X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_subnet.c;h=15ec8bf4c807ce33f0a24e20920416f39f96a2b8;hp=e7ab8b24e8edd20a4a8ebe4a21eb2d0c752b3d8d;hb=985d19caf20058db3c764f0f6fbeafa8bcc59fcc;hpb=4c85542894f7fca823b119b05e07179deb24229a diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index e7ab8b24..15ec8bf4 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -35,7 +35,7 @@ bool send_add_subnet(connection_t *c, const subnet_t *subnet) { char netstr[MAXNETSTR]; - if(!net2str(netstr, sizeof netstr, subnet)) + if(!net2str(netstr, sizeof(netstr), subnet)) return false; return send_request(c, "%d %x %s %s", ADD_SUBNET, rand(), subnet->owner->name, netstr); @@ -45,7 +45,7 @@ bool add_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - subnet_t s = {0}, *new; + subnet_t s = {NULL}, *new, *old; if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { logger(LOG_ERR, "Got bad %s from %s (%s)", "ADD_SUBNET", c->name, @@ -104,29 +104,21 @@ bool add_subnet_h(connection_t *c) { return true; } - /* In tunnel server mode, check if the subnet matches one in the config file of this node */ + /* In tunnel server mode, we should already know all allowed subnets */ if(tunnelserver) { - config_t *cfg; - subnet_t *allowed; - - for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) { - if(!get_config_subnet(cfg, &allowed)) - return false; - - if(!subnet_compare(&s, allowed)) - break; + logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", + "ADD_SUBNET", c->name, c->hostname, subnetstr); + return true; + } - free_subnet(allowed); - } + /* Ignore if strictsubnets is true, but forward it to others */ - if(!cfg) { - logger(LOG_WARNING, "Unauthorized %s from %s (%s) for %s", + if(strictsubnets) { + logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", "ADD_SUBNET", c->name, c->hostname, subnetstr); - return false; - } - - free_subnet(allowed); + forward_request(c); + return true; } /* If everything is correct, add the subnet to the list of the owner */ @@ -139,8 +131,12 @@ bool add_subnet_h(connection_t *c) { /* Tell the rest */ - if(!tunnelserver) - forward_request(c); + forward_request(c); + + /* Fast handoff of roaming MAC addresses */ + + if(s.type == SUBNET_MAC && owner != myself && (old = lookup_subnet(myself, &s)) && old->expires) + old->expires = now; return true; } @@ -148,7 +144,7 @@ bool add_subnet_h(connection_t *c) { bool send_del_subnet(connection_t *c, const subnet_t *s) { char netstr[MAXNETSTR]; - if(!net2str(netstr, sizeof netstr, s)) + if(!net2str(netstr, sizeof(netstr), s)) return false; return send_request(c, "%d %x %s %s", DEL_SUBNET, rand(), s->owner->name, netstr); @@ -158,7 +154,7 @@ bool del_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - subnet_t s = {0}, *find; + subnet_t s = {NULL}, *find; if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { logger(LOG_ERR, "Got bad %s from %s (%s)", "DEL_SUBNET", c->name, @@ -211,6 +207,8 @@ bool del_subnet_h(connection_t *c) { if(!find) { ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) for %s which does not appear in his subnet tree", "DEL_SUBNET", c->name, c->hostname, name); + if(strictsubnets) + forward_request(c); return true; } @@ -223,10 +221,14 @@ bool del_subnet_h(connection_t *c) { return true; } + if(tunnelserver) + return true; + /* Tell the rest */ - if(!tunnelserver) - forward_request(c); + forward_request(c); + if(strictsubnets) + return true; /* Finally, delete it. */