Do not forward broadcast packets when TunnelServer is enabled.

First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.

diff --git a/src/net_packet.c b/src/net_packet.c
index 28cf161e21e78e6c05c84835c572113800cc56bf..40d945181d72c2a8b728e27e77c1fb8b7cff1fa6 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -488,9 +488,15 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet)
        ifdebug(TRAFFIC) logger(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"),
                           packet->len, from->name, from->hostname);
 
-       if(from != myself)
+       if(from != myself) {
                send_packet(myself, packet);
 
+               // In TunnelServer mode, do not forward broadcast packets.
+                // The MST might not be valid and create loops.
+               if(tunnelserver)
+                       return;
+       }
+
        for(node = connection_tree->head; node; node = node->next) {
                c = node->data;