Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node, but which would have to be forwarded by an intermediate node, are dropped instead. When combined with the IndirectData option, packets for nodes for which we do not have a meta connection with are also dropped.
This commit is contained in:
parent
95a6974de1
commit
3e4829e78a
5 changed files with 25 additions and 0 deletions
|
@ -199,6 +199,12 @@ Tinc will expect packets read from the virtual network device
|
||||||
to start with an Ethernet header.
|
to start with an Ethernet header.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
|
.It Va DirectOnly Li = yes | no Pq no
|
||||||
|
When this option is enabled, packets that cannot be sent directly to the destination node,
|
||||||
|
but which would have to be forwarded by an intermediate node, are dropped instead.
|
||||||
|
When combined with the IndirectData option,
|
||||||
|
packets for nodes for which we do not have a meta connection with are also dropped.
|
||||||
|
|
||||||
.It Va Forwarding Li = off | internal | kernel Pq internal
|
.It Va Forwarding Li = off | internal | kernel Pq internal
|
||||||
This option selects the way indirect packets are forwarded.
|
This option selects the way indirect packets are forwarded.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
|
@ -818,6 +818,13 @@ Tinc will expect packets read from the virtual network device
|
||||||
to start with an Ethernet header.
|
to start with an Ethernet header.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
|
@cindex DirectOnly
|
||||||
|
@item DirectOnly = <yes|no> (no)
|
||||||
|
When this option is enabled, packets that cannot be sent directly to the destination node,
|
||||||
|
but which would have to be forwarded by an intermediate node, are dropped instead.
|
||||||
|
When combined with the IndirectData option,
|
||||||
|
packets for nodes for which we do not have a meta connection with are also dropped.
|
||||||
|
|
||||||
@cindex Forwarding
|
@cindex Forwarding
|
||||||
@item Forwarding = <off|internal|kernel> (internal)
|
@item Forwarding = <off|internal|kernel> (internal)
|
||||||
This option selects the way indirect packets are forwarded.
|
This option selects the way indirect packets are forwarded.
|
||||||
|
|
|
@ -339,6 +339,7 @@ bool setup_myself(void) {
|
||||||
if(myself->options & OPTION_TCPONLY)
|
if(myself->options & OPTION_TCPONLY)
|
||||||
myself->options |= OPTION_INDIRECT;
|
myself->options |= OPTION_INDIRECT;
|
||||||
|
|
||||||
|
get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly);
|
||||||
get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
|
get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
|
||||||
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
|
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
|
||||||
strictsubnets |= tunnelserver;
|
strictsubnets |= tunnelserver;
|
||||||
|
|
10
src/route.c
10
src/route.c
|
@ -34,6 +34,7 @@
|
||||||
|
|
||||||
rmode_t routing_mode = RMODE_ROUTER;
|
rmode_t routing_mode = RMODE_ROUTER;
|
||||||
fmode_t forwarding_mode = FMODE_INTERNAL;
|
fmode_t forwarding_mode = FMODE_INTERNAL;
|
||||||
|
bool directonly = false;
|
||||||
bool priorityinheritance = false;
|
bool priorityinheritance = false;
|
||||||
int macexpire = 600;
|
int macexpire = 600;
|
||||||
bool overwrite_mac = false;
|
bool overwrite_mac = false;
|
||||||
|
@ -394,6 +395,9 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
|
if(directonly && subnet->owner != via)
|
||||||
|
return route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_ANO);
|
||||||
|
|
||||||
if(via && packet->len > max(via->mtu, 590) && via != myself) {
|
if(via && packet->len > max(via->mtu, 590) && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
if(packet->data[20] & 0x40) {
|
if(packet->data[20] & 0x40) {
|
||||||
|
@ -542,6 +546,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
|
if(directonly && subnet->owner != via)
|
||||||
|
return route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
|
||||||
|
|
||||||
if(via && packet->len > max(via->mtu, 1294) && via != myself) {
|
if(via && packet->len > max(via->mtu, 1294) && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
packet->len = max(via->mtu, 1294);
|
packet->len = max(via->mtu, 1294);
|
||||||
|
@ -809,6 +816,9 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
// Handle packets larger than PMTU
|
// Handle packets larger than PMTU
|
||||||
|
|
||||||
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
|
if(directonly && subnet->owner != via)
|
||||||
|
return;
|
||||||
|
|
||||||
if(via && packet->len > via->mtu && via != myself) {
|
if(via && packet->len > via->mtu && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
|
|
|
@ -38,6 +38,7 @@ typedef enum fmode_t {
|
||||||
|
|
||||||
extern rmode_t routing_mode;
|
extern rmode_t routing_mode;
|
||||||
extern fmode_t forwarding_mode;
|
extern fmode_t forwarding_mode;
|
||||||
|
extern bool directonly;
|
||||||
extern bool overwrite_mac;
|
extern bool overwrite_mac;
|
||||||
extern bool priorityinheritance;
|
extern bool priorityinheritance;
|
||||||
extern int macexpire;
|
extern int macexpire;
|
||||||
|
|
Loading…
Reference in a new issue