+ static int count = 0;
+
+ if(lasttime == now) {
+ if(count >= frequency) {
+ return true;
+ }
+ } else {
+ lasttime = now;
+ count = 0;
+ }
+
+ count++;
+ return false;
+}
+
+static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
+ if(packet->len < length) {
+ ifdebug(TRAFFIC) logger(LOG_WARNING, "Got too short packet from %s (%s)", source->name, source->hostname);
+ return false;
+ } else {
+ return true;
+ }
+}
+
+static void swap_mac_addresses(vpn_packet_t *packet) {
+ mac_t tmp;
+ memcpy(&tmp, &packet->data[0], sizeof(tmp));
+ memcpy(&packet->data[0], &packet->data[6], sizeof(tmp));
+ memcpy(&packet->data[6], &tmp, sizeof(tmp));
+}
+
+/* RFC 792 */
+
+static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
+ struct ip ip = {0};
+ struct icmp icmp = {0};
+
+ struct in_addr ip_src;
+ struct in_addr ip_dst;
+ uint32_t oldlen;
+
+ if(ratelimit(3)) {
+ return;
+ }
+
+ /* Swap Ethernet source and destination addresses */
+
+ swap_mac_addresses(packet);
+
+ /* Copy headers from packet into properly aligned structs on the stack */
+
+ memcpy(&ip, packet->data + ether_size, ip_size);
+
+ /* Remember original source and destination */
+
+ ip_src = ip.ip_src;
+ ip_dst = ip.ip_dst;
+
+ /* Try to reply with an IP address assigned to the local machine */
+
+ if(type == ICMP_TIME_EXCEEDED && code == ICMP_EXC_TTL) {
+ int sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+
+ if(sockfd != -1) {
+ struct sockaddr_in addr;
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_addr = ip.ip_src;
+
+ if(!connect(sockfd, (const struct sockaddr *) &addr, sizeof(addr))) {
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ socklen_t addrlen = sizeof(addr);
+
+ if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
+ ip_dst = addr.sin_addr;
+ }
+ }
+
+ close(sockfd);
+ }
+ }
+
+ oldlen = packet->len - ether_size;
+
+ if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
+ icmp.icmp_nextmtu = htons(packet->len - ether_size);
+ }
+
+ if(oldlen >= IP_MSS - ip_size - icmp_size) {
+ oldlen = IP_MSS - ip_size - icmp_size;
+ }
+
+ /* Copy first part of original contents to ICMP message */
+
+ memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen);
+
+ /* Fill in IPv4 header */
+
+ ip.ip_v = 4;
+ ip.ip_hl = ip_size / 4;
+ ip.ip_tos = 0;
+ ip.ip_len = htons(ip_size + icmp_size + oldlen);
+ ip.ip_id = 0;
+ ip.ip_off = 0;
+ ip.ip_ttl = 255;
+ ip.ip_p = IPPROTO_ICMP;
+ ip.ip_sum = 0;
+ ip.ip_src = ip_dst;
+ ip.ip_dst = ip_src;
+
+ ip.ip_sum = inet_checksum(&ip, ip_size, ~0);
+
+ /* Fill in ICMP header */
+
+ icmp.icmp_type = type;
+ icmp.icmp_code = code;
+ icmp.icmp_cksum = 0;
+
+ icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0);
+ icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum);
+
+ /* Copy structs on stack back to packet */
+
+ memcpy(packet->data + ether_size, &ip, ip_size);
+ memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size);
+
+ packet->len = ether_size + ip_size + icmp_size + oldlen;
+
+ send_packet(source, packet);
+}
+
+/* RFC 2463 */
+
+static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
+ struct ip6_hdr ip6;
+ struct icmp6_hdr icmp6 = {0};
+ uint16_t checksum;
+
+ struct {
+ struct in6_addr ip6_src; /* source address */
+ struct in6_addr ip6_dst; /* destination address */
+ uint32_t length;
+ uint32_t next;
+ } pseudo;
+
+ if(ratelimit(3)) {
+ return;
+ }
+
+ /* Swap Ethernet source and destination addresses */
+
+ swap_mac_addresses(packet);
+
+ /* Copy headers from packet to structs on the stack */
+
+ memcpy(&ip6, packet->data + ether_size, ip6_size);
+
+ /* Remember original source and destination */
+
+ pseudo.ip6_src = ip6.ip6_dst;
+ pseudo.ip6_dst = ip6.ip6_src;
+
+ /* Try to reply with an IP address assigned to the local machine */