Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.

This commit is contained in:
Adam Ierymenko 2016-08-31 16:50:22 -07:00
parent 54489a7f61
commit 74afef8eb1
8 changed files with 231 additions and 99 deletions

View file

@ -82,11 +82,10 @@ public:
* Apply filters to an outgoing packet
*
* This applies filters from our network config and, if that doesn't match,
* our capabilities in ascending order of capability ID. If there is a match
* certain actions may be taken such as pushing credentials to ztDest and
* sending a copy of the packet to a TEE or REDIRECT target.
* our capabilities in ascending order of capability ID. Additional actions
* such as TEE may be taken, and credentials may be pushed.
*
* @param noRedirect If true, do not TEE or REDIRECT -- this is set for secondary filtrations done in multicast and bridge send paths
* @param noTee If true, do not TEE anything anywhere
* @param ztSource Source ZeroTier address
* @param ztDest Destination ZeroTier address
* @param macSource Ethernet layer source address
@ -95,10 +94,10 @@ public:
* @param frameLen Ethernet frame payload length
* @param etherType 16-bit ethernet type ID
* @param vlanId 16-bit VLAN ID
* @return True if packet should be sent to destination peer
* @return True if packet should be sent, false if dropped or redirected
*/
bool filterOutgoingPacket(
const bool noRedirect,
const bool noTee,
const Address &ztSource,
const Address &ztDest,
const MAC &macSource,