/*
route.c -- routing
- Copyright (C) 2000-2003 Ivo Timmermans <ivo@o2w.nl>,
- 2000-2003 Guus Sliepen <guus@sliepen.eu.org>
+ Copyright (C) 2000-2005 Ivo Timmermans,
+ 2000-2009 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: route.c,v 1.1.2.75 2003/12/24 10:48:15 guus Exp $
+ $Id$
*/
#include "system.h"
-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-#ifdef HAVE_NET_IF_ARP_H
-#include <net/if_arp.h>
-#endif
-#ifdef HAVE_NETINET_IP_ICMP_H
-#include <netinet/ip_icmp.h>
-#endif
-#ifdef HAVE_NETINET_ICMP6_H
-#include <netinet/icmp6.h>
-#endif
-#ifdef HAVE_NETINET_IF_ETHER_H
-#include <netinet/if_ether.h>
-#endif
-
#include "avl_tree.h"
#include "connection.h"
#include "ethernet.h"
/* RFC 1071 */
-static __inline__ uint16_t inet_checksum(void *data, int len, uint16_t prevsum)
+static uint16_t inet_checksum(void *data, int len, uint16_t prevsum)
{
uint16_t *p = data;
uint32_t checksum = prevsum ^ 0xFFFF;
return ~checksum;
}
-static __inline__ bool ratelimit(int frequency) {
+static bool ratelimit(int frequency) {
static time_t lasttime = 0;
static int count = 0;
return false;
}
-static __inline__ bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
+static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
if(packet->len < length) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), source->name, source->hostname);
return false;
return true;
}
-static __inline__ void learn_mac(mac_t *address)
+static void learn_mac(mac_t *address)
{
subnet_t *subnet;
avl_node_t *node;
}
}
-static __inline__ void route_mac(node_t *source, vpn_packet_t *packet)
+static void route_mac(node_t *source, vpn_packet_t *packet)
{
subnet_t *subnet;
+ mac_t dest;
cp();
+
/* Learn source address */
- if(source == myself)
- learn_mac((mac_t *)(&packet->data[6]));
+ if(source == myself) {
+ mac_t src;
+ memcpy(&src, &packet->data[6], sizeof src);
+ learn_mac(&src);
+ }
/* Lookup destination address */
- subnet = lookup_subnet_mac((mac_t *)(&packet->data[0]));
+ memcpy(&dest, &packet->data[0], sizeof dest);
+ subnet = lookup_subnet_mac(&dest);
if(!subnet) {
broadcast_packet(source, packet);
/* RFC 791 */
-static __inline__ void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) {
+static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) {
struct ip ip;
vpn_packet_t fragment;
int len, maxlen, todo;
todo = ntohs(ip.ip_len) - ip_size;
if(ether_size + ip_size + todo != packet->len) {
- ifdebug(TRAFFIC) logger(LOG_WARNING, _("Length of packet (%d) doesn't match length in IPv4 header (%d)"), packet->len, ether_size + ip_size + todo);
+ ifdebug(TRAFFIC) logger(LOG_WARNING, _("Length of packet (%d) doesn't match length in IPv4 header (%zd)"), packet->len, ether_size + ip_size + todo);
return;
}
}
}
-static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet)
+static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet)
{
subnet_t *subnet;
node_t *via;
+ ipv4_t dest;
cp();
- subnet = lookup_subnet_ipv4((ipv4_t *) &packet->data[30]);
+ memcpy(&dest, &packet->data[30], sizeof dest);
+ subnet = lookup_subnet_ipv4(&dest);
if(!subnet) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet from %s (%s): unknown IPv4 destination address %d.%d.%d.%d"),
source->name, source->hostname,
- packet->data[30],
- packet->data[31],
- packet->data[32],
- packet->data[33]);
+ dest.x[0],
+ dest.x[1],
+ dest.x[2],
+ dest.x[3]);
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNKNOWN);
return;
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
- if(packet->len > via->mtu && via != myself) {
+ if(via && packet->len > via->mtu && via != myself) {
ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
if(packet->data[20] & 0x40) {
packet->len = via->mtu;
send_packet(subnet->owner, packet);
}
-static __inline__ void route_ipv4(node_t *source, vpn_packet_t *packet)
+static void route_ipv4(node_t *source, vpn_packet_t *packet)
{
cp();
if(!checklength(source, packet, ether_size + ip_size))
return;
- route_ipv4_unicast(source, packet);
+ if(((packet->data[30] & 0xf0) == 0xe0) || (
+ packet->data[30] == 255 &&
+ packet->data[31] == 255 &&
+ packet->data[32] == 255 &&
+ packet->data[33] == 255))
+ broadcast_packet(source, packet);
+ else
+ route_ipv4_unicast(source, packet);
}
/* RFC 2463 */
send_packet(source, packet);
}
-static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet)
+static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet)
{
subnet_t *subnet;
node_t *via;
+ ipv6_t dest;
cp();
- subnet = lookup_subnet_ipv6((ipv6_t *) &packet->data[38]);
