X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Froute.c;h=7538bec517c8a70a42bf6d566d63448e8d6f5d44;hp=e79fae51f130a9ce4f5182d789022b41ab74aeda;hb=a227843b739d279b63adcf3736ebb03d856080c4;hpb=78fc59e994c764d072bf0045177f690a378d1308 diff --git a/src/route.c b/src/route.c index e79fae51..7538bec5 100644 --- a/src/route.c +++ b/src/route.c @@ -13,11 +13,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" @@ -53,8 +51,7 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr); /* RFC 1071 */ -static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) -{ +static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) { uint16_t *p = data; uint32_t checksum = prevsum ^ 0xFFFF; @@ -94,15 +91,19 @@ static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) { } else return true; } + +static void swap_mac_addresses(vpn_packet_t *packet) { + mac_t tmp; + memcpy(&tmp, &packet->data[0], sizeof tmp); + memcpy(&packet->data[0], &packet->data[6], sizeof tmp); + memcpy(&packet->data[6], &tmp, sizeof tmp); +} -static void learn_mac(mac_t *address) -{ +static void learn_mac(mac_t *address) { subnet_t *subnet; avl_node_t *node; connection_t *c; - cp(); - subnet = lookup_subnet_mac(address); /* If we don't know this MAC address yet, store it */ @@ -131,14 +132,11 @@ static void learn_mac(mac_t *address) subnet->expires = now + macexpire; } -void age_subnets(void) -{ +void age_subnets(void) { subnet_t *s; connection_t *c; avl_node_t *node, *next, *node2; - cp(); - for(node = myself->subnet_tree->head; node; node = next) { next = node->next; s = node->data; @@ -160,44 +158,9 @@ void age_subnets(void) } } -static void route_mac(node_t *source, vpn_packet_t *packet) -{ - subnet_t *subnet; - mac_t dest; - - cp(); - - - /* Learn source address */ - - if(source == myself) { - mac_t src; - memcpy(&src, &packet->data[6], sizeof src); - learn_mac(&src); - } - - /* Lookup destination address */ - - memcpy(&dest, &packet->data[0], sizeof dest); - subnet = lookup_subnet_mac(&dest); - - if(!subnet) { - broadcast_packet(source, packet); - return; - } - - if(subnet->owner == source) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Packet looping back to %s (%s)!"), source->name, source->hostname); - return; - } - - send_packet(subnet->owner, packet); -} - /* RFC 792 */ -static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) -{ +static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip ip = {0}; struct icmp icmp = {0}; @@ -208,7 +171,9 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t if(ratelimit(3)) return; - cp(); + /* Swap Ethernet source and destination addresses */ + + swap_mac_addresses(packet); /* Copy headers from packet into properly aligned structs on the stack */ @@ -275,8 +240,6 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) { uint8_t *offset; uint16_t ip_off, origf; - cp(); - memcpy(&ip, packet->data + ether_size, ip_size); fragment.priority = packet->priority; @@ -318,14 +281,11 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) { } } -static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) -{ +static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; node_t *via; ipv4_t dest; - cp(); - memcpy(&dest, &packet->data[30], sizeof dest); subnet = lookup_subnet_ipv4(&dest); @@ -369,10 +329,7 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) send_packet(subnet->owner, packet); } -static void route_ipv4(node_t *source, vpn_packet_t *packet) -{ - cp(); - +static void route_ipv4(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip_size)) return; @@ -388,8 +345,7 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) /* RFC 2463 */ -static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) -{ +static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip6_hdr ip6; struct icmp6_hdr icmp6 = {0}; uint16_t checksum; @@ -404,7 +360,9 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t if(ratelimit(3)) return; - cp(); + /* Swap Ethernet source and destination addresses */ + + swap_mac_addresses(packet); /* Copy headers from packet to structs on the stack */ @@ -465,14 +423,11 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t send_packet(source, packet); } -static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) -{ +static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; node_t *via; ipv6_t dest; - cp(); - memcpy(&dest, &packet->data[38], sizeof dest); subnet = lookup_subnet_ipv6(&dest); @@ -514,8 +469,7 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) /* RFC 2461 */ -static void route_neighborsol(node_t *source, vpn_packet_t *packet) -{ +static void route_neighborsol(node_t *source, vpn_packet_t *packet) { struct ip6_hdr ip6; struct nd_neighbor_solicit ns; struct nd_opt_hdr opt; @@ -530,8 +484,6 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) uint32_t next; } pseudo; - cp(); - if(!checklength(source, packet, ether_size + ip6_size + ns_size)) return; @@ -656,10 +608,7 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) send_packet(source, packet); } -static void route_ipv6(node_t *source, vpn_packet_t *packet) -{ - cp(); - +static void route_ipv6(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip6_size)) return; @@ -676,14 +625,11 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) /* RFC 826 */ -static void route_arp(node_t *source, vpn_packet_t *packet) -{ +static void route_arp(node_t *source, vpn_packet_t *packet) { struct ether_arp arp; subnet_t *subnet; struct in_addr addr; - cp(); - if(!checklength(source, packet, ether_size + arp_size)) return; @@ -743,19 +689,67 @@ static void route_arp(node_t *source, vpn_packet_t *packet) send_packet(source, packet); } -void route(node_t *source, vpn_packet_t *packet) -{ - cp(); +static void route_mac(node_t *source, vpn_packet_t *packet) { + subnet_t *subnet; + mac_t dest; + + /* Learn source address */ + + if(source == myself) { + mac_t src; + memcpy(&src, &packet->data[6], sizeof src); + learn_mac(&src); + } + + /* Lookup destination address */ + + memcpy(&dest, &packet->data[0], sizeof dest); + subnet = lookup_subnet_mac(&dest); + + if(!subnet) { + broadcast_packet(source, packet); + return; + } + + if(subnet->owner == source) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Packet looping back to %s (%s)!"), source->name, source->hostname); + return; + } + + // Handle packets larger than PMTU + + node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + + if(via && packet->len > via->mtu && via != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); + uint16_t type = packet->data[12] << 8 | packet->data[13]; + if(type == ETH_P_IP) { + if(packet->data[20] & 0x40) { + packet->len = via->mtu; + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); + } else { + fragment_ipv4_packet(via, packet); + } + return; + } else if(type == ETH_P_IPV6) { + packet->len = via->mtu; + route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); + return; + } + } + + send_packet(subnet->owner, packet); +} +void route(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size)) return; switch (routing_mode) { case RMODE_ROUTER: { - uint16_t type; + uint16_t type = packet->data[12] << 8 | packet->data[13]; - type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { case ETH_P_ARP: route_arp(source, packet);