43d26972a6465af91f8d868c4dd0805b5c0aece7
[tinc] / route.c
1 /*
2     route.c -- routing
3     Copyright (C) 2000-2005 Ivo Timmermans,
4                   2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5
6     This program is free software; you can redistribute it and/or modify
7     it under the terms of the GNU General Public License as published by
8     the Free Software Foundation; either version 2 of the License, or
9     (at your option) any later version.
10
11     This program is distributed in the hope that it will be useful,
12     but WITHOUT ANY WARRANTY; without even the implied warranty of
13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14     GNU General Public License for more details.
15
16     You should have received a copy of the GNU General Public License along
17     with this program; if not, write to the Free Software Foundation, Inc.,
18     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20
21 #include "system.h"
22
23 #include "connection.h"
24 #include "control_common.h"
25 #include "ethernet.h"
26 #include "ipv4.h"
27 #include "ipv6.h"
28 #include "logger.h"
29 #include "meta.h"
30 #include "net.h"
31 #include "protocol.h"
32 #include "route.h"
33 #include "subnet.h"
34 #include "utils.h"
35
36 rmode_t routing_mode = RMODE_ROUTER;
37 fmode_t forwarding_mode = FMODE_INTERNAL;
38 bmode_t broadcast_mode = BMODE_MST;
39 bool decrement_ttl = false;
40 bool directonly = false;
41 bool priorityinheritance = false;
42 int macexpire = 600;
43 bool overwrite_mac = false;
44 mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}};
45 bool pcap = false;
46
47 /* Sizes of various headers */
48
49 static const size_t ether_size = sizeof(struct ether_header);
50 static const size_t arp_size = sizeof(struct ether_arp);
51 static const size_t ip_size = sizeof(struct ip);
52 static const size_t icmp_size = sizeof(struct icmp) - sizeof(struct ip);
53 static const size_t ip6_size = sizeof(struct ip6_hdr);
54 static const size_t icmp6_size = sizeof(struct icmp6_hdr);
55 static const size_t ns_size = sizeof(struct nd_neighbor_solicit);
56 static const size_t opt_size = sizeof(struct nd_opt_hdr);
57
58 #ifndef MAX
59 #define MAX(a, b) ((a) > (b) ? (a) : (b))
60 #endif
61
62 static timeout_t age_subnets_timeout;
63
64 /* RFC 1071 */
65
66 static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
67         uint16_t *p = data;
68         uint32_t checksum = prevsum ^ 0xFFFF;
69
70         while(len >= 2) {
71                 checksum += *p++;
72                 len -= 2;
73         }
74
75         if(len)
76                 checksum += *(uint8_t *)p;
77
78         while(checksum >> 16)
79                 checksum = (checksum & 0xFFFF) + (checksum >> 16);
80
81         return ~checksum;
82 }
83
84 static bool ratelimit(int frequency) {
85         static time_t lasttime = 0;
86         static int count = 0;
87
88         if(lasttime == now.tv_sec) {
89                 if(count >= frequency)
90                         return true;
91         } else {
92                 lasttime = now.tv_sec;
93                 count = 0;
94         }
95
96         count++;
97         return false;
98 }
99
100 static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
101         if(packet->len < length) {
102                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got too short packet from %s (%s)", source->name, source->hostname);
103                 return false;
104         } else
105                 return true;
106 }
107
108 static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) {
109         if(!source || !via || !(via->options & OPTION_CLAMP_MSS))
110                 return;
111
112         uint16_t mtu = source->mtu;
113         if(via != myself && via->mtu < mtu)
114                 mtu = via->mtu;
115
116         /* Find TCP header */
117         int start = ether_size;
118         uint16_t type = packet->data[12] << 8 | packet->data[13];
119
120         if(type == ETH_P_8021Q) {
121                 start += 4;
122                 type = packet->data[16] << 8 | packet->data[17];
123         }
124
125         if(type == ETH_P_IP && packet->data[start + 9] == 6)
126                 start += (packet->data[start] & 0xf) * 4;
127         else if(type == ETH_P_IPV6 && packet->data[start + 6] == 6)
128                 start += 40;
129         else
130                 return;
131
132         if(packet->len <= start + 20)
133                 return;
134
135         /* Use data offset field to calculate length of options field */
136         int len = ((packet->data[start + 12] >> 4) - 5) * 4;
137
138         if(packet->len < start + 20 + len)
139                 return;
140
141         /* Search for MSS option header */
142         for(int i = 0; i < len;) {