+ memcpy(&dest, &packet->data[38], sizeof dest);
+ subnet = lookup_subnet_ipv6(&dest);
if(!subnet) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"),
source->name, source->hostname,
- ntohs(*(uint16_t *) &packet->data[38]),
- ntohs(*(uint16_t *) &packet->data[40]),
- ntohs(*(uint16_t *) &packet->data[42]),
- ntohs(*(uint16_t *) &packet->data[44]),
- ntohs(*(uint16_t *) &packet->data[46]),
- ntohs(*(uint16_t *) &packet->data[48]),
- ntohs(*(uint16_t *) &packet->data[50]),
- ntohs(*(uint16_t *) &packet->data[52]));
+ ntohs(dest.x[0]),
+ ntohs(dest.x[1]),
+ ntohs(dest.x[2]),
+ ntohs(dest.x[3]),
+ ntohs(dest.x[4]),
+ ntohs(dest.x[5]),
+ ntohs(dest.x[6]),
+ ntohs(dest.x[7]));
route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR);
return;
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
- if(packet->len > via->mtu && via != myself) {
+ if(via && packet->len > via->mtu && via != myself) {
ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
packet->len = via->mtu;
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
struct nd_opt_hdr opt;
subnet_t *subnet;
uint16_t checksum;
+ bool has_opt;
struct {
struct in6_addr ip6_src; /* source address */
cp();
- if(!checklength(source, packet, ether_size + ip6_size + ns_size + opt_size + ETH_ALEN))
+ if(!checklength(source, packet, ether_size + ip6_size + ns_size))
return;
+ has_opt = packet->len >= ether_size + ip6_size + ns_size + opt_size + ETH_ALEN;
+
if(source != myself) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got neighbor solicitation request from %s (%s) while in router mode!"), source->name, source->hostname);
return;
memcpy(&ip6, packet->data + ether_size, ip6_size);
memcpy(&ns, packet->data + ether_size + ip6_size, ns_size);
- memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size);
+ if(has_opt)
+ memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size);
/* First, snatch the source address from the neighbor solicitation packet */
/* Check if this is a valid neighbor solicitation request */
if(ns.nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT ||
- opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR) {
+ (has_opt && opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR)) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request"));
return;
}
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
- pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ if(has_opt)
+ pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ else
+ pseudo.length = htonl(ns_size);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0);
checksum = inet_checksum(&ns, ns_size, checksum);
- checksum = inet_checksum(&opt, opt_size, checksum);
- checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ if(has_opt) {
+ checksum = inet_checksum(&opt, opt_size, checksum);
+ checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ }
if(checksum) {
ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request"));
ip6.ip6_dst = ip6.ip6_src; /* swap destination and source protocoll address */
ip6.ip6_src = ns.nd_ns_target;
- memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */
+ if(has_opt)
+ memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */
ns.nd_ns_cksum = 0;
ns.nd_ns_type = ND_NEIGHBOR_ADVERT;
pseudo.ip6_src = ip6.ip6_src;
pseudo.ip6_dst = ip6.ip6_dst;
- pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ if(has_opt)
+ pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
+ else
+ pseudo.length = htonl(ns_size);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0);
checksum = inet_checksum(&ns, ns_size, checksum);
- checksum = inet_checksum(&opt, opt_size, checksum);
- checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ if(has_opt) {
+ checksum = inet_checksum(&opt, opt_size, checksum);
+ checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
+ }
ns.nd_ns_hdr.icmp6_cksum = checksum;
memcpy(packet->data + ether_size, &ip6, ip6_size);
memcpy(packet->data + ether_size + ip6_size, &ns, ns_size);
- memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size);
+ if(has_opt)
+ memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size);
send_packet(source, packet);
}
-static __inline__ void route_ipv6(node_t *source, vpn_packet_t *packet)
+static void route_ipv6(node_t *source, vpn_packet_t *packet)
{
cp();
return;
}
- route_ipv6_unicast(source, packet);
+ if(packet->data[38] == 255)
+ broadcast_packet(source, packet);
+ else
+ route_ipv6_unicast(source, packet);
}
/* RFC 826 */