projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' into 1.1
[tinc]
/
src
/
route.c
diff --git
a/src/route.c
b/src/route.c
index
dbe38df
..
8acabb1
100644
(file)
--- a/
src/route.c
+++ b/
src/route.c
@@
-1,7
+1,7
@@
/*
route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans,
/*
route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans,
- 2000-200
6
Guus Sliepen <guus@tinc-vpn.org>
+ 2000-200
9
Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-391,7
+391,14
@@
static void route_ipv4(node_t *source, vpn_packet_t *packet)
if(!checklength(source, packet, ether_size + ip_size))
return;
if(!checklength(source, packet, ether_size + ip_size))
return;
- route_ipv4_unicast(source, packet);
+ if(((packet->data[30] & 0xf0) == 0xe0) || (
+ packet->data[30] == 255 &&
+ packet->data[31] == 255 &&
+ packet->data[32] == 255 &&
+ packet->data[33] == 255))
+ broadcast_packet(source, packet);
+ else
+ route_ipv4_unicast(source, packet);
}
/* RFC 2463 */
}
/* RFC 2463 */
@@
-457,7
+464,7
@@
static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t
/* Generate checksum */
/* Generate checksum */
- checksum = inet_checksum(&pseudo, sizeof
(pseudo)
, ~0);
+ checksum = inet_checksum(&pseudo, sizeof
pseudo
, ~0);
checksum = inet_checksum(&icmp6, icmp6_size, checksum);
checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum);
checksum = inet_checksum(&icmp6, icmp6_size, checksum);
checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum);
@@
-529,6
+536,7
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
struct nd_opt_hdr opt;
subnet_t *subnet;
uint16_t checksum;
struct nd_opt_hdr opt;
subnet_t *subnet;
uint16_t checksum;
+ bool has_opt;
struct {
struct in6_addr ip6_src; /* source address */
struct {
struct in6_addr ip6_src; /* source address */
@@
-539,9
+547,11
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
cp();
cp();
- if(!checklength(source, packet, ether_size + ip6_size + ns_size
+ opt_size + ETH_ALEN
))
+ if(!checklength(source, packet, ether_size + ip6_size + ns_size))
return;
return;
+ has_opt = packet->len >= ether_size + ip6_size + ns_size + opt_size + ETH_ALEN;
+
if(source != myself) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got neighbor solicitation request from %s (%s) while in router mode!"), source->name, source->hostname);
return;
if(source != myself) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got neighbor solicitation request from %s (%s) while in router mode!"), source->name, source->hostname);
return;
@@
-551,7
+561,8
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
memcpy(&ip6, packet->data + ether_size, ip6_size);
memcpy(&ns, packet->data + ether_size + ip6_size, ns_size);
memcpy(&ip6, packet->data + ether_size, ip6_size);
memcpy(&ns, packet->data + ether_size + ip6_size, ns_size);
- memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size);
+ if(has_opt)
+ memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size);
/* First, snatch the source address from the neighbor solicitation packet */
/* First, snatch the source address from the neighbor solicitation packet */
@@
-561,7
+572,7
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
/* Check if this is a valid neighbor solicitation request */
if(ns.nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT ||
/* Check if this is a valid neighbor solicitation request */
if(ns.nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT ||
-
opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR
) {
+
(has_opt && opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR)
) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request"));
return;
}
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request"));
return;
}
@@
-570,15
+581,20
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
- pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ if(has_opt)
+ pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ else
+ pseudo.length = htonl(ns_size);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
- checksum = inet_checksum(&pseudo, sizeof
(pseudo)
, ~0);
+ checksum = inet_checksum(&pseudo, sizeof
pseudo
, ~0);
checksum = inet_checksum(&ns, ns_size, checksum);
checksum = inet_checksum(&ns, ns_size, checksum);
