:53 -0700 Subject: Refactor rules table in-memory structure in new NetworkConfig to permit far more rules with better space efficiency. --- node/Constants.hpp | 3 +++ node/NetworkConfig.cpp | 25 +++++++------------------ node/NetworkConfig.hpp | 8 ++++++-- 3 files changed, 16 insertions(+), 20 deletions(-) (limited to 'node') diff --git a/node/Constants.hpp b/node/Constants.hpp index 4bca7d29..dc36b3a1 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -286,6 +286,9 @@ /** * Delay between requests for updated network autoconf information + * + * Don't lengthen this as it affects things like QoS / uptime monitoring + * via ZeroTier Central. This is the heartbeat, basically. */ #define ZT_NETWORK_AUTOCONF_DELAY 60000 diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp index aab9a650..090648f8 100644 --- a/node/NetworkConfig.cpp +++ b/node/NetworkConfig.cpp @@ -56,16 +56,10 @@ NetworkConfig NetworkConfig::createTestNetworkConfig(const Address &self) nc._type = ZT_NETWORK_TYPE_PUBLIC; nc._enableBroadcast = true; - nc._rules[nc._ruleCount].ruleNo = 0; - nc._rules[nc._ruleCount].vlanId = -1; - nc._rules[nc._ruleCount].vlanPcp = -1; - nc._rules[nc._ruleCount].etherType = -1; - nc._rules[nc._ruleCount].ipTos = -1; - nc._rules[nc._ruleCount].ipProtocol = -1; - nc._rules[nc._ruleCount].ipSourcePort = -1; - nc._rules[nc._ruleCount].ipDestPort = -1; - nc._rules[nc._ruleCount].action = ZT_NETWORK_RULE_ACTION_ACCEPT; - ++nc._ruleCount; + nc._rules[nc._ruleCount].ruleNo = 1; + nc._rules[nc._ruleCount].matches = (uint8_t)ZT_NETWORK_RULE_MATCHES_ALL; + nc._rules[nc._ruleCount].action = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + nc._ruleCount = 1; Utils::snprintf(nc._name,sizeof(nc._name),"ZT_TEST_NETWORK"); @@ -213,14 +207,9 @@ void NetworkConfig::fromDictionary(const Dictionary &d) if (_ruleCount < ZT_MAX_NETWORK_RULES) { memset(&(_rules[_ruleCount]),0,sizeof(ZT_VirtualNetworkRule)); _rules[_ruleCount].ruleNo = rno; rno += 10; - _rules[_ruleCount].vlanId = -1; - _rules[_ruleCount].vlanPcp = -1; - _rules[_ruleCount].etherType = (et2 == 0) ? -1 : (int)et2; - _rules[_ruleCount].ipTos = -1; - _rules[_ruleCount].ipProtocol = -1; - _rules[_ruleCount].ipSourcePort = -1; - _rules[_ruleCount].ipDestPort = -1; - _rules[_ruleCount].action = ZT_NETWORK_RULE_ACTION_ACCEPT; + _rules[_ruleCount].matches = (uint8_t)((et2 == 0) ? ZT_NETWORK_RULE_MATCHES_ALL : ZT_NETWORK_RULE_MATCHES_ETHERTYPE); + _rules[_ruleCount].action = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + _rules[_ruleCount].datum.etherType = (uint16_t)et2; ++_ruleCount; } } diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp index c3cc9cd4..0ed7b6a2 100644 --- a/node/NetworkConfig.hpp +++ b/node/NetworkConfig.hpp @@ -133,8 +133,12 @@ public: inline bool permitsEtherType(unsigned int etherType) const { for(unsigned int i=0;i<_ruleCount;++i) { - if ((_rules[i].etherType < 0)||((unsigned int)_rules[i].etherType == etherType)) - return (_rules[i].action == ZT_NETWORK_RULE_ACTION_ACCEPT); + if ((ZT_VirtualNetworkRuleMatches)_rules[i].matches == ZT_NETWORK_RULE_MATCHES_ETHERTYPE) { + if (_rules[i].datum.etherType == etherType) + return ((ZT_VirtualNetworkRuleAction)_rules[i].action == ZT_NETWORK_RULE_ACTION_ACCEPT); + } else if ((ZT_VirtualNetworkRuleMatches)_rules[i].matches == ZT_NETWORK_RULE_MATCHES_ALL) { + return ((ZT_VirtualNetworkRuleAction)_rules[i].action == ZT_NETWORK_RULE_ACTION_ACCEPT); + } } return false; } -- cgit v1.2.3