From: Vittorio Gambaletta (VittGam) Date: Thu, 3 Sep 2015 14:02:50 +0000 (+0200) Subject: Fix DecrementTTL option. X-Git-Tag: release-1.1pre12~70 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=a8a3a2c8ceb19bcb6c2c3ef0647c94d7d0624b7a;p=tinc Fix DecrementTTL option. The option was not actually working, as it could be seen on traceroute or mtr. The problem is that it was checking if the TTL was < 1 (so equal to 0) before decrementing it. This meant that a packet with a TTL of 1 was being sent with a TTL of 0 on the VPN, instead of being discarded with the ICMP error message. Signed-off-by: Vittorio Gambaletta # Conflicts: # src/route.c --- diff --git a/src/route.c b/src/route.c index 68a66492..d7c4c872 100644 --- a/src/route.c +++ b/src/route.c @@ -902,7 +902,7 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ethlen + ip_size)) return false; - if(DATA(packet)[ethlen + 8] < 1) { + if(DATA(packet)[ethlen + 8] <= 1) { if(DATA(packet)[ethlen + 11] != IPPROTO_ICMP || DATA(packet)[ethlen + 32] != ICMP_TIME_EXCEEDED) route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL); return false; @@ -925,7 +925,7 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ethlen + ip6_size)) return false; - if(DATA(packet)[ethlen + 7] < 1) { + if(DATA(packet)[ethlen + 7] <= 1) { if(DATA(packet)[ethlen + 6] != IPPROTO_ICMPV6 || DATA(packet)[ethlen + 40] != ICMP6_TIME_EXCEEDED) route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT); return false;