Do not forward broadcast packets when TunnelServer is enabled.

First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.

diff --git a/src/net_packet.c b/src/net_packet.c
index 28cf161..40d9451 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -488,9 +488,15 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet)
        ifdebug(TRAFFIC) logger(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"),
                           packet->len, from->name, from->hostname);
 
-       if(from != myself)
+       if(from != myself) {
                send_packet(myself, packet);
 
+               // In TunnelServer mode, do not forward broadcast packets.
+                // The MST might not be valid and create loops.
+               if(tunnelserver)
+                       return;
+       }
+
        for(node = connection_tree->head; node; node = node->next) {
                c = node->data;