From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 25 Feb 2012 20:46:18 +0000 (+0100)
Subject: Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
X-Git-Tag: release-1.0.17~8
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=f1d5eae643cdf537ef357f10f2da8ff83bdf32b4;hp=5a28aa7b8b0ab6237c2eab5f8b11253ea3ec5a05

Don't send ICMP Time Exceeded messages for other Time Exceeded messages.

That would be silly.
---

diff --git a/src/route.c b/src/route.c
index 0b77bd4a..b2e1b7bd 100644
--- a/src/route.c
+++ b/src/route.c
@@ -82,13 +82,14 @@ static bool ratelimit(int frequency) {
 	static int count = 0;
 	
 	if(lasttime == now) {
-		if(++count > frequency)
+		if(count >= frequency)
 			return true;
 	} else {
 		lasttime = now;
 		count = 0;
 	}
 
+	count++;
 	return false;
 }
 
@@ -858,7 +859,8 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
 				return false;
 
 			if(packet->data[22] < 1) {
-				route_ipv4_unreachable(source, packet, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
+				if(packet->data[25] != IPPROTO_ICMP || packet->data[46] != ICMP_TIME_EXCEEDED)
+					route_ipv4_unreachable(source, packet, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
 				return false;
 			}
 
@@ -880,7 +882,8 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
 				return false;
 
 			if(packet->data[21] < 1) {
-				route_ipv6_unreachable(source, packet, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
+				if(packet->data[20] != IPPROTO_ICMPV6 || packet->data[54] != ICMP6_TIME_EXCEEDED)
+					route_ipv6_unreachable(source, packet, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
 				return false;
 			}