diff --git a/src/net_packet.c b/src/net_packet.c index 8b49b25a..8753bf65 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.47 2003/12/22 11:04:16 guus Exp $ + $Id: net_packet.c,v 1.1.2.48 2003/12/24 10:48:14 guus Exp $ */ #include "system.h" @@ -352,7 +352,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); - return; + goto end; } outpkt->len = outlen + outpad; @@ -389,16 +389,16 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); if(errno == EMSGSIZE) { if(n->maxmtu >= origlen) n->maxmtu = origlen - 1; if(n->mtu >= origlen) n->mtu = origlen - 1; - } - return; + } else + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); } +end: inpkt->len = origlen; } diff --git a/src/route.c b/src/route.c index 48ba0e84..8f238e2c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.74 2003/12/22 11:04:17 guus Exp $ + $Id: route.c,v 1.1.2.75 2003/12/24 10:48:15 guus Exp $ */ #include "system.h" @@ -331,6 +331,7 @@ static __inline__ void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; + node_t *via; cp(); @@ -359,13 +360,15 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) if(priorityinheritance) packet->priority = packet->data[15]; - if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + + if(packet->len > via->mtu && via != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); if(packet->data[20] & 0x40) { - packet->len = subnet->owner->mtu; + packet->len = via->mtu; route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); } else { - fragment_ipv4_packet(subnet->owner, packet); + fragment_ipv4_packet(via, packet); } return; @@ -466,6 +469,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; + node_t *via; cp(); @@ -494,10 +498,12 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) if(!subnet->owner->status.reachable) route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE); + + via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; - if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); - packet->len = subnet->owner->mtu; + if(packet->len > via->mtu && via != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); + packet->len = via->mtu; route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); return; }