diff options
-rw-r--r-- | src/exit/exit.h | 29 | ||||
-rw-r--r-- | src/exit/gnunet-daemon-exit.c | 10 |
2 files changed, 27 insertions, 12 deletions
diff --git a/src/exit/exit.h b/src/exit/exit.h index 92918b92a..f7366df20 100644 --- a/src/exit/exit.h +++ b/src/exit/exit.h | |||
@@ -218,7 +218,10 @@ struct GNUNET_EXIT_IcmpServiceMessage | |||
218 | struct GNUNET_MessageHeader header; | 218 | struct GNUNET_MessageHeader header; |
219 | 219 | ||
220 | /** | 220 | /** |
221 | * Address family, AF_INET or AF_INET6, in network byte order. | 221 | * Address family, AF_INET or AF_INET6, in network byte order. This |
222 | * AF value determines if the 'icmp_header' is ICMPv4 or ICMPv6. | ||
223 | * The receiver (exit) may still have to translate (PT) to the services' | ||
224 | * ICMP version (if possible). | ||
222 | */ | 225 | */ |
223 | int32_t af; | 226 | int32_t af; |
224 | 227 | ||
@@ -232,7 +235,10 @@ struct GNUNET_EXIT_IcmpServiceMessage | |||
232 | */ | 235 | */ |
233 | struct GNUNET_TUN_IcmpHeader icmp_header; | 236 | struct GNUNET_TUN_IcmpHeader icmp_header; |
234 | 237 | ||
235 | /* followed by ICMP payload */ | 238 | /* followed by ICMP payload; however, for certain ICMP message |
239 | types where the payload is the original IP packet, the payload | ||
240 | is omitted as it is useless for the receiver (who will need | ||
241 | to create some fake payload manually) */ | ||
236 | }; | 242 | }; |
237 | 243 | ||
238 | 244 | ||
@@ -249,18 +255,25 @@ struct GNUNET_EXIT_IcmpInternetMessage | |||
249 | 255 | ||
250 | /** | 256 | /** |
251 | * Address family, AF_INET or AF_INET6, in network byte order. | 257 | * Address family, AF_INET or AF_INET6, in network byte order. |
258 | * Determines both the ICMP version used in the 'icmp_header' and | ||
259 | * the IP address format that is used for the target IP. If | ||
260 | * PT is necessary, the sender has already done it. | ||
252 | */ | 261 | */ |
253 | int32_t af; | 262 | int32_t af; |
254 | 263 | ||
255 | /** | 264 | /** |
256 | * ICMP header to use. | 265 | * ICMP header to use. Must match the target 'af' given |
266 | * above. | ||
257 | */ | 267 | */ |
258 | struct GNUNET_TUN_IcmpHeader icmp_header; | 268 | struct GNUNET_TUN_IcmpHeader icmp_header; |
259 | 269 | ||
260 | /* followed by IP address of the destination; either | 270 | /* followed by IP address of the destination; either |
261 | 'struct in_addr' or 'struct in6_addr', depending on af */ | 271 | 'struct in_addr' or 'struct in6_addr', depending on af */ |
262 | 272 | ||
263 | /* followed by ICMP payload */ | 273 | /* followed by ICMP payload; however, for certain ICMP message |
274 | types where the payload is the original IP packet, the payload | ||
275 | is omitted as it is useless for the receiver (who will need | ||
276 | to create some fake payload manually) */ | ||
264 | }; | 277 | }; |
265 | 278 | ||
266 | 279 | ||
@@ -277,15 +290,19 @@ struct GNUNET_EXIT_IcmpToVPNMessage | |||
277 | 290 | ||
278 | /** | 291 | /** |
279 | * Address family, AF_INET or AF_INET6, in network byte order. | 292 | * Address family, AF_INET or AF_INET6, in network byte order. |
293 | * Useful to determine if this is an ICMPv4 or ICMPv6 header. | ||
280 | */ | 294 | */ |
281 | int32_t af; | 295 | int32_t af; |
282 | 296 | ||
283 | /** | 297 | /** |
284 | * ICMP header to use. | 298 | * ICMP header to use. ICMPv4 or ICMPv6, depending on 'af'. |
285 | */ | 299 | */ |
286 | struct GNUNET_TUN_IcmpHeader icmp_header; | 300 | struct GNUNET_TUN_IcmpHeader icmp_header; |
287 | 301 | ||
288 | /* followed by ICMP payload */ | 302 | /* followed by ICMP payload; however, for certain ICMP message |
303 | types where the payload is the original IP packet, the payload | ||
304 | is omitted as it is useless for the receiver (who will need | ||
305 | to create some fake payload manually) */ | ||
289 | }; | 306 | }; |
290 | 307 | ||
291 | 308 | ||
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index dec263b53..4179e88a7 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c | |||
@@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
644 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; | 644 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; |
645 | spt = ntohs (udp->spt); | 645 | spt = ntohs (udp->spt); |
646 | dpt = ntohs (udp->dpt); | 646 | dpt = ntohs (udp->dpt); |
647 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
648 | pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); | ||
647 | break; | 649 | break; |
648 | default: | 650 | default: |
649 | GNUNET_STATISTICS_update (stats, | 651 | GNUNET_STATISTICS_update (stats, |
@@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
674 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; | 676 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; |
675 | spt = ntohs (udp->spt); | 677 | spt = ntohs (udp->spt); |
676 | dpt = ntohs (udp->dpt); | 678 | dpt = ntohs (udp->dpt); |
679 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
680 | pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); | ||
677 | break; | 681 | break; |
678 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: | 682 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: |
679 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: | 683 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: |
@@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | |||
735 | memcpy (&i2v->icmp_header, | 739 | memcpy (&i2v->icmp_header, |
736 | icmp, | 740 | icmp, |
737 | pktlen); | 741 | pktlen); |
738 | /* FIXME: should we sanitize the host-specific payload here? On the | ||
739 | one hand, quite a bit of what we send is meaningless on the other | ||
740 | side (our IPs, ports, etc.); on the other hand, trying to compact | ||
741 | the packet would be very messy, and blanking fields out is also | ||
742 | hardly productive as they seem to contain nothing remotely | ||
743 | sensitive. */ | ||
744 | send_packet_to_mesh_tunnel (state->tunnel, | 742 | send_packet_to_mesh_tunnel (state->tunnel, |
745 | tnq); | 743 | tnq); |
746 | } | 744 | } |