Add the StrictSubnets option.

When this option is enabled, tinc will not accept dynamic updates of Subnets from other nodes, but will only use Subnets read from local host config files to build its routing table.
2010-03-02 00:18:44 +01:00 · 2010-03-02 00:18:44 +01:00 · 5038964032
commit 5038964032
parent 9fed0ec34b
7 changed files with 35 additions and 6 deletions
--- a/src/net.c
+++ b/src/net.c
@ -68,7 +68,7 @@ static void purge(void) {
 			for(snode = n->subnet_tree->head; snode; snode = snext) {
 				snext = snode->next;
 				s = snode->data;
-				if(!tunnelserver)
+				if(!strictsubnets)
 					send_del_subnet(broadcast, s);
 				subnet_del(n, s);
 			}
--- a/src/net_setup.c
+++ b/src/net_setup.c
@ -339,7 +339,9 @@ bool setup_myself(void) {
 	if(myself->options & OPTION_TCPONLY)
 		myself->options |= OPTION_INDIRECT;

+	get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
 	get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
+	strictsubnets |= tunnelserver;

 	if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) {
 		if(!strcasecmp(mode, "router"))
@ -485,7 +487,7 @@ bool setup_myself(void) {

 	graph();

-	if(tunnelserver)
+	if(strictsubnets)
 		load_all_subnets();

 	/* Open device */
--- a/src/protocol.c
+++ b/src/protocol.c
@ -29,6 +29,7 @@
 #include "xalloc.h"

 bool tunnelserver = false;
+bool strictsubnets = false;

 /* Jumptable for the request handlers */

--- a/src/protocol.h
+++ b/src/protocol.h
@ -53,6 +53,7 @@ typedef struct past_request_t {
 } past_request_t;

 extern bool tunnelserver;
+extern bool strictsubnets;

 /* Maximum size of strings in a request.
 * scanf terminates %2048s with a NUL character,
--- a/src/protocol_subnet.c
+++ b/src/protocol_subnet.c
@ -112,6 +112,13 @@ bool add_subnet_h(connection_t *c) {
 		return true;
 	}

+	/* Ignore if strictsubnets is true, but forward it to others */
+
+	if(strictsubnets) {
+		forward_request(c);
+		return true;
+	}
+
 	/* If everything is correct, add the subnet to the list of the owner */

 	*(new = new_subnet()) = s;
@ -198,6 +205,8 @@ bool del_subnet_h(connection_t *c) {
 	if(!find) {
 		ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) for %s which does not appear in his subnet tree",
 				   "DEL_SUBNET", c->name, c->hostname, name);
+		if(strictsubnets)
+			forward_request(c);
 		return true;
 	}

@ -216,6 +225,8 @@ bool del_subnet_h(connection_t *c) {
 	/* Tell the rest */

 	forward_request(c);
+	if(strictsubnets)
+		return true;

 	/* Finally, delete it. */