Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.

2016-08-31 16:50:22 -07:00 · 2016-08-31 16:50:22 -07:00 · 74afef8eb1
commit 74afef8eb1
parent 54489a7f61
8 changed files with 231 additions and 99 deletions
--- a/node/Network.hpp
+++ b/node/Network.hpp
@ -82,11 +82,10 @@ public:
 	 * Apply filters to an outgoing packet
 	 *
 	 * This applies filters from our network config and, if that doesn't match,
-	 * our capabilities in ascending order of capability ID. If there is a match
-	 * certain actions may be taken such as pushing credentials to ztDest and
-	 * sending a copy of the packet to a TEE or REDIRECT target.
+	 * our capabilities in ascending order of capability ID. Additional actions
+	 * such as TEE may be taken, and credentials may be pushed.
 	 *
-	 * @param noRedirect If true, do not TEE or REDIRECT -- this is set for secondary filtrations done in multicast and bridge send paths
+	 * @param noTee If true, do not TEE anything anywhere
 	 * @param ztSource Source ZeroTier address
 	 * @param ztDest Destination ZeroTier address
 	 * @param macSource Ethernet layer source address
@ -95,10 +94,10 @@ public:
 	 * @param frameLen Ethernet frame payload length
 	 * @param etherType 16-bit ethernet type ID
 	 * @param vlanId 16-bit VLAN ID
-	 * @return True if packet should be sent to destination peer
+	 * @return True if packet should be sent, false if dropped or redirected
 	 */
 	bool filterOutgoingPacket(
-		const bool noRedirect,
+		const bool noTee,
 		const Address &ztSource,
 		const Address &ztDest,
 		const MAC &macSource,