143                 if(packet->data[start + 20 + i] == 0)
144                         break;
145
146                 if(packet->data[start + 20 + i] == 1) {
147                         i++;
148                         continue;
149                 }
150
151                 if(i > len - 2 || i > len - packet->data[start + 21 + i])
152                         break;
153
154                 if(packet->data[start + 20 + i] != 2) {
155                         if(packet->data[start + 21 + i] < 2)
156                                 break;
157                         i += packet->data[start + 21 + i];
158                         continue;
159                 }
160
161                 if(packet->data[start + 21] != 4)
162                         break;
163
164                 /* Found it */
165                 uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i];
166                 uint16_t newmss = mtu - start - 20;
167                 uint16_t csum = packet->data[start + 16] << 8 | packet->data[start + 17];
168
169                 if(oldmss <= newmss)
170                         break;
171
172                 logger(DEBUG_TRAFFIC, LOG_INFO, "Clamping MSS of packet from %s to %s to %d", source->name, via->name, newmss);
173
174                 /* Update the MSS value and the checksum */
175                 packet->data[start + 22 + i] = newmss >> 8;
176                 packet->data[start + 23 + i] = newmss & 0xff;
177                 csum ^= 0xffff;
178                 csum -= oldmss;
179                 csum += newmss;
180                 csum ^= 0xffff;
181                 packet->data[start + 16] = csum >> 8;
182                 packet->data[start + 17] = csum & 0xff;
183                 break;
184         }
185 }
186
187 static void swap_mac_addresses(vpn_packet_t *packet) {
188         mac_t tmp;
189         memcpy(&tmp, &packet->data[0], sizeof tmp);
190         memcpy(&packet->data[0], &packet->data[6], sizeof tmp);
191         memcpy(&packet->data[6], &tmp, sizeof tmp);
192 }
193
194 static void age_subnets(void *data) {
195         bool left = false;
196
197         for splay_each(subnet_t, s, myself->subnet_tree) {
198                 if(s->expires && s->expires < now.tv_sec) {
199                         if(debug_level >= DEBUG_TRAFFIC) {
200                                 char netstr[MAXNETSTR];
201                                 if(net2str(netstr, sizeof netstr, s))
202                                         logger(DEBUG_TRAFFIC, LOG_INFO, "Subnet %s expired", netstr);
203                         }
204
205                         for list_each(connection_t, c, connection_list)
206                                 if(c->status.active)
207                                         send_del_subnet(c, s);
208
209                         subnet_del(myself, s);
210                 } else {
211                         if(s->expires)
212                                 left = true;
213                 }
214         }
215
216         if(left)
217                 timeout_set(&age_subnets_timeout, &(struct timeval){10, rand() % 100000});
218 }
219
220 static void learn_mac(mac_t *address) {
221         subnet_t *subnet = lookup_subnet_mac(myself, address);
222
223         /* If we don't know this MAC address yet, store it */
224
225         if(!subnet) {
226                 logger(DEBUG_TRAFFIC, LOG_INFO, "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx",
227                                    address->x[0], address->x[1], address->x[2], address->x[3],
228                                    address->x[4], address->x[5]);
229
230                 subnet = new_subnet();
231                 subnet->type = SUBNET_MAC;
232                 subnet->expires = now.tv_sec + macexpire;
233                 subnet->net.mac.address = *address;
234                 subnet->weight = 10;
235                 subnet_add(myself, subnet);
236                 subnet_update(myself, subnet, true);
237
238                 /* And tell all other tinc daemons it's our MAC */
239
240                 for list_each(connection_t, c, connection_list)
241                         if(c->status.active)
242                                 send_add_subnet(c, subnet);
243
244                 timeout_add(&age_subnets_timeout, age_subnets, NULL, &(struct timeval){10, rand() % 100000});
245         } else {
246                 if(subnet->expires)
247                         subnet->expires = now.tv_sec + macexpire;
248         }
249 }
250
251 /* RFC 792 */
252
253 static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
254         struct ip ip = {0};
255         struct icmp icmp = {0};
256
257         struct in_addr ip_src;
258         struct in_addr ip_dst;
259         uint32_t oldlen;
260
