Check network ethernet type whitelist instead of hard-coded ethernet types.
This commit is contained in:
Adam Ierymenko
parent
8e1b897f0a
commit
55616388ea
5 changed files with 83 additions and 28 deletions
|
|
@ -267,6 +267,24 @@ public:
|
|||
return (get("isOpen","0") == "1");
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Network ethertype whitelist
|
||||
*/
|
||||
inline std::set<unsigned int> etherTypes() const
|
||||
{
|
||||
char tmp[16384];
|
||||
char *saveptr = (char *)0;
|
||||
std::set<unsigned int> et;
|
||||
if (!Utils::scopy(tmp,sizeof(tmp),get("etherTypes","").c_str()))
|
||||
return et; // sanity check
|
||||
for(char *f=Utils::stok(tmp,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
|
||||
unsigned int t = Utils::stoui(f);
|
||||
if (t)
|
||||
et.insert(t);
|
||||
}
|
||||
return et;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return All static addresses / netmasks, IPv4 or IPv6
|
||||
*/
|
||||
|
|
@ -445,22 +463,17 @@ public:
|
|||
Status status() const;
|
||||
|
||||
/**
|
||||
* Invoke multicast rate limiter gate for a given address
|
||||
*
|
||||
* @param addr Address to check
|
||||
* @param bytes Bytes address wishes to send us / propagate
|
||||
* @return True if allowed, false if overshot rate limit
|
||||
* @param etherType Ethernet frame type
|
||||
* @return True if network permits this type
|
||||
*/
|
||||
inline bool multicastRateGate(const Address &addr,unsigned int bytes)
|
||||
inline bool permitsEtherType(unsigned int etherType) const
|
||||
throw()
|
||||
{
|
||||
Mutex::Lock _l(_lock);
|
||||
std::map<Address,RateLimiter>::iterator rl(_multicastRateLimiters.find(addr));
|
||||
if (rl == _multicastRateLimiters.end()) {
|
||||
RateLimiter &newrl = _multicastRateLimiters[addr];
|
||||
newrl.init(ZT_MULTICAST_DEFAULT_RATE_PRELOAD);
|
||||
return newrl.gate(_rlLimit,(double)bytes);
|
||||
}
|
||||
return rl->second.gate(_rlLimit,(double)bytes);
|
||||
if (!etherType)
|
||||
return false;
|
||||
else if (etherType > 65535)
|
||||
return false;
|
||||
else return ((_etWhitelist[etherType / 8] & (unsigned char)(1 << (etherType % 8))) != 0);
|
||||
}
|
||||
|
||||
private:
|
||||
|
|
@ -469,9 +482,6 @@ private:
|
|||
|
||||
const RuntimeEnvironment *_r;
|
||||
|
||||
// Rate limits for this network
|
||||
RateLimiter::Limit _rlLimit;
|
||||
|
||||
// Tap and tap multicast memberships
|
||||
EthernetTap *_tap;
|
||||
std::set<MulticastGroup> _multicastGroups;
|
||||
|
|
@ -486,6 +496,9 @@ private:
|
|||
Config _configuration;
|
||||
Certificate _myCertificate;
|
||||
|
||||
// Ethertype whitelist bit field, set from config, for really fast lookup
|
||||
unsigned char _etWhitelist[65536 / 8];
|
||||
|
||||
uint64_t _id;
|
||||
volatile uint64_t _lastConfigUpdate;
|
||||
volatile bool _destroyOnDelete;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue