X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Froute.c;h=48ba0e84f9cf138aede56137b1db3a8a2fe28626;hp=d300e0c7906866e0bdc62af08194d5b8a846c360;hb=35399784b695c9ac692beba7be7930ee9f24412f;hpb=e8fbef5de653e4df35eee49aae6e1ac92d6466e6 diff --git a/src/route.c b/src/route.c index d300e0c7..48ba0e84 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.71 2003/12/13 21:50:26 guus Exp $ + $Id: route.c,v 1.1.2.74 2003/12/22 11:04:17 guus Exp $ */ #include "system.h" @@ -206,7 +206,7 @@ static __inline__ void route_mac(node_t *source, vpn_packet_t *packet) /* RFC 792 */ -static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) +static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip ip = {0}; struct icmp icmp = {0}; @@ -231,6 +231,9 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t oldlen = packet->len - ether_size; + if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) + icmp.icmp_nextmtu = htons(packet->len - ether_size); + if(oldlen >= IP_MSS - ip_size - icmp_size) oldlen = IP_MSS - ip_size - icmp_size; @@ -256,7 +259,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t /* Fill in ICMP header */ - icmp.icmp_type = ICMP_DEST_UNREACH; + icmp.icmp_type = type; icmp.icmp_code = code; icmp.icmp_cksum = 0; @@ -269,10 +272,62 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size); packet->len = ether_size + ip_size + icmp_size + oldlen; - + send_packet(source, packet); } +/* RFC 791 */ + +static __inline__ void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) { + struct ip ip; + vpn_packet_t fragment; + int len, maxlen, todo; + uint8_t *offset; + uint16_t ip_off, origf; + + cp(); + + memcpy(&ip, packet->data + ether_size, ip_size); + fragment.priority = packet->priority; + + if(ip.ip_hl != ip_size / 4) + return; + + todo = ntohs(ip.ip_len) - ip_size; + + if(ether_size + ip_size + todo != packet->len) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Length of packet (%d) doesn't match length in IPv4 header (%d)"), packet->len, ether_size + ip_size + todo); + return; + } + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Fragmenting packet of %d bytes to %s (%s)"), packet->len, dest->name, dest->hostname); + + offset = packet->data + ether_size + ip_size; + maxlen = (dest->mtu - ether_size - ip_size) & ~0x7; + ip_off = ntohs(ip.ip_off); + origf = ip_off & ~IP_OFFMASK; + ip_off &= IP_OFFMASK; + + while(todo) { + len = todo > maxlen ? maxlen : todo; + memcpy(fragment.data + ether_size + ip_size, offset, len); + todo -= len; + offset += len; + + ip.ip_len = htons(ip_size + len); + ip.ip_off = htons(ip_off | origf | (todo ? IP_MF : 0)); + ip.ip_sum = 0; + ip.ip_sum = inet_checksum(&ip, ip_size, ~0); + memcpy(fragment.data, packet->data, ether_size); + memcpy(fragment.data + ether_size, &ip, ip_size); + fragment.len = ether_size + ip_size + len; + + send_packet(dest, &fragment); + + ip_off += len / 8; + } +} + static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -289,7 +344,7 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) packet->data[32], packet->data[33]); - route_ipv4_unreachable(source, packet, ICMP_NET_UNKNOWN); + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNKNOWN); return; } @@ -299,11 +354,23 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) } if(!subnet->owner->status.reachable) - route_ipv4_unreachable(source, packet, ICMP_NET_UNREACH); + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNREACH); if(priorityinheritance) packet->priority = packet->data[15]; + if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + if(packet->data[20] & 0x40) { + packet->len = subnet->owner->mtu; + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); + } else { + fragment_ipv4_packet(subnet->owner, packet); + } + + return; + } + send_packet(subnet->owner, packet); } @@ -319,7 +386,7 @@ static __inline__ void route_ipv4(node_t *source, vpn_packet_t *packet) /* RFC 2463 */ -static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) +static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip6_hdr ip6; struct icmp6_hdr icmp6 = {0}; @@ -347,6 +414,9 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t pseudo.ip6_dst = ip6.ip6_src; pseudo.length = packet->len - ether_size; + + if(type == ICMP6_PACKET_TOO_BIG) + icmp6.icmp6_mtu = htonl(pseudo.length); if(pseudo.length >= IP_MSS - ip6_size - icmp6_size) pseudo.length = IP_MSS - ip6_size - icmp6_size; @@ -366,7 +436,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t /* Fill in ICMP header */ - icmp6.icmp6_type = ICMP6_DST_UNREACH; + icmp6.icmp6_type = type; icmp6.icmp6_code = code; icmp6.icmp6_cksum = 0; @@ -413,7 +483,7 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) ntohs(*(uint16_t *) &packet->data[50]), ntohs(*(uint16_t *) &packet->data[52])); - route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_ADDR); + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR); return; } @@ -423,8 +493,15 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) } if(!subnet->owner->status.reachable) - route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_NOROUTE); + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE); + if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + packet->len = subnet->owner->mtu; + route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); + return; + } + send_packet(subnet->owner, packet); }