261         if(ratelimit(3))
262                 return;
263
264         /* Swap Ethernet source and destination addresses */
265
266         swap_mac_addresses(packet);
267
268         /* Copy headers from packet into properly aligned structs on the stack */
269
270         memcpy(&ip, packet->data + ether_size, ip_size);
271
272         /* Remember original source and destination */
273
274         ip_src = ip.ip_src;
275         ip_dst = ip.ip_dst;
276
277         oldlen = packet->len - ether_size;
278
279         if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
280                 icmp.icmp_nextmtu = htons(packet->len - ether_size);
281
282         if(oldlen >= IP_MSS - ip_size - icmp_size)
283                 oldlen = IP_MSS - ip_size - icmp_size;
284
285         /* Copy first part of original contents to ICMP message */
286
287         memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen);
288
289         /* Fill in IPv4 header */
290
291         ip.ip_v = 4;
292         ip.ip_hl = ip_size / 4;
293         ip.ip_tos = 0;
294         ip.ip_len = htons(ip_size + icmp_size + oldlen);
295         ip.ip_id = 0;
296         ip.ip_off = 0;
297         ip.ip_ttl = 255;
298         ip.ip_p = IPPROTO_ICMP;
299         ip.ip_sum = 0;
300         ip.ip_src = ip_dst;
301         ip.ip_dst = ip_src;
302
303         ip.ip_sum = inet_checksum(&ip, ip_size, ~0);
304
305         /* Fill in ICMP header */
306
307         icmp.icmp_type = type;
308         icmp.icmp_code = code;
309         icmp.icmp_cksum = 0;
310
311         icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0);
312         icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum);
313
314         /* Copy structs on stack back to packet */
315
316         memcpy(packet->data + ether_size, &ip, ip_size);
317         memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size);
318
319         packet->len = ether_size + ip_size + icmp_size + oldlen;
320
321         send_packet(source, packet);
322 }
323
324 /* RFC 791 */
325
326 static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t ether_size) {
327         struct ip ip;
328         vpn_packet_t fragment;
329         int len, maxlen, todo;
330         uint8_t *offset;
331         uint16_t ip_off, origf;
332
333         memcpy(&ip, packet->data + ether_size, ip_size);
334         fragment.priority = packet->priority;
335
336         if(ip.ip_hl != ip_size / 4)
337                 return;
338
339         todo = ntohs(ip.ip_len) - ip_size;
340
341         if(ether_size + ip_size + todo != packet->len) {
342                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Length of packet (%d) doesn't match length in IPv4 header (%d)", packet->len, (int)(ether_size + ip_size + todo));
343                 return;
344         }
345
346         logger(DEBUG_TRAFFIC, LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname);
347
348         offset = packet->data + ether_size + ip_size;
349         maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
350         ip_off = ntohs(ip.ip_off);
351         origf = ip_off & ~IP_OFFMASK;
352         ip_off &= IP_OFFMASK;
353
354         while(todo) {
355                 len = todo > maxlen ? maxlen : todo;
356                 memcpy(fragment.data + ether_size + ip_size, offset, len);
357                 todo -= len;
358                 offset += len;
359
360                 ip.ip_len = htons(ip_size + len);
361                 ip.ip_off = htons(ip_off | origf | (todo ? IP_MF : 0));
362                 ip.ip_sum = 0;
363                 ip.ip_sum = inet_checksum(&ip, ip_size, ~0);
364                 memcpy(fragment.data, packet->data, ether_size);
365                 memcpy(fragment.data + ether_size, &ip, ip_size);
366                 fragment.len = ether_size + ip_size + len;
367
368                 send_packet(dest, &fragment);
369
370                 ip_off += len / 8;
371         }
372 }
373
374 static void route_ipv4(node_t *source, vpn_packet_t *packet) {
375         if(!checklength(source, packet, ether_size + ip_size))
376                 return;
377
378         subnet_t *subnet;
379         node_t *via;
380         ipv4_t dest;
381
382         memcpy(&dest, &packet->data[30], sizeof dest);
383         subnet = lookup_subnet_ipv4(&dest);
384
385         if(!subnet) {
386                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet from %s (%s): unknown IPv4 destination address %d.%d.%d.%d",
387                                 source->name, source->hostname,
388                                 dest.x[0],
389                                 dest.x[1],
390                                 dest.x[2],
391                                 dest.x[3]);
392
