From 674b84d908dd74fc639fc9279fb5d5fc7981c4fc Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 21 Jun 2016 14:58:30 -0700
Subject: Plumbing for network setting control, and GitHub issue #330

---
 service/OneService.cpp | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

(limited to 'service/OneService.cpp')

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 8b27ba49..139b1e15 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -531,15 +531,20 @@ public:
 	// Configured networks
 	struct NetworkState
 	{
-		NetworkState() : tap((EthernetTap *)0),managedIps(),managedRoutes(),allowManaged(true),allowGlobal(true),allowDefault(true) {}
+		NetworkState() :
+			tap((EthernetTap *)0)
+		{
+			// Default network permission settings: allow management of IPs and routes but only for private and "pseudo-private" IP spaces
+			settings.allowManaged = true;
+			settings.allowGlobal = false;
+			settings.allowDefault = false;
+		}
 
 		EthernetTap *tap;
 		ZT_VirtualNetworkConfig config; // memcpy() of raw config from core
 		std::vector<InetAddress> managedIps;
 		std::list<ManagedRoute> managedRoutes;
-		bool allowManaged; // allow managed addresses and routes
-		bool allowGlobal; // allow global (non-private) IP routes?
-		bool allowDefault; // allow default route?
+		NetworkSettings settings;
 	};
 	std::map<uint64_t,NetworkState> _nets;
 	Mutex _nets_m;
@@ -998,15 +1003,25 @@ public:
 		_phy.whack();
 	}
 
+	virtual bool getNetworkSettings(const uint64_t nwid,NetworkSettings &settings) const
+	{
+		Mutex::Lock _l(_nets_m);
+		std::map<uint64_t,NetworkState>::const_iterator n(_nets.find(nwid));
+		if (n == _nets.end())
+			return false;
+		memcpy(&settings,&(n->second.settings),sizeof(NetworkSettings));
+		return true;
+	}
+
 	// Begin private implementation methods
 
 	// Checks if a managed IP or route target is allowed
 	bool checkIfManagedIsAllowed(const NetworkState &n,const InetAddress &addr)
 	{
-		if (!n.allowManaged)
+		if (!n.settings.allowManaged)
 			return false;
 		if (addr.isDefaultRoute())
-			return n.allowDefault;
+			return n.settings.allowDefault;
 		switch(addr.ipScope()) {
 			case InetAddress::IP_SCOPE_NONE:
 			case InetAddress::IP_SCOPE_MULTICAST:
@@ -1014,7 +1029,7 @@ public:
 			case InetAddress::IP_SCOPE_LINK_LOCAL:
 				return false;
 			case InetAddress::IP_SCOPE_GLOBAL:
-				return n.allowGlobal;
+				return n.settings.allowGlobal;
 			default:
 				return true;
 		}
-- 
cgit v1.2.3