/*
route.c -- routing
- Copyright (C) 2000,2001 Ivo Timmermans <itimmermans@bigfoot.com>,
- 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
+ Copyright (C) 2000-2002 Ivo Timmermans <itimmermans@bigfoot.com>,
+ 2000-2002 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: route.c,v 1.1.2.18 2001/07/21 20:21:25 guus Exp $
+ $Id: route.c,v 1.1.2.32 2002/03/12 14:25:04 guus Exp $
*/
#include "config.h"
-#ifdef HAVE_FREEBSD
+#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD)
#include <sys/param.h>
#endif
#include <sys/socket.h>
#include <netinet/in.h>
-#ifdef HAVE_SOLARIS
+#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD)
#include <net/if.h>
#define ETHER_ADDR_LEN 6
#else
#include <net/ethernet.h>
#endif
+#ifdef NEIGHBORSOL
+#include <netinet/ip6.h>
+#include <netinet/icmp6.h>
+#endif
#include <netinet/if_ether.h>
#include <utils.h>
#include <xalloc.h>
#include "subnet.h"
#include "route.h"
#include "protocol.h"
+#include "device.h"
#include "system.h"
int routing_mode = RMODE_ROUTER;
+int priorityinheritance = 0;
+int macexpire = 600;
subnet_t mymac;
void learn_mac(mac_t *address)
{
subnet_t *subnet;
avl_node_t *node;
- connection_t *p;
+ connection_t *c;
cp
subnet = lookup_subnet_mac(address);
if(!subnet || subnet->owner!=myself)
{
if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx"),
+ syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"),
address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]);
subnet = new_subnet();
for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)node->data;
- if(p->status.active)
- send_add_subnet(p, subnet);
+ c = (connection_t *)node->data;
+ if(c->status.active)
+ send_add_subnet(c, subnet);
}
}
+
+ subnet->net.mac.lastseen = now;
+}
+
+void age_mac(void)
+{
+ subnet_t *s;
+ connection_t *c;
+ avl_node_t *node, *next, *node2;
+cp
+ for(node = myself->subnet_tree->head; node; node = next)
+ {
+ next = node->next;
+ s = (subnet_t *)node->data;
+ if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now)
+ {
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"),
+ s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]);
+ for(node2 = connection_tree->head; node2; node2 = node2->next)
+ {
+ c = (connection_t *)node2->data;
+ if(c->status.active)
+ send_del_subnet(c, s);
+ }
+ subnet_del(myself, s);
+ }
+ }
+cp
}
-connection_t *route_mac(vpn_packet_t *packet)
+node_t *route_mac(vpn_packet_t *packet)
{
subnet_t *subnet;
cp
return NULL;
}
-connection_t *route_ipv4(vpn_packet_t *packet)
+node_t *route_ipv4(vpn_packet_t *packet)
{
- ipv4_t dest;
subnet_t *subnet;
cp
-#ifdef HAVE_SOLARIS
- /* The other form gives bus errors on a SparcStation 20. */
- dest = ((packet->data[30] * 0x100 + packet->data[31]) * 0x100 + packet->data[32]) * 0x100 + packet->data[33];
-#else
- dest = ntohl(*((unsigned long*)(&packet->data[30])));
-#endif
-cp
- subnet = lookup_subnet_ipv4(&dest);
+ if(priorityinheritance)
+ packet->priority = packet->data[15];
+
+ subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]);
cp
if(!subnet)
{
if(debug_lvl >= DEBUG_TRAFFIC)
{
- syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"),
+ syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"),
packet->data[30], packet->data[31], packet->data[32], packet->data[33]);
}
return subnet->owner;
}
-connection_t *route_ipv6(vpn_packet_t *packet)
+node_t *route_ipv6(vpn_packet_t *packet)
{
+ subnet_t *subnet;
+cp
+ subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]);
cp
- if(debug_lvl > DEBUG_NOTHING)