393                 route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_UNKNOWN);
394                 return;
395         }
396
397         if (!subnet->owner) {
398                 broadcast_packet(source, packet);
399                 return;
400         }
401
402         if(subnet->owner == source) {
403                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet looping back to %s (%s)!", source->name, source->hostname);
404                 return;
405         }
406
407         if(!subnet->owner->status.reachable)
408                 return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_UNREACH);
409
410         if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
411                 return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
412
413         if(priorityinheritance)
414                 packet->priority = packet->data[15];
415
416         via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
417
418         if(via == source) {
419                 logger(DEBUG_TRAFFIC, LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
420                 return;
421         }
422
423         if(directonly && subnet->owner != via)
424                 return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
425
426         if(via && packet->len > MAX(via->mtu, 590) && via != myself) {
427                 logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
428                 if(packet->data[20] & 0x40) {
429                         packet->len = MAX(via->mtu, 590);
430                         route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
431                 } else {
432                         fragment_ipv4_packet(via, packet, ether_size);
433                 }
434
435                 return;
436         }
437
438         clamp_mss(source, via, packet);
439
440         send_packet(subnet->owner, packet);
441 }
442
443 /* RFC 2463 */
444
445 static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
446         struct ip6_hdr ip6;
447         struct icmp6_hdr icmp6 = {0};
448         uint16_t checksum;
449
450         struct {
451                 struct in6_addr ip6_src;        /* source address */
452                 struct in6_addr ip6_dst;        /* destination address */
453                 uint32_t length;
454                 uint32_t next;
455         } pseudo;
456
457         if(ratelimit(3))
458                 return;
459
460         /* Swap Ethernet source and destination addresses */
461
462         swap_mac_addresses(packet);
463
464         /* Copy headers from packet to structs on the stack */
465
466         memcpy(&ip6, packet->data + ether_size, ip6_size);
467
468         /* Remember original source and destination */
469
470         pseudo.ip6_src = ip6.ip6_dst;
471         pseudo.ip6_dst = ip6.ip6_src;
472
473         pseudo.length = packet->len - ether_size;
474
475         if(type == ICMP6_PACKET_TOO_BIG)
476                 icmp6.icmp6_mtu = htonl(pseudo.length);
477
478         if(pseudo.length >= IP_MSS - ip6_size - icmp6_size)
479                 pseudo.length = IP_MSS - ip6_size - icmp6_size;
480
481         /* Copy first part of original contents to ICMP message */
482
483         memmove(packet->data + ether_size + ip6_size + icmp6_size, packet->data + ether_size, pseudo.length);
484
485         /* Fill in IPv6 header */
486
487         ip6.ip6_flow = htonl(0x60000000UL);
488         ip6.ip6_plen = htons(icmp6_size + pseudo.length);
489         ip6.ip6_nxt = IPPROTO_ICMPV6;
490         ip6.ip6_hlim = 255;
491         ip6.ip6_src = pseudo.ip6_src;
492         ip6.ip6_dst = pseudo.ip6_dst;
493
494         /* Fill in ICMP header */
495
496         icmp6.icmp6_type = type;
497         icmp6.icmp6_code = code;
498         icmp6.icmp6_cksum = 0;
499
500         /* Create pseudo header */
501
502         pseudo.length = htonl(icmp6_size + pseudo.length);
503         pseudo.next = htonl(IPPROTO_ICMPV6);
504
505         /* Generate checksum */
506
507         checksum = inet_checksum(&pseudo, sizeof pseudo, ~0);
508         checksum = inet_checksum(&icmp6, icmp6_size, checksum);
509         checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum);
510
511         icmp6.icmp6_cksum = checksum;
512
513         /* Copy structs on stack back to packet */
514
515         memcpy(packet->data + ether_size, &ip6, ip6_size);
516         memcpy(packet->data + ether_size + ip6_size, &icmp6, icmp6_size);
517
518         packet->len = ether_size + ip6_size + ntohl(pseudo.length);
519
520         send_packet(source, packet);
521 }
522
523 static void route_neighborsol(node_t *source, vpn_packet_t *packet);
524
525 static void route_ipv6(node_t *source, vpn_packet_t *packet) {
526         if(!checklength(source, packet, ether_size + ip6_size))
