From: Guus Sliepen Date: Sat, 25 Feb 2012 21:11:30 +0000 (+0100) Subject: Stricter checks against routing loops. X-Git-Tag: release-1.0.17~7 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5140656de6bcfda72951a7827b05414ce306e3ca;p=oweals%2Ftinc.git Stricter checks against routing loops. If a packet that had to be sent via an intermediate hop, and that intermediate hop was the one that sent the packet, we drop it. --- diff --git a/src/route.c b/src/route.c index b2e1b7b..666f48f 100644 --- a/src/route.c +++ b/src/route.c @@ -400,6 +400,11 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { packet->priority = packet->data[15]; via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + + if(via == source) { + ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname); + return; + } if(directonly && subnet->owner != via) return route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_ANO); @@ -552,6 +557,11 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + if(via == source) { + ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname); + return; + } + if(directonly && subnet->owner != via) return route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);