X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Froute.c;h=c73ac9f2e5374c9aaba874bdefd3381b7666d797;hb=36623e15a1c8685e5d8730345c1a7f9c93710fef;hp=9897d0d7e260f602ad809ff595d48226ffe60c6b;hpb=79e46d08a46f2fef2ee4e8eac7ba487007160564;p=meshlink diff --git a/src/route.c b/src/route.c index 9897d0d7..c73ac9f2 100644 --- a/src/route.c +++ b/src/route.c @@ -22,10 +22,12 @@ #include "splay_tree.h" #include "connection.h" +#include "control_common.h" #include "ethernet.h" #include "ipv4.h" #include "ipv6.h" #include "logger.h" +#include "meta.h" #include "net.h" #include "protocol.h" #include "route.h" @@ -34,11 +36,14 @@ rmode_t routing_mode = RMODE_ROUTER; fmode_t forwarding_mode = FMODE_INTERNAL; +bool decrement_ttl = true; bool directonly = false; bool priorityinheritance = false; int macexpire = 600; bool overwrite_mac = false; +bool broadcast = true; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; +bool pcap = false; /* Sizes of various headers */ @@ -83,13 +88,14 @@ static bool ratelimit(int frequency) { time_t now = time(NULL); if(lasttime == now) { - if(++count > frequency) + if(count >= frequency) return true; } else { lasttime = now; count = 0; } + count++; return false; } @@ -344,7 +350,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) { todo = ntohs(ip.ip_len) - ip_size; if(ether_size + ip_size + todo != packet->len) { - ifdebug(TRAFFIC) logger(LOG_WARNING, "Length of packet (%d) doesn't match length in IPv4 header (%zd)", packet->len, ether_size + ip_size + todo); + ifdebug(TRAFFIC) logger(LOG_WARNING, "Length of packet (%d) doesn't match length in IPv4 header (%d)", packet->len, (int)(ether_size + ip_size + todo)); return; } @@ -411,6 +417,11 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { packet->priority = packet->data[15]; via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + + if(via == source) { + ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname); + return; + } if(directonly && subnet->owner != via) return route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_ANO); @@ -436,11 +447,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip_size)) return; - if(((packet->data[30] & 0xf0) == 0xe0) || ( + if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || ( packet->data[30] == 255 && packet->data[31] == 255 && packet->data[32] == 255 && - packet->data[33] == 255)) + packet->data[33] == 255))) broadcast_packet(source, packet); else route_ipv4_unicast(source, packet); @@ -563,6 +574,11 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + if(via == source) { + ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname); + return; + } + if(directonly && subnet->owner != via) return route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN); @@ -728,7 +744,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) { return; } - if(packet->data[38] == 255) + if(broadcast && packet->data[38] == 255) broadcast_packet(source, packet); else route_ipv6_unicast(source, packet); @@ -818,7 +834,8 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { subnet = lookup_subnet_mac(NULL, &dest); if(!subnet) { - broadcast_packet(source, packet); + if(broadcast) + broadcast_packet(source, packet); return; } @@ -860,7 +877,69 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { send_packet(subnet->owner, packet); } +static void send_pcap(vpn_packet_t *packet) { + pcap = false; + for(splay_node_t *node = connection_tree->head; node; node = node->next) { + connection_t *c = node->data; + if(!c->status.pcap) + continue; + else + pcap = true; + if(send_request(c, "%d %d %d", CONTROL, REQ_PCAP, packet->len)) + send_meta(c, (char *)packet->data, packet->len); + } +} + +static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { + uint16_t type = packet->data[12] << 8 | packet->data[13]; + + switch (type) { + case ETH_P_IP: + if(!checklength(source, packet, 14 + 32)) + return false; + + if(packet->data[22] < 1) { + if(packet->data[25] != IPPROTO_ICMP || packet->data[46] != ICMP_TIME_EXCEEDED) + route_ipv4_unreachable(source, packet, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL); + return false; + } + + uint16_t old = packet->data[22] << 8 | packet->data[23]; + packet->data[22]--; + uint16_t new = packet->data[22] << 8 | packet->data[23]; + + uint32_t checksum = packet->data[24] << 8 | packet->data[25]; + checksum += old + (~new & 0xFFFF); + while(checksum >> 16) + checksum = (checksum & 0xFFFF) + (checksum >> 16); + packet->data[24] = checksum >> 8; + packet->data[25] = checksum & 0xff; + + return true; + + case ETH_P_IPV6: + if(!checklength(source, packet, 14 + 40)) + return false; + + if(packet->data[21] < 1) { + if(packet->data[20] != IPPROTO_ICMPV6 || packet->data[54] != ICMP6_TIME_EXCEEDED) + route_ipv6_unreachable(source, packet, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT); + return false; + } + + packet->data[21]--; + + return true; + + default: + return true; + } +} + void route(node_t *source, vpn_packet_t *packet) { + if(pcap) + send_pcap(packet); + if(forwarding_mode == FMODE_KERNEL && source != myself) { send_packet(myself, packet); return; @@ -869,6 +948,10 @@ void route(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size)) return; + if(decrement_ttl && source != myself) + if(!do_decrement_ttl(source, packet)) + return; + switch (routing_mode) { case RMODE_ROUTER: {