527                 return;
528
529         if(packet->data[20] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + icmp6_size) && packet->data[54] == ND_NEIGHBOR_SOLICIT) {
530                 route_neighborsol(source, packet);
531                 return;
532         }
533
534         subnet_t *subnet;
535         node_t *via;
536         ipv6_t dest;
537
538         memcpy(&dest, &packet->data[38], sizeof dest);
539         subnet = lookup_subnet_ipv6(&dest);
540
541         if(!subnet) {
542                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx",
543                                 source->name, source->hostname,
544                                 ntohs(dest.x[0]),
545                                 ntohs(dest.x[1]),
546                                 ntohs(dest.x[2]),
547                                 ntohs(dest.x[3]),
548                                 ntohs(dest.x[4]),
549                                 ntohs(dest.x[5]),
550                                 ntohs(dest.x[6]),
551                                 ntohs(dest.x[7]));
552
553                 route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR);
554                 return;
555         }
556
557         if (!subnet->owner) {
558                 broadcast_packet(source, packet);
559                 return;
560         }
561
562         if(subnet->owner == source) {
563                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet looping back to %s (%s)!", source->name, source->hostname);
564                 return;
565         }
566
567         if(!subnet->owner->status.reachable)
568                 return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE);
569
570         if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
571                 return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
572
573         via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
574
575         if(via == source) {
576                 logger(DEBUG_TRAFFIC, LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
577                 return;
578         }
579
580         if(directonly && subnet->owner != via)
581                 return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
582
583         if(via && packet->len > MAX(via->mtu, 1294) && via != myself) {
584                 logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
585                 packet->len = MAX(via->mtu, 1294);
586                 route_ipv6_unreachable(source, packet, ether_size, ICMP6_PACKET_TOO_BIG, 0);
587                 return;
588         }
589
590         clamp_mss(source, via, packet);
591
592         send_packet(subnet->owner, packet);
593 }
594
595 /* RFC 2461 */
596
597 static void route_neighborsol(node_t *source, vpn_packet_t *packet) {
598         struct ip6_hdr ip6;
599         struct nd_neighbor_solicit ns;
600         struct nd_opt_hdr opt;
601         subnet_t *subnet;
602         uint16_t checksum;
603         bool has_opt;
604
605         struct {
606                 struct in6_addr ip6_src;
607                 struct in6_addr ip6_dst;
608                 uint32_t length;
609                 uint32_t next;
610         } pseudo;
611
612         if(!checklength(source, packet, ether_size + ip6_size + ns_size))
613                 return;
614
615         has_opt = packet->len >= ether_size + ip6_size + ns_size + opt_size + ETH_ALEN;
616
617         if(source != myself) {
618                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got neighbor solicitation request from %s (%s) while in router mode!", source->name, source->hostname);
619                 return;
620         }
621
622         /* Copy headers from packet to structs on the stack */
623
624         memcpy(&ip6, packet->data + ether_size, ip6_size);
625         memcpy(&ns, packet->data + ether_size + ip6_size, ns_size);
626         if(has_opt)
627                 memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size);
628
629         /* First, snatch the source address from the neighbor solicitation packet */
630
631         if(overwrite_mac)
632                 memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN);
633
634         /* Check if this is a valid neighbor solicitation request */
635
636         if(ns.nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT ||
637            (has_opt && opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR)) {
638                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet: received unknown type neighbor solicitation request");
639                 return;
640         }
641
642         /* Create pseudo header */
643
644         pseudo.ip6_src = ip6.ip6_src;
645         pseudo.ip6_dst = ip6.ip6_dst;
646         if(has_opt)
