Stricter checks against routing loops.

If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.

diff --git a/src/route.c b/src/route.c
index b2e1b7bd48d7005795c19ecbdab9f13f79d24a05..666f48f6b4631d32e5021d1428bc8b607517f658 100644 (file)
--- a/src/route.c
+++ b/src/route.c
@@ -400,6 +400,11 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
                packet->priority = packet->data[15];
 
        via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
+
+       if(via == source) {
+               ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
+               return;
+       }
        
        if(directonly && subnet->owner != via)
                return route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_ANO);
@@ -552,6 +557,11 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
 
        via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
        
+       if(via == source) {
+               ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
+               return;
+       }
+       
        if(directonly && subnet->owner != via)
                return route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);