diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 8d8e6f1b..8a2aa348 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -150,6 +150,9 @@ It is possible to bind only to a single interface with this variable. .Pp This option may not work on all platforms. +.It Va Broadcast Li = yes | no Po yes Pc Bq experimental +When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode. + .It Va ConnectTo Li = Ar name Specifies which other tinc daemon to connect to on startup. Multiple diff --git a/doc/tinc.texi b/doc/tinc.texi index 4b985dcd..9befcfd6 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -773,6 +773,10 @@ variable. This option may not work on all platforms. +@cindex Broadcast +@item Broadcast = (yes) [experimental] +When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode. + @cindex ConnectTo @item ConnectTo = <@var{name}> Specifies which other tinc daemon to connect to on startup. diff --git a/src/net_setup.c b/src/net_setup.c index 2301c83a..dfed7e56 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -397,8 +397,8 @@ static bool setup_myself(void) { myself->options |= OPTION_CLAMP_MSS; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); - get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl); + get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) diff --git a/src/route.c b/src/route.c index 9e9f9d04..0b77bd4a 100644 --- a/src/route.c +++ b/src/route.c @@ -39,6 +39,7 @@ bool directonly = false; bool priorityinheritance = false; int macexpire = 600; bool overwrite_mac = false; +bool broadcast = true; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* Sizes of various headers */ @@ -423,11 +424,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip_size)) return; - if(((packet->data[30] & 0xf0) == 0xe0) || ( + if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || ( packet->data[30] == 255 && packet->data[31] == 255 && packet->data[32] == 255 && - packet->data[33] == 255)) + packet->data[33] == 255))) broadcast_packet(source, packet); else route_ipv4_unicast(source, packet); @@ -715,7 +716,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) { return; } - if(packet->data[38] == 255) + if(broadcast && packet->data[38] == 255) broadcast_packet(source, packet); else route_ipv6_unicast(source, packet); @@ -805,7 +806,8 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { subnet = lookup_subnet_mac(NULL, &dest); if(!subnet) { - broadcast_packet(source, packet); + if(broadcast) + broadcast_packet(source, packet); return; } diff --git a/src/route.h b/src/route.h index 3585cef4..c1481fa3 100644 --- a/src/route.h +++ b/src/route.h @@ -41,6 +41,7 @@ extern fmode_t forwarding_mode; extern bool decrement_ttl; extern bool directonly; extern bool overwrite_mac; +extern bool broadcast; extern bool priorityinheritance; extern int macexpire;