647                 pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
648         else
649                 pseudo.length = htonl(ns_size);
650         pseudo.next = htonl(IPPROTO_ICMPV6);
651
652         /* Generate checksum */
653
654         checksum = inet_checksum(&pseudo, sizeof pseudo, ~0);
655         checksum = inet_checksum(&ns, ns_size, checksum);
656         if(has_opt) {
657                 checksum = inet_checksum(&opt, opt_size, checksum);
658                 checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
659         }
660
661         if(checksum) {
662                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet: checksum error for neighbor solicitation request");
663                 return;
664         }
665
666         /* Check if the IPv6 address exists on the VPN */
667
668         subnet = lookup_subnet_ipv6((ipv6_t *) &ns.nd_ns_target);
669
670         if(!subnet) {
671                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx",
672                                    ntohs(((uint16_t *) &ns.nd_ns_target)[0]),
673                                    ntohs(((uint16_t *) &ns.nd_ns_target)[1]),
674                                    ntohs(((uint16_t *) &ns.nd_ns_target)[2]),
675                                    ntohs(((uint16_t *) &ns.nd_ns_target)[3]),
676                                    ntohs(((uint16_t *) &ns.nd_ns_target)[4]),
677                                    ntohs(((uint16_t *) &ns.nd_ns_target)[5]),
678                                    ntohs(((uint16_t *) &ns.nd_ns_target)[6]),
679                                    ntohs(((uint16_t *) &ns.nd_ns_target)[7]));
680
681                 return;
682         }
683
684         /* Check if it is for our own subnet */
685
686         if(subnet->owner == myself)
687                 return;                                          /* silently ignore */
688
689         /* Create neighbor advertation reply */
690
691         memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
692         packet->data[ETH_ALEN * 2 - 1] ^= 0xFF;                  /* mangle source address so it looks like it's not from us */
693
694         ip6.ip6_dst = ip6.ip6_src;                               /* swap destination and source protocoll address */
695         ip6.ip6_src = ns.nd_ns_target;
696
697         if(has_opt)
698                 memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN);   /* add fake source hard addr */
699
700         ns.nd_ns_cksum = 0;
701         ns.nd_ns_type = ND_NEIGHBOR_ADVERT;
702         ns.nd_ns_reserved = htonl(0x40000000UL);                 /* Set solicited flag */
703         opt.nd_opt_type = ND_OPT_TARGET_LINKADDR;
704
705         /* Create pseudo header */
706
707         pseudo.ip6_src = ip6.ip6_src;
708         pseudo.ip6_dst = ip6.ip6_dst;
709         if(has_opt)
710                 pseudo.length = htonl(ns_size + opt_size + ETH_ALEN);
711         else
712                 pseudo.length = htonl(ns_size);
713         pseudo.next = htonl(IPPROTO_ICMPV6);
714
715         /* Generate checksum */
716
717         checksum = inet_checksum(&pseudo, sizeof pseudo, ~0);
718         checksum = inet_checksum(&ns, ns_size, checksum);
719         if(has_opt) {
720                 checksum = inet_checksum(&opt, opt_size, checksum);
721                 checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum);
722         }
723
724         ns.nd_ns_hdr.icmp6_cksum = checksum;
725
726         /* Copy structs on stack back to packet */
727
728         memcpy(packet->data + ether_size, &ip6, ip6_size);
729         memcpy(packet->data + ether_size + ip6_size, &ns, ns_size);
730         if(has_opt)
731                 memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size);
732
733         send_packet(source, packet);
734 }
735
736 /* RFC 826 */
737
738 static void route_arp(node_t *source, vpn_packet_t *packet) {
739         struct ether_arp arp;
740         subnet_t *subnet;
741         struct in_addr addr;
742
743         if(!checklength(source, packet, ether_size + arp_size))
744                 return;
745
746         if(source != myself) {
747                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got ARP request from %s (%s) while in router mode!", source->name, source->hostname);
748                 return;
749         }
750
751         /* First, snatch the source address from the ARP packet */
752
753         if(overwrite_mac)
754                 memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN);
755
756         /* Copy headers from packet to structs on the stack */
757
758         memcpy(&arp, packet->data + ether_size, arp_size);
759
760         /* Check if this is a valid ARP request */
761
