From 8420a0c8bde1781db04dd2436eb9d5dca5a1732a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 20 Feb 2012 17:19:00 +0100 Subject: [PATCH] Allow disabling of broadcast packets. The Broadcast option can be used to cause tinc to drop all broadcast and multicast packets. This option might be expanded in the future to selectively allow only some broadcast packet types. --- doc/tinc.conf.5.in | 3 +++ doc/tinc.texi | 4 ++++ src/net_setup.c | 2 +- src/route.c | 10 ++++++---- src/route.h | 1 + 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 8d8e6f1b..8a2aa348 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -150,6 +150,9 @@ It is possible to bind only to a single interface with this variable. .Pp This option may not work on all platforms. +.It Va Broadcast Li = yes | no Po yes Pc Bq experimental +When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode. + .It Va ConnectTo Li = Ar name Specifies which other tinc daemon to connect to on startup. Multiple diff --git a/doc/tinc.texi b/doc/tinc.texi index 4b985dcd..9befcfd6 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -773,6 +773,10 @@ variable. This option may not work on all platforms. +@cindex Broadcast +@item Broadcast = (yes) [experimental] +When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode. + @cindex ConnectTo @item ConnectTo = <@var{name}> Specifies which other tinc daemon to connect to on startup. diff --git a/src/net_setup.c b/src/net_setup.c index 2301c83a..dfed7e56 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -397,8 +397,8 @@ static bool setup_myself(void) { myself->options |= OPTION_CLAMP_MSS; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); - get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl); + get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) diff --git a/src/route.c b/src/route.c index 9e9f9d04..0b77bd4a 100644 --- a/src/route.c +++ b/src/route.c @@ -39,6 +39,7 @@ bool directonly = false; bool priorityinheritance = false; int macexpire = 600; bool overwrite_mac = false; +bool broadcast = true; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* Sizes of various headers */ @@ -423,11 +424,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip_size)) return; - if(((packet->data[30] & 0xf0) == 0xe0) || ( + if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || ( packet->data[30] == 255 && packet->data[31] == 255 && packet->data[32] == 255 && - packet->data[33] == 255)) + packet->data[33] == 255))) broadcast_packet(source, packet); else route_ipv4_unicast(source, packet); @@ -715,7 +716,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) { return; } - if(packet->data[38] == 255) + if(broadcast && packet->data[38] == 255) broadcast_packet(source, packet); else route_ipv6_unicast(source, packet); @@ -805,7 +806,8 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { subnet = lookup_subnet_mac(NULL, &dest); if(!subnet) { - broadcast_packet(source, packet); + if(broadcast) + broadcast_packet(source, packet); return; } diff --git a/src/route.h b/src/route.h index 3585cef4..c1481fa3 100644 --- a/src/route.h +++ b/src/route.h @@ -41,6 +41,7 @@ extern fmode_t forwarding_mode; extern bool decrement_ttl; extern bool directonly; extern bool overwrite_mac; +extern bool broadcast; extern bool priorityinheritance; extern int macexpire;