j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Fix DecrementTTL option.

Browse source 
The option was not actually working, as it could be seen on traceroute or mtr.

The problem is that it was checking if the TTL was < 1 (so equal to 0) before decrementing it.

This meant that a packet with a TTL of 1 was being sent with a TTL of 0 on the VPN, instead of being discarded with the ICMP error message.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

# Conflicts:
#	src/route.c
This commit is contained in:
Vittorio Gambaletta (VittGam) 2015-09-03 16:02:50 +02:00 committed by Guus Sliepen
parent ac9e32ff91
commit a8a3a2c8ce
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/route.c
View file

@ -902,7 +902,7 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ethlen + ip_size)) if(!checklength(source, packet, ethlen + ip_size))
return false; return false;
if(DATA(packet)[ethlen + 8] < 1) { if(DATA(packet)[ethlen + 8] <= 1) {
if(DATA(packet)[ethlen + 11] != IPPROTO_ICMP || DATA(packet)[ethlen + 32] != ICMP_TIME_EXCEEDED) if(DATA(packet)[ethlen + 11] != IPPROTO_ICMP || DATA(packet)[ethlen + 32] != ICMP_TIME_EXCEEDED)
route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL); route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
return false; return false;
@ -925,7 +925,7 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ethlen + ip6_size)) if(!checklength(source, packet, ethlen + ip6_size))
return false; return false;
if(DATA(packet)[ethlen + 7] < 1) { if(DATA(packet)[ethlen + 7] <= 1) {
if(DATA(packet)[ethlen + 6] != IPPROTO_ICMPV6 || DATA(packet)[ethlen + 40] != ICMP6_TIME_EXCEEDED) if(DATA(packet)[ethlen + 6] != IPPROTO_ICMPV6 || DATA(packet)[ethlen + 40] != ICMP6_TIME_EXCEEDED)
route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT); route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
return false; return false;