762         if(ntohs(arp.arp_hrd) != ARPHRD_ETHER || ntohs(arp.arp_pro) != ETH_P_IP ||
763            arp.arp_hln != ETH_ALEN || arp.arp_pln != sizeof addr || ntohs(arp.arp_op) != ARPOP_REQUEST) {
764                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet: received unknown type ARP request");
765                 return;
766         }
767
768         /* Check if the IPv4 address exists on the VPN */
769
770         subnet = lookup_subnet_ipv4((ipv4_t *) &arp.arp_tpa);
771
772         if(!subnet) {
773                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet: ARP request for unknown address %d.%d.%d.%d",
774                                    arp.arp_tpa[0], arp.arp_tpa[1], arp.arp_tpa[2],
775                                    arp.arp_tpa[3]);
776                 return;
777         }
778
779         /* Check if it is for our own subnet */
780
781         if(subnet->owner == myself)
782                 return;                                          /* silently ignore */
783
784         memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
785         packet->data[ETH_ALEN * 2 - 1] ^= 0xFF;                  /* mangle source address so it looks like it's not from us */
786
787         memcpy(&addr, arp.arp_tpa, sizeof addr);                 /* save protocol addr */
788         memcpy(arp.arp_tpa, arp.arp_spa, sizeof addr);           /* swap destination and source protocol address */
789         memcpy(arp.arp_spa, &addr, sizeof addr);                 /* ... */
790
791         memcpy(arp.arp_tha, arp.arp_sha, ETH_ALEN);              /* set target hard/proto addr */
792         memcpy(arp.arp_sha, packet->data + ETH_ALEN, ETH_ALEN);  /* add fake source hard addr */
793         arp.arp_op = htons(ARPOP_REPLY);
794
795         /* Copy structs on stack back to packet */
796
797         memcpy(packet->data + ether_size, &arp, arp_size);
798
799         send_packet(source, packet);
800 }
801
802 static void route_mac(node_t *source, vpn_packet_t *packet) {
803         subnet_t *subnet;
804         mac_t dest;
805
806         /* Learn source address */
807
808         if(source == myself) {
809                 mac_t src;
810                 memcpy(&src, &packet->data[6], sizeof src);
811                 learn_mac(&src);
812         }
813
814         /* Lookup destination address */
815
816         memcpy(&dest, &packet->data[0], sizeof dest);
817         subnet = lookup_subnet_mac(NULL, &dest);
818
819         if(!subnet || !subnet->owner) {
820                 broadcast_packet(source, packet);
821                 return;
822         }
823
824         if(subnet->owner == source) {
825                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet looping back to %s (%s)!", source->name, source->hostname);
826                 return;
827         }
828
829         if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
830                 return;
831
832         uint16_t type = packet->data[12] << 8 | packet->data[13];
833
834         if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
835                 packet->priority = packet->data[15];
836
837         // Handle packets larger than PMTU
838
839         node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
840
841         if(directonly && subnet->owner != via)
842                 return;
843
844         if(via && packet->len > via->mtu && via != myself) {
845                 logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
846                 length_t ethlen = 14;
847
848                 if(type == ETH_P_8021Q) {
849                         type = packet->data[16] << 8 | packet->data[17];
850                         ethlen += 4;
851                 }
852
853                 if(type == ETH_P_IP && packet->len > 576 + ethlen) {
854                         if(packet->data[6 + ethlen] & 0x40) {
855                                 packet->len = via->mtu;
856                                 route_ipv4_unreachable(source, packet, ethlen, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
857                         } else {
858                                 fragment_ipv4_packet(via, packet, ethlen);
859                         }
860                         return;
861                 } else if(type == ETH_P_IPV6 && packet->len > 1280 + ethlen) {
862                         packet->len = via->mtu;
863                         route_ipv6_unreachable(source, packet, ethlen, ICMP6_PACKET_TOO_BIG, 0);
864                         return;
865                 }
866         }
867
868         clamp_mss(source, via, packet);
869
870         send_packet(subnet->owner, packet);
871 }
872
873 static void send_pcap(vpn_packet_t *packet) {
874         pcap = false;
875
876         for list_each(connection_t, c, connection_list) {