- checksum = inet_checksum(&opt, opt_size, checksum);
- checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ if(has_opt) {
+ checksum = inet_checksum(&opt, opt_size, checksum);
+ checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ }
if(checksum) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request"));
if(checksum) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request"));
@@
-616,7
+632,8
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
ip6.ip6_dst = ip6.ip6_src; /* swap destination and source protocoll address */
ip6.ip6_src = ns.nd_ns_target;
ip6.ip6_dst = ip6.ip6_src; /* swap destination and source protocoll address */
ip6.ip6_src = ns.nd_ns_target;
- memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */
+ if(has_opt)
+ memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */
ns.nd_ns_cksum = 0;
ns.nd_ns_type = ND_NEIGHBOR_ADVERT;
ns.nd_ns_cksum = 0;
ns.nd_ns_type = ND_NEIGHBOR_ADVERT;
@@
-627,15
+644,20
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
- pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ if(has_opt)
+ pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ else
+ pseudo.length = htonl(ns_size);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
- checksum = inet_checksum(&pseudo, sizeof
(pseudo)
, ~0);
+ checksum = inet_checksum(&pseudo, sizeof
pseudo
, ~0);
checksum = inet_checksum(&ns, ns_size, checksum);
checksum = inet_checksum(&ns, ns_size, checksum);
- checksum = inet_checksum(&opt, opt_size, checksum);
- checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ if(has_opt) {
+ checksum = inet_checksum(&opt, opt_size, checksum);
+ checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ }
ns.nd_ns_hdr.icmp6_cksum = checksum;
ns.nd_ns_hdr.icmp6_cksum = checksum;
@@
-643,7
+665,8
@@
static void route_neighborsol(node_t *source, vpn_packet_t *packet)
memcpy(packet->data + ether_size, &ip6, ip6_size);
memcpy(packet->data + ether_size + ip6_size, &ns, ns_size);
memcpy(packet->data + ether_size, &ip6, ip6_size);
memcpy(packet->data + ether_size + ip6_size, &ns, ns_size);
- memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size);
+ if(has_opt)
+ memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size);
send_packet(source, packet);
}
send_packet(source, packet);
}
@@
-660,7
+683,10
@@
static void route_ipv6(node_t *source, vpn_packet_t *packet)
return;
}
return;
}
- route_ipv6_unicast(source, packet);
+ if(packet->data[38] == 255)
+ broadcast_packet(source, packet);
+ else
+ route_ipv6_unicast(source, packet);
}
/* RFC 826 */
}
/* RFC 826 */
@@
-693,7
+719,7
@@
static void route_arp(node_t *source, vpn_packet_t *packet)
/* Check if this is a valid ARP request */
if(ntohs(arp.arp_hrd) != ARPHRD_ETHER || ntohs(arp.arp_pro) != ETH_P_IP ||
/* Check if this is a valid ARP request */
if(ntohs(arp.arp_hrd) != ARPHRD_ETHER || ntohs(arp.arp_pro) != ETH_P_IP ||
- arp.arp_hln != ETH_ALEN || arp.arp_pln != sizeof
(addr)
|| ntohs(arp.arp_op) != ARPOP_REQUEST) {
+ arp.arp_hln != ETH_ALEN || arp.arp_pln != sizeof
addr
|| ntohs(arp.arp_op) != ARPOP_REQUEST) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type ARP request"));
return;
}
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type ARP request"));
return;
}
@@
-717,9
+743,9
@@
static void route_arp(node_t *source, vpn_packet_t *packet)
memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */
memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */
- memcpy(&addr, arp.arp_tpa, sizeof
(addr));
/* save protocol addr */
- memcpy(arp.arp_tpa, arp.arp_spa, sizeof
(addr));
/* swap destination and source protocol address */
- memcpy(arp.arp_spa, &addr, sizeof
(addr));
/* ... */
+ memcpy(&addr, arp.arp_tpa, sizeof
addr);
/* save protocol addr */
+ memcpy(arp.arp_tpa, arp.arp_spa, sizeof
addr);
/* swap destination and source protocol address */
+ memcpy(arp.arp_spa, &addr, sizeof
addr);
/* ... */
memcpy(arp.arp_tha, arp.arp_sha, ETH_ALEN); /* set target hard/proto addr */
memcpy(arp.arp_sha, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */
memcpy(arp.arp_tha, arp.arp_sha, ETH_ALEN); /* set target hard/proto addr */
memcpy(arp.arp_sha, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */