X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Froute.c;h=2fa6175142ab3de69f3684e9102bb55db59d5ec6;hb=f3ba50ed3d14749b7c1ef100d2a49ac30d3b3853;hp=92dc1cd0a6755a62cc067821c157a3516dff3d4a;hpb=bdeba3f9c26f9225c17c097ca490dc651cd40b90;p=tinc

diff --git a/src/route.c b/src/route.c
index 92dc1cd0..2fa61751 100644
--- a/src/route.c
+++ b/src/route.c
@@ -1,7 +1,7 @@
 /*
     route.c -- routing
     Copyright (C) 2000-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -64,16 +64,18 @@ static timeout_t age_subnets_timeout;
 /* RFC 1071 */
 
 static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
-	uint16_t *p = data;
+	uint16_t word;
 	uint32_t checksum = prevsum ^ 0xFFFF;
 
 	while(len >= 2) {
-		checksum += *p++;
+		memcpy(&word, data, sizeof(word));
+		checksum += word;
+		data += 2;
 		len -= 2;
 	}
 
 	if(len) {
-		checksum += *(uint8_t *)p;
+		checksum += *(uint8_t *)data;
 	}
 
 	while(checksum >> 16) {
@@ -159,7 +161,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_
 				addr.sin_family = AF_INET;
 				socklen_t addrlen = sizeof(addr);
 
-				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
+				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
 					ip_dst = addr.sin_addr;
 				}
 			}
@@ -264,7 +266,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_
 				addr.sin6_family = AF_INET6;
 				socklen_t addrlen = sizeof(addr);
 
-				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
+				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
 					pseudo.ip6_src = addr.sin6_addr;
 				}
 			}
@@ -489,6 +491,7 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac
 }
 
 static void age_subnets(void *data) {
+	(void)data;
 	bool left = false;
 
 	for splay_each(subnet_t, s, myself->subnet_tree) {
@@ -591,7 +594,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et
 	logger(DEBUG_TRAFFIC, LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname);
 
 	offset = DATA(packet) + ether_size + ip_size;
-	maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
+	maxlen = (MAX(dest->mtu, 590) - ether_size - ip_size) & ~0x7;
 	ip_off = ntohs(ip.ip_off);
 	origf = ip_off & ~IP_OFFMASK;
 	ip_off &= IP_OFFMASK;
@@ -651,11 +654,13 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
 	}
 
 	if(!subnet->owner->status.reachable) {
-		return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_UNREACH);
+		route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_UNREACH);
+		return;
 	}
 
 	if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) {
-		return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
+		route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
+		return;
 	}
 
 	if(decrement_ttl && source != myself && subnet->owner != myself)
@@ -675,7 +680,8 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
 	}
 
 	if(directonly && subnet->owner != via) {
-		return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
+		route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
+		return;
 	}
 
 	if(via && packet->len > MAX(via->mtu, 590) && via != myself) {
@@ -742,11 +748,13 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
 	}
 
 	if(!subnet->owner->status.reachable) {
-		return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE);
+		route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE);
+		return;
 	}
 
 	if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) {
-		return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
+		route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
+		return;
 	}
 
 	if(decrement_ttl && source != myself && subnet->owner != myself)
@@ -766,7 +774,8 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
 	}
 
 	if(directonly && subnet->owner != via) {
-		return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
+		route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
+		return;
 	}
 
 	if(via && packet->len > MAX(via->mtu, 1294) && via != myself) {
@@ -894,7 +903,7 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) {
 	memcpy(DATA(packet), DATA(packet) + ETH_ALEN, ETH_ALEN); /* copy destination address */
 	DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;                  /* mangle source address so it looks like it's not from us */
 
-	ip6.ip6_dst = ip6.ip6_src;                               /* swap destination and source protocoll address */
+	ip6.ip6_dst = ip6.ip6_src;                               /* swap destination and source protocol address */
 	ip6.ip6_src = ns.nd_ns_target;
 
 	if(has_opt) {