877                 if(!c->status.pcap)
878                         continue;
879
880                 pcap = true;
881                 int len = packet->len;
882                 if(c->outmaclength && c->outmaclength < len)
883                         len = c->outmaclength;
884
885                 if(send_request(c, "%d %d %d", CONTROL, REQ_PCAP, len))
886                         send_meta(c, (char *)packet->data, len);
887         }
888 }
889
890 static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
891         uint16_t type = packet->data[12] << 8 | packet->data[13];
892         length_t ethlen = ether_size;
893
894         if(type == ETH_P_8021Q) {
895                 type = packet->data[16] << 8 | packet->data[17];
896                 ethlen += 4;
897         }
898
899         switch (type) {
900                 case ETH_P_IP:
901                         if(!checklength(source, packet, ethlen + ip_size))
902                                 return false;
903
904                         if(packet->data[ethlen + 8] < 1) {
905                                 if(packet->data[ethlen + 11] != IPPROTO_ICMP || packet->data[ethlen + 32] != ICMP_TIME_EXCEEDED)
906                                         route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
907                                 return false;
908                         }
909
910                         uint16_t old = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
911                         packet->data[ethlen + 8]--;
912                         uint16_t new = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
913
914                         uint32_t checksum = packet->data[ethlen + 10] << 8 | packet->data[ethlen + 11];
915                         checksum += old + (~new & 0xFFFF);
916                         while(checksum >> 16)
917                                 checksum = (checksum & 0xFFFF) + (checksum >> 16);
918                         packet->data[ethlen + 10] = checksum >> 8;
919                         packet->data[ethlen + 11] = checksum & 0xff;
920
921                         return true;
922
923                 case ETH_P_IPV6:
924                         if(!checklength(source, packet, ethlen + ip6_size))
925                                 return false;
926
927                         if(packet->data[ethlen + 7] < 1) {
928                                 if(packet->data[ethlen + 6] != IPPROTO_ICMPV6 || packet->data[ethlen + 40] != ICMP6_TIME_EXCEEDED)
929                                         route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
930                                 return false;
931                         }
932
933                         packet->data[ethlen + 7]--;
934
935                         return true;
936
937                 default:
938                         return true;
939         }
940 }
941
942 void route(node_t *source, vpn_packet_t *packet) {
943         if(pcap)
944                 send_pcap(packet);
945
946         if(forwarding_mode == FMODE_KERNEL && source != myself) {
947                 send_packet(myself, packet);
948                 return;
949         }
950
951         if(!checklength(source, packet, ether_size))
952                 return;
953
954         if(decrement_ttl && source != myself)
955                 if(!do_decrement_ttl(source, packet))
956                         return;
957
958         uint16_t type = packet->data[12] << 8 | packet->data[13];
959
960         switch (routing_mode) {
961                 case RMODE_ROUTER:
962                         switch (type) {
963                                 case ETH_P_ARP:
964                                         route_arp(source, packet);
965                                         break;
966
967                                 case ETH_P_IP:
968                                         route_ipv4(source, packet);
969                                         break;
970
971                                 case ETH_P_IPV6:
972                                         route_ipv6(source, packet);
973                                         break;
974
975                                 default:
976                                         logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot route packet from %s (%s): unknown type %hx", source->name, source->hostname, type);
977                                         break;
978                         }
979                         break;
980
981                 case RMODE_SWITCH:
982                         route_mac(source, packet);
983                         break;
984
985                 case RMODE_HUB:
986                         broadcast_packet(source, packet);
987                         break;
988         }
989 }