projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow broadcast packets to be sent directly instead of via the MST.
[tinc] / src / protocol_subnet.c
diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c
index e7ab8b2..62656c3 100644 (file)
--- a/src/protocol_subnet.c
+++ b/src/protocol_subnet.c
@@ -45,7 +45,7 @@ bool add_subnet_h(connection_t *c) {
        char subnetstr[MAX_STRING_SIZE];
        char name[MAX_STRING_SIZE];
        node_t *owner;
-       subnet_t s = {0}, *new;
+       subnet_t s = {NULL}, *new, *old;
 
        if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) {
                logger(LOG_ERR, "Got bad %s from %s (%s)", "ADD_SUBNET", c->name,
@@ -104,29 +104,21 @@ bool add_subnet_h(connection_t *c) {
                return true;
        }
 
-       /* In tunnel server mode, check if the subnet matches one in the config file of this node */
+       /* In tunnel server mode, we should already know all allowed subnets */
 
        if(tunnelserver) {
-               config_t *cfg;
-               subnet_t *allowed;
-
-               for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) {
-                       if(!get_config_subnet(cfg, &allowed))
-                               return false;
-
-                       if(!subnet_compare(&s, allowed))
-                               break;
+               logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
+                               "ADD_SUBNET", c->name, c->hostname, subnetstr);
+               return true;
+       }
 
-                       free_subnet(allowed);
-               }
+       /* Ignore if strictsubnets is true, but forward it to others */
 
-               if(!cfg) {
-                       logger(LOG_WARNING, "Unauthorized %s from %s (%s) for %s",
+       if(strictsubnets) {
+               logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
                                "ADD_SUBNET", c->name, c->hostname, subnetstr);
-                       return false;
-               }
-
-               free_subnet(allowed);
+               forward_request(c);
+               return true;
        }
 
        /* If everything is correct, add the subnet to the list of the owner */
@@ -139,8 +131,12 @@ bool add_subnet_h(connection_t *c) {
 
        /* Tell the rest */
 
-       if(!tunnelserver)
-               forward_request(c);
+       forward_request(c);
+
+       /* Fast handoff of roaming MAC addresses */
+
+       if(s.type == SUBNET_MAC && owner != myself && (old = lookup_subnet(myself, &s)) && old->expires)
+               old->expires = now;
 
        return true;
 }
@@ -158,7 +154,7 @@ bool del_subnet_h(connection_t *c) {
        char subnetstr[MAX_STRING_SIZE];
        char name[MAX_STRING_SIZE];
        node_t *owner;
-       subnet_t s = {0}, *find;
+       subnet_t s = {NULL}, *find;
 
        if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) {
                logger(LOG_ERR, "Got bad %s from %s (%s)", "DEL_SUBNET", c->name,
@@ -211,6 +207,8 @@ bool del_subnet_h(connection_t *c) {
        if(!find) {
                ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) for %s which does not appear in his subnet tree",
                                   "DEL_SUBNET", c->name, c->hostname, name);
+               if(strictsubnets)
+                       forward_request(c);
                return true;
        }
 
@@ -223,10 +221,14 @@ bool del_subnet_h(connection_t *c) {
                return true;
        }
 
+       if(tunnelserver)
+               return true;
+
        /* Tell the rest */
 
-       if(!tunnelserver)
-               forward_request(c);
+       forward_request(c);
+       if(strictsubnets)
+               return true;
 
        /* Finally, delete it. */
 
tinc, the VPN daemon