Forwarding in switch mode

Etienne Dechamps etienne at edechamps.fr
Fri Sep 26 21:08:04 CEST 2014 

On Fri, Sep 26, 2014 at 7:30 PM, Николай Шульга <nsh at runway.lv> wrote:
> I made a check and - it works now with settings you have advised.
> I've been misled by the name of the settings. I thought, "IndirectData = no"
> should mean we are prohibiting indirect data. While in reality to prohibit ,
> we should write "IndirectData = yes".

No, that's not what it does. "IndirectData" means "send packets
through the metaconnection graph using other nodes as relays if
necessary, even if we could send them directly". "DirectOnly" means
"always send packets *directly* to the recipient node". The
combination of both means "send packets using the metaconnection
graph, but never send packets through relays", or, in other words,
"drop packets for nodes to which we don't have a direct
metaconnection".

Let's take your example with nodes A, B and C and the metaconnection
graph A <-> B <-> C:

If you don't specify anything, A will establish a *direct* UDP tunnel
to C and use that to send packets to C, *even* if there is no
metaconnection (i.e. no ConnectTo statement) between A and C.

If you specify DirectOnly in that scenario, nothing happens, because A
*does* send packets directly to C.

However, if you specify IndirectData on A, then you're forcing A to
*not* establish the UDP tunnel I mentioned above. Instead you're
forcing A to use B as a relay to send packets to C, or in other words,
to *indirect* packets through B (hence the name of the option).

If you specify *both*, then IndirectData forces A to indirect packets
through B to talk to C, but that's not possible because of DirectOnly,
therefore the packet is simply dropped and A and C are unable to talk
to each other.

> Probably it would be good to put this clarification to the documentation. As
> I've red through all settings in documentation many times and have
> interpreted this one the wrong way.

I think the real issue is that most people are confused by the way
tinc actually works when it comes to transmitting packets. Most people
seem to assume that tinc follows the metaconnection graph when
transmitting packets, but that's not true: tinc is actually smarter
than that and will establish direct tunnels whenever possible. The
only cases where tinc will use other nodes as relays is when
IndirectData is enabled, or when it has no other choice (i.e. no way
to get UDP packets through). This is what needs to be documented
better, I think.

More information about the tinc mailing list