From 7e7ac6e0b1230a74684f13ced5c49dfaf52f3753 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 21 Jan 2012 19:06:33 +0000 Subject: -document ICMP MESH messages better, discard ICMP payload on exit->mesh->vpn path for certain ICMP types --- src/exit/gnunet-daemon-exit.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'src/exit/gnunet-daemon-exit.c') diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index dec263b53..4179e88a7 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; spt = ntohs (udp->spt); dpt = ntohs (udp->dpt); + /* throw away ICMP payload, won't be useful for the other side anyway */ + pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); break; default: GNUNET_STATISTICS_update (stats, @@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; spt = ntohs (udp->spt); dpt = ntohs (udp->dpt); + /* throw away ICMP payload, won't be useful for the other side anyway */ + pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); break; case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: @@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, memcpy (&i2v->icmp_header, icmp, pktlen); - /* FIXME: should we sanitize the host-specific payload here? On the - one hand, quite a bit of what we send is meaningless on the other - side (our IPs, ports, etc.); on the other hand, trying to compact - the packet would be very messy, and blanking fields out is also - hardly productive as they seem to contain nothing remotely - sensitive. */ send_packet_to_mesh_tunnel (state->tunnel, tnq); } -- cgit v1.2.3