Forwarding in switch mode

[Etienne Dechamps]

Most likely, you'll find that B is not actually forwarding packets.
Instead, what happens is that tinc automatically establishes a direct
UDP tunnel behind the scenes between A and C, allowing A and C to talk
directly without going through B. That happens even if you didn't
manually set up a metaconnection between A and C.

What you really want in that case is to (1) make sure that packets are
never sent outside of manually configured links, and (2) disable
forwarding. (1) is achieved by using the IndirectData option, and (2)
is achieved using the DirectOnly option. Therefore you need to use
both (on A and C) at the same time to achieve your goal. This is
explained in the documentation for DirectOnly:

"When this option is enabled, packets that cannot be sent directly to
the destination node, but which would have to be forwarded by an
intermediate node, are dropped instead.  When combined with the
IndirectData option, packets for nodes for which we do not have a meta
connection with are also dropped."

On Thu, Sep 25, 2014 at 4:14 PM, Николай Шульга <nsh at runway.lv> wrote:
> I like tinc and am using it widely in the company I work for.
> Currently I'm experimenting with 'switch' mode & have a problem with packets
> being forwarded.
> I've tried possible combinations with next parameters:
>
> a) Broadcast = direct
> b) Forwarding = kernel
> c) DirectOnly = yes
>
> From the documentation, it looks like (a) should be enough to stop packet
> forwarding between tinc nodes. But non of those parameters or combinations
> of them have helped me.
> The target is: if we have Router_A---------Router_B----------Router_C,
> A and C don't have direct connection, then B should not forward packets
> between them.
> Please, if it's possible, those who knows a way to stop forwarding, give me
> an advice.