aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/exit/exit.h29
-rw-r--r--src/exit/gnunet-daemon-exit.c10
2 files changed, 27 insertions, 12 deletions
diff --git a/src/exit/exit.h b/src/exit/exit.h
index 92918b92a..f7366df20 100644
--- a/src/exit/exit.h
+++ b/src/exit/exit.h
@@ -218,7 +218,10 @@ struct GNUNET_EXIT_IcmpServiceMessage
218 struct GNUNET_MessageHeader header; 218 struct GNUNET_MessageHeader header;
219 219
220 /** 220 /**
221 * Address family, AF_INET or AF_INET6, in network byte order. 221 * Address family, AF_INET or AF_INET6, in network byte order. This
222 * AF value determines if the 'icmp_header' is ICMPv4 or ICMPv6.
223 * The receiver (exit) may still have to translate (PT) to the services'
224 * ICMP version (if possible).
222 */ 225 */
223 int32_t af; 226 int32_t af;
224 227
@@ -232,7 +235,10 @@ struct GNUNET_EXIT_IcmpServiceMessage
232 */ 235 */
233 struct GNUNET_TUN_IcmpHeader icmp_header; 236 struct GNUNET_TUN_IcmpHeader icmp_header;
234 237
235 /* followed by ICMP payload */ 238 /* followed by ICMP payload; however, for certain ICMP message
239 types where the payload is the original IP packet, the payload
240 is omitted as it is useless for the receiver (who will need
241 to create some fake payload manually) */
236}; 242};
237 243
238 244
@@ -249,18 +255,25 @@ struct GNUNET_EXIT_IcmpInternetMessage
249 255
250 /** 256 /**
251 * Address family, AF_INET or AF_INET6, in network byte order. 257 * Address family, AF_INET or AF_INET6, in network byte order.
258 * Determines both the ICMP version used in the 'icmp_header' and
259 * the IP address format that is used for the target IP. If
260 * PT is necessary, the sender has already done it.
252 */ 261 */
253 int32_t af; 262 int32_t af;
254 263
255 /** 264 /**
256 * ICMP header to use. 265 * ICMP header to use. Must match the target 'af' given
266 * above.
257 */ 267 */
258 struct GNUNET_TUN_IcmpHeader icmp_header; 268 struct GNUNET_TUN_IcmpHeader icmp_header;
259 269
260 /* followed by IP address of the destination; either 270 /* followed by IP address of the destination; either
261 'struct in_addr' or 'struct in6_addr', depending on af */ 271 'struct in_addr' or 'struct in6_addr', depending on af */
262 272
263 /* followed by ICMP payload */ 273 /* followed by ICMP payload; however, for certain ICMP message
274 types where the payload is the original IP packet, the payload
275 is omitted as it is useless for the receiver (who will need
276 to create some fake payload manually) */
264}; 277};
265 278
266 279
@@ -277,15 +290,19 @@ struct GNUNET_EXIT_IcmpToVPNMessage
277 290
278 /** 291 /**
279 * Address family, AF_INET or AF_INET6, in network byte order. 292 * Address family, AF_INET or AF_INET6, in network byte order.
293 * Useful to determine if this is an ICMPv4 or ICMPv6 header.
280 */ 294 */
281 int32_t af; 295 int32_t af;
282 296
283 /** 297 /**
284 * ICMP header to use. 298 * ICMP header to use. ICMPv4 or ICMPv6, depending on 'af'.
285 */ 299 */
286 struct GNUNET_TUN_IcmpHeader icmp_header; 300 struct GNUNET_TUN_IcmpHeader icmp_header;
287 301
288 /* followed by ICMP payload */ 302 /* followed by ICMP payload; however, for certain ICMP message
303 types where the payload is the original IP packet, the payload
304 is omitted as it is useless for the receiver (who will need
305 to create some fake payload manually) */
289}; 306};
290 307
291 308
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index dec263b53..4179e88a7 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
644 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; 644 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
645 spt = ntohs (udp->spt); 645 spt = ntohs (udp->spt);
646 dpt = ntohs (udp->dpt); 646 dpt = ntohs (udp->dpt);
647 /* throw away ICMP payload, won't be useful for the other side anyway */
648 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
647 break; 649 break;
648 default: 650 default:
649 GNUNET_STATISTICS_update (stats, 651 GNUNET_STATISTICS_update (stats,
@@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
674 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; 676 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
675 spt = ntohs (udp->spt); 677 spt = ntohs (udp->spt);
676 dpt = ntohs (udp->dpt); 678 dpt = ntohs (udp->dpt);
679 /* throw away ICMP payload, won't be useful for the other side anyway */
680 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
677 break; 681 break;
678 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: 682 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
679 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: 683 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
@@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
735 memcpy (&i2v->icmp_header, 739 memcpy (&i2v->icmp_header,
736 icmp, 740 icmp,
737 pktlen); 741 pktlen);
738 /* FIXME: should we sanitize the host-specific payload here? On the
739 one hand, quite a bit of what we send is meaningless on the other
740 side (our IPs, ports, etc.); on the other hand, trying to compact
741 the packet would be very messy, and blanking fields out is also
742 hardly productive as they seem to contain nothing remotely
743 sensitive. */
744 send_packet_to_mesh_tunnel (state->tunnel, 742 send_packet_to_mesh_tunnel (state->tunnel,
745 tnq); 743 tnq);
746} 744}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-31 02:04:43 +0000