+ if(!subnet)
{
- syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not yet implemented"));
- }
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ {
+ syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"),
+ ntohs(*(short unsigned int *)&packet->data[38]),
+ ntohs(*(short unsigned int *)&packet->data[40]),
+ ntohs(*(short unsigned int *)&packet->data[42]),
+ ntohs(*(short unsigned int *)&packet->data[44]),
+ ntohs(*(short unsigned int *)&packet->data[46]),
+ ntohs(*(short unsigned int *)&packet->data[48]),
+ ntohs(*(short unsigned int *)&packet->data[50]),
+ ntohs(*(short unsigned int *)&packet->data[52]));
+ }
+
+ return NULL;
+ }
cp
- return NULL;
+ return subnet->owner;
+}
+
+#ifdef NEIGHBORSOL
+unsigned short int ipv6_cksum(short int *data, int len, unsigned short int cksum)
+{
+ while(len--)
+ {
+ cksum += ntohs(*data++);
+ }
+ return cksum;
}
+void route_neighborsol(vpn_packet_t *packet)
+{
+ struct ip6_hdr *hdr;
+ struct nd_neighbor_solicit *ns;
+ struct nd_opt_hdr *opt;
+ subnet_t *subnet;
+ short int cksum;
+
+ struct {
+ struct in6_addr ip6_src; /* source address */
+ struct in6_addr ip6_dst; /* destination address */
+ uint32_t length;
+ uint8_t junk[4];
+ } pseudo;
+
+cp
+ hdr = (struct ip6_hdr *)(packet->data + 14);
+ ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(struct ip6_hdr));
+ opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(struct ip6_hdr) + sizeof(struct nd_neighbor_solicit));
+
+ /* First, snatch the source address from the neighbor solicitation packet */
+
+ memcpy(mymac.net.mac.address.x, packet->data + 6, 6);
+
+ /* Check if this is a valid neighbor solicitation request */
+
+ if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT ||
+ opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR)
+ {
+ if(debug_lvl > DEBUG_TRAFFIC)
+ {
+ syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request"));
+ }
+ return;
+ }
+
+ /* Check if the IPv6 address exists on the VPN */
+#if 0
+ subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target);
+
+ if(!subnet)
+ {
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ {
+ syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"),
+ ntohs(ns->nd_ns_target.s6_addr16[0]), ntohs(ns->nd_ns_target.s6_addr16[1]), ntohs(ns->nd_ns_target.s6_addr16[2]), ntohs(ns->nd_ns_target.s6_addr16[3]),
+ ntohs(ns->nd_ns_target.s6_addr16[4]), ntohs(ns->nd_ns_target.s6_addr16[5]), ntohs(ns->nd_ns_target.s6_addr16[6]), ntohs(ns->nd_ns_target.s6_addr16[7]));
+ }
+
+ return;
+ }
+
+ /* Check if it is for our own subnet */
+
+ if(subnet->owner == myself)
+ return; /* silently ignore */
+#endif
+
+ syslog(LOG_DEBUG, "Neighbor solicitation request with checksum %hx", ntohs(ns->nd_ns_hdr.icmp6_cksum));
+
+ /* Create pseudo header */
+
+ memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16);
+ memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16);
+ pseudo.length = htonl(sizeof(*ns));
+ pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0;
+ pseudo.junk[3] = IPPROTO_ICMPV6;
+
+ /* Generate checksum */
+
+ ns->nd_ns_hdr.icmp6_cksum = 0;
+
+ cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0);
+
+ syslog(LOG_DEBUG, "Our checksum %hx", cksum);
+
+ cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum);
+
+ syslog(LOG_DEBUG, "Our checksum %hx", cksum);
+
+ cksum = ipv6_cksum((short int *)opt, sizeof(*opt)/2, cksum);
+
+ syslog(LOG_DEBUG, "Our checksum %hx", cksum);
+
+ /* Create neighbor advertation reply */
+
+ memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */
+ packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */
+
+ memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */
+ memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */
+
+ memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */
+
+ ns->nd_ns_hdr.icmp6_cksum = 0;
+ ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT;
+ opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
+
+ /* Create pseudo header */
+
+ memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16);
+ memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16);
+ pseudo.length = htonl(sizeof(struct icmp6_hdr));
+ pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0;
+ pseudo.junk[3] = IPPROTO_ICMPV6;
+
+ /* Generate checksum */
+
+ cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0);
+ cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum);
+
+ ns->nd_ns_hdr.icmp6_cksum = htons(cksum);
+
+ write_packet(packet);
+cp
+}
+#endif
+
void route_arp(vpn_packet_t *packet)
{
struct ether_arp *arp;
subnet_t *subnet;
unsigned char ipbuf[4];
- ipv4_t dest;
cp
/* First, snatch the source address from the ARP packet */
return;
}
- /* Check if the IP address exists on the VPN */
+ /* Check if the IPv4 address exists on the VPN */
- dest = ntohl(*((unsigned long*)(arp->arp_tpa)));
- subnet = lookup_subnet_ipv4(&dest);
+ subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa);
if(!subnet)
{
memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */
arp->arp_op = htons(ARPOP_REPLY);
- accept_packet(packet);
+ write_packet(packet);
cp
}
void route_outgoing(vpn_packet_t *packet)
{
unsigned short int type;
- connection_t *cl;
+ node_t *n = NULL;
cp
/* FIXME: multicast? */
switch(type)
{
case 0x0800:
- cl = route_ipv4(packet);
+ n = route_ipv4(packet);
break;
case 0x86DD:
- cl = route_ipv6(packet);
+ n = route_ipv6(packet);
+#ifdef NEIGHBORSOL
+ if(!n && packet->data[0] == 0x33 && packet->data[1] == 0x33 && packet->data[2] == 0xff)
+ {
+ route_neighborsol(packet);
+ return;
+ }
+#endif
break;
case 0x0806:
route_arp(packet);
}
return;
}
- if(cl)
- send_packet(cl, packet);
+ if(n)
+ send_packet(n, packet);
break;
case RMODE_SWITCH:
- cl = route_mac(packet);
- if(cl)
- send_packet(cl, packet);
+ n = route_mac(packet);
+ if(n)
+ send_packet(n, packet);
else
broadcast_packet(myself, packet);
break;
}
}
-void route_incoming(connection_t *source, vpn_packet_t *packet)
+void route_incoming(node_t *source, vpn_packet_t *packet)
{
switch(routing_mode)
{
case RMODE_ROUTER:
- memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */
- accept_packet(packet);
+ {
+ node_t *n = NULL;
+ unsigned short int type;
+
+ type = ntohs(*((unsigned short*)(&packet->data[12])));
+ switch(type)
+ {
+ case 0x0800:
+ n = route_ipv4(packet);
+ break;
+ case 0x86DD:
+ n = route_ipv6(packet);
+ break;
+ default:
+ n = myself;
+ break;
+ }
+
+ if(n)
+ {
+ if(n == myself)
+ {
+ memcpy(packet->data, mymac.net.mac.address.x, 6);
+ write_packet(packet);
+ }
+ else
+ send_packet(n, packet);
+ }
+ }
break;
case RMODE_SWITCH:
{
if(subnet)
{
if(subnet->owner == myself)
- accept_packet(packet);
+ write_packet(packet);
else
send_packet(subnet->owner, packet);
}
else
{
broadcast_packet(source, packet);
- accept_packet(packet);
+ write_packet(packet);
}
}
break;
case RMODE_HUB:
- broadcast_packet(source,packet); /* Spread it on */
- accept_packet(packet);
+ broadcast_packet(source, packet); /* Spread it on */
+ write_packet(packet);
break;
}
}
projects / tinc / blobdiff