Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics.
This commit is contained in:
parent
54489a7f61
commit
74afef8eb1
8 changed files with 231 additions and 99 deletions
|
@ -82,11 +82,10 @@ public:
|
|||
* Apply filters to an outgoing packet
|
||||
*
|
||||
* This applies filters from our network config and, if that doesn't match,
|
||||
* our capabilities in ascending order of capability ID. If there is a match
|
||||
* certain actions may be taken such as pushing credentials to ztDest and
|
||||
* sending a copy of the packet to a TEE or REDIRECT target.
|
||||
* our capabilities in ascending order of capability ID. Additional actions
|
||||
* such as TEE may be taken, and credentials may be pushed.
|
||||
*
|
||||
* @param noRedirect If true, do not TEE or REDIRECT -- this is set for secondary filtrations done in multicast and bridge send paths
|
||||
* @param noTee If true, do not TEE anything anywhere
|
||||
* @param ztSource Source ZeroTier address
|
||||
* @param ztDest Destination ZeroTier address
|
||||
* @param macSource Ethernet layer source address
|
||||
|
@ -95,10 +94,10 @@ public:
|
|||
* @param frameLen Ethernet frame payload length
|
||||
* @param etherType 16-bit ethernet type ID
|
||||
* @param vlanId 16-bit VLAN ID
|
||||
* @return True if packet should be sent to destination peer
|
||||
* @return True if packet should be sent, false if dropped or redirected
|
||||
*/
|
||||
bool filterOutgoingPacket(
|
||||
const bool noRedirect,
|
||||
const bool noTee,
|
||||
const Address &ztSource,
|
||||
const Address &ztDest,
|
||||
const MAC &macSource,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue