github/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/ZeroTier/ZeroTierOne synced 2025-08-20 13:24:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency.

Browse source
This commit is contained in:
Adam Ierymenko 2016-08-24 13:37:57 -07:00
commit 8e3463d47a
16 changed files with 158 additions and 1667 deletions
Download patch file Download diff file Expand all files Collapse all files

9
node/Capability.hpp
View file

@ -181,6 +181,11 @@ public:
break;
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_REDIRECT:
b.append((uint8_t)14);
b.append((uint64_t)rules[i].v.fwd.address);
b.append((uint32_t)rules[i].v.fwd.flags);
b.append((uint16_t)rules[i].v.fwd.length);
break;
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
b.append((uint8_t)5);
@ -266,6 +271,10 @@ public:
break;
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_REDIRECT:
rules[ruleCount].v.fwd.address = b.template at<uint64_t>(p);
rules[ruleCount].v.fwd.flags = b.template at<uint32_t>(p + 8);
rules[ruleCount].v.fwd.length = b.template at<uint16_t>(p + 12);
break;
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
rules[ruleCount].v.zt = Address(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt();

6
node/Network.cpp
View file

@ -154,13 +154,13 @@ static int _doZtFilter(
break;
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_REDIRECT: {
Packet outp(Address(rules[rn].v.zt),RR->identity.address(),Packet::VERB_EXT_FRAME);
Packet outp(Address(rules[rn].v.fwd.address),RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(nconf.networkId);
outp.append((uint8_t)((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02));
outp.append((uint8_t)( ((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02) | (inbound ? 0x08 : 0x00) ));
macDest.appendTo(outp);
macSource.appendTo(outp);
outp.append((uint16_t)etherType);
outp.append(frameData,frameLen);
outp.append(frameData,(rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen);
outp.compress();
RR->sw->send(outp,true);

1
node/Packet.hpp
View file

@ -657,6 +657,7 @@ public:
* 0x01 - Certificate of network membership attached (DEPRECATED)
* 0x02 - Packet is a TEE'd packet
* 0x04 - Packet is a REDIRECT'ed packet
* 0x08 - TEE/REDIRECT'ed packet is on inbound side of connection
*
* An extended frame carries full MAC addressing, making them a
* superset of VERB_FRAME. They're used for bridging or when we