+
+ send_packet(source, packet);
+}
+
+static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
+ uint16_t type = packet->data[12] << 8 | packet->data[13];
+ length_t ethlen = ether_size;
+
+ if(type == ETH_P_8021Q) {
+ type = packet->data[16] << 8 | packet->data[17];
+ ethlen += 4;
+ }
+
+ switch(type) {
+ case ETH_P_IP:
+ if(!checklength(source, packet, ethlen + ip_size)) {
+ return false;
+ }
+
+ if(packet->data[ethlen + 8] <= 1) {
+ if(packet->data[ethlen + 11] != IPPROTO_ICMP || packet->data[ethlen + 32] != ICMP_TIME_EXCEEDED) {
+ route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
+ }
+
+ return false;
+ }
+
+ uint16_t old = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
+ packet->data[ethlen + 8]--;
+ uint16_t new = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
+
+ uint32_t checksum = packet->data[ethlen + 10] << 8 | packet->data[ethlen + 11];
+ checksum += old + (~new & 0xFFFF);
+
+ while(checksum >> 16) {
+ checksum = (checksum & 0xFFFF) + (checksum >> 16);
+ }
+
+ packet->data[ethlen + 10] = checksum >> 8;
+ packet->data[ethlen + 11] = checksum & 0xff;
+
+ return true;
+
+ case ETH_P_IPV6:
+ if(!checklength(source, packet, ethlen + ip6_size)) {
+ return false;
+ }
+
+ if(packet->data[ethlen + 7] <= 1) {
+ if(packet->data[ethlen + 6] != IPPROTO_ICMPV6 || packet->data[ethlen + 40] != ICMP6_TIME_EXCEEDED) {
+ route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
+ }
+
+ return false;
+ }
+
+ packet->data[ethlen + 7]--;
+
+ return true;
+
+ default:
+ return true;
+ }
+}
+
+static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) {
+ if(!source || !via || !(via->options & OPTION_CLAMP_MSS)) {
+ return;
+ }
+
+ uint16_t mtu = source->mtu;
+
+ if(via != myself && via->mtu < mtu) {
+ mtu = via->mtu;
+ }
+
+ /* Find TCP header */
+ int start = ether_size;
+ uint16_t type = packet->data[12] << 8 | packet->data[13];
+
+ if(type == ETH_P_8021Q) {
+ start += 4;
+ type = packet->data[16] << 8 | packet->data[17];
+ }
+
+ if(type == ETH_P_IP && packet->data[start + 9] == 6) {
+ start += (packet->data[start] & 0xf) * 4;
+ } else if(type == ETH_P_IPV6 && packet->data[start + 6] == 6) {
+ start += 40;
+ } else {
+ return;
+ }
+
+ if(packet->len <= start + 20) {
+ return;
+ }
+
+ /* Use data offset field to calculate length of options field */
+ int len = ((packet->data[start + 12] >> 4) - 5) * 4;
+
+ if(packet->len < start + 20 + len) {
+ return;
+ }
+
+ /* Search for MSS option header */
+ for(int i = 0; i < len;) {
+ if(packet->data[start + 20 + i] == 0) {
+ break;
+ }
+
+ if(packet->data[start + 20 + i] == 1) {
+ i++;
+ continue;
+ }
+
+ if(i > len - 2 || i > len - packet->data[start + 21 + i]) {
+ break;
+ }
+
+ if(packet->data[start + 20 + i] != 2) {
+ if(packet->data[start + 21 + i] < 2) {
+ break;
+ }
+
+ i += packet->data[start + 21 + i];
+ continue;
+ }
+
+ if(packet->data[start + 21] != 4) {
+ break;
+ }
+
+ /* Found it */
+ uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i];
+ uint16_t newmss = mtu - start - 20;
+ uint32_t csum = packet->data[start + 16] << 8 | packet->data[start + 17];
+
+ if(oldmss <= newmss) {
+ break;
+ }
+
+ ifdebug(TRAFFIC) logger(LOG_INFO, "Clamping MSS of packet from %s to %s to %d", source->name, via->name, newmss);
+
+ /* Update the MSS value and the checksum */
+ packet->data[start + 22 + i] = newmss >> 8;
+ packet->data[start + 23 + i] = newmss & 0xff;
+ csum ^= 0xffff;
+ csum += oldmss ^ 0xffff;
+ csum += newmss;
+ csum = (csum & 0xffff) + (csum >> 16);
+ csum += csum >> 16;
+ csum ^= 0xffff;
+ packet->data[start + 16] = csum >> 8;
+ packet->data[start + 17] = csum;
+ break;
+ }
+}
+
+static void learn_mac(mac_t *address) {
+ subnet_t *subnet;
+ avl_node_t *node;
+ connection_t *c;
+
+ subnet = lookup_subnet_mac(myself, address);
+
+ /* If we don't know this MAC address yet, store it */
+
+ if(!subnet) {
+ ifdebug(TRAFFIC) logger(LOG_INFO, "Learned new MAC address %x:%x:%x:%x:%x:%x",
+ address->x[0], address->x[1], address->x[2], address->x[3],
+ address->x[4], address->x[5]);
+
+ subnet = new_subnet();
+ subnet->type = SUBNET_MAC;
+ subnet->expires = now + macexpire;
+ subnet->net.mac.address = *address;
+ subnet->weight = 10;
+ subnet_add(myself, subnet);
+ subnet_update(myself, subnet, true);
+
+ /* And tell all other tinc daemons it's our MAC */
+
+ for(node = connection_tree->head; node; node = node->next) {
+ c = node->data;
+
+ if(c->status.active) {
+ send_add_subnet(c, subnet);
+ }
+ }
+ }
+
+ if(subnet->expires) {
+ subnet->expires = now + macexpire;
+ }