diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-01-21 19:06:33 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-01-21 19:06:33 +0000 |
commit | 7e7ac6e0b1230a74684f13ced5c49dfaf52f3753 (patch) | |
tree | aab762d1000f1978746678ca80076a746c799738 /src/exit/gnunet-daemon-exit.c | |
parent | f8afff12b68488033fb322a332dca1dc0536f1da (diff) | |
download | gnunet-7e7ac6e0b1230a74684f13ced5c49dfaf52f3753.tar.gz gnunet-7e7ac6e0b1230a74684f13ced5c49dfaf52f3753.zip |
-document ICMP MESH messages better, discard ICMP payload on exit->mesh->vpn path for certain ICMP types
Diffstat (limited to 'src/exit/gnunet-daemon-exit.c')
-rw-r--r-- | src/exit/gnunet-daemon-exit.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index dec263b53..4179e88a7 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c | |||
@@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
644 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; | 644 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; |
645 | spt = ntohs (udp->spt); | 645 | spt = ntohs (udp->spt); |
646 | dpt = ntohs (udp->dpt); | 646 | dpt = ntohs (udp->dpt); |
647 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
648 | pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); | ||
647 | break; | 649 | break; |
648 | default: | 650 | default: |
649 | GNUNET_STATISTICS_update (stats, | 651 | GNUNET_STATISTICS_update (stats, |
@@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
674 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; | 676 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; |
675 | spt = ntohs (udp->spt); | 677 | spt = ntohs (udp->spt); |
676 | dpt = ntohs (udp->dpt); | 678 | dpt = ntohs (udp->dpt); |
679 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
680 | pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); | ||
677 | break; | 681 | break; |
678 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: | 682 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: |
679 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: | 683 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: |
@@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
735 | memcpy (&i2v->icmp_header, | 739 | memcpy (&i2v->icmp_header, |
736 | icmp, | 740 | icmp, |
737 | pktlen); | 741 | pktlen); |
738 | /* FIXME: should we sanitize the host-specific payload here? On the | ||
739 | one hand, quite a bit of what we send is meaningless on the other | ||
740 | side (our IPs, ports, etc.); on the other hand, trying to compact | ||
741 | the packet would be very messy, and blanking fields out is also | ||
742 | hardly productive as they seem to contain nothing remotely | ||
743 | sensitive. */ | ||
744 | send_packet_to_mesh_tunnel (state->tunnel, | 742 | send_packet_to_mesh_tunnel (state->tunnel, |
745 | tnq); | 743 | tnq); |
746 | } | 744 | } |