Optimize filter code a bit, and add a network-level setting for what should happen if an unsupported or unknown MATCH is encountered in a rules table.
This commit is contained in:
Adam Ierymenko
parent
25056de5d3
commit
8b6d23b9f6
3 changed files with 92 additions and 79 deletions
|
|
@ -483,18 +483,14 @@ enum ZT_VirtualNetworkType
|
|||
ZT_NETWORK_TYPE_PUBLIC = 1
|
||||
};
|
||||
|
||||
/*
|
||||
- TEE : should use a field to indicate how many bytes of each packet max are TEE'd
|
||||
- Controller : web hooks for auth, optional required re-auth? or auth for a period of time? auto-expiring auth?
|
||||
*/
|
||||
|
||||
/**
|
||||
* The type of a virtual network rules table entry
|
||||
*
|
||||
* These must range from 0 to 127 (0x7f) because the most significant bit
|
||||
* is reserved as a NOT flag.
|
||||
*
|
||||
* Each rule is composed of one or more MATCHes followed by an ACTION.
|
||||
* Each rule is composed of zero or more MATCHes followed by an ACTION.
|
||||
* An ACTION with no MATCHes is always taken.
|
||||
*/
|
||||
enum ZT_VirtualNetworkRuleType
|
||||
{
|
||||
|
|
@ -525,6 +521,11 @@ enum ZT_VirtualNetworkRuleType
|
|||
*/
|
||||
ZT_NETWORK_RULE_ACTION_DEBUG_LOG = 4,
|
||||
|
||||
/**
|
||||
* Maximum ID for an ACTION, anything higher is a MATCH
|
||||
*/
|
||||
ZT_NETWORK_RULE_ACTION__MAX_ID = 31,
|
||||
|
||||
// 32 to 127 reserved for match criteria
|
||||
|
||||
/**
|
||||
|
|
@ -640,7 +641,12 @@ enum ZT_VirtualNetworkRuleType
|
|||
/**
|
||||
* Match if local and remote tags XORed together equal value.
|
||||
*/
|
||||
ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR = 54
|
||||
ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR = 54,
|
||||
|
||||
/**
|
||||
* Maximum ID allowed for a MATCH entry in the rules table
|
||||
*/
|
||||
ZT_NETWORK_RULE_MATCH__MAX_ID = 127
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue