"Mode Switch" and "Tunnelserver Yes" cause unnecessary traffic to clients (proposed patch)

[ZioPRoTo (Saverio Proto)]

The following is maybe a bug report, and a proposed patch.

Using latest stable tinc 1.0.12.

I have a central server and a few clients connecting to this server.

I don't want clients to speak directly, but I want all the
communications to pass by the server.

My configuration is:
Mode = switch
TunnelServer = Yes

I need layer2 because of some ethernet stuff on the clients.

When you have these two things set up it happens that the tincd damon
will ignore any Subnet add request, if not allowed in the
configuration file.
This means that, because tincd is working on L2, it will not learn the
MAC addresses of the other peers, and will send any packet to every
peer.

Because I am working with "switch" it not not enough to add the subnet
used into the VPN with a statement like:

Subnet = 10.0.0.0/8

But I should add every Mac address of the tap interfaces of the clients.
This is not feasible, because I also guess these mac addresses change
everytime a tap interface is created.

What I did to fix my problem was to patch this file at line 109:
src/protocol_subnet.c:109

deleting the if statement that was preventing to add "Subnets"

So I just deleted from line 109 to 130. Of course this is a dirty hack
that works in my particular setup.

Now the ARP lookup on the server works fine. before the server was
sending the traffic to ALL the clients, so working as a hub.

I understand that mine is a unusual setup and that tunnelmode is experimental.

If we understand together the intended behavior of tinc in this case,
I can code a proper and clean patch and submit it to the mailing list.

Let me know !

Saverio