aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgrothoff <grothoff@140774ce-b5e7-0310-ab8b-a85725594a96>2012-01-21 19:06:33 +0000
committergrothoff <grothoff@140774ce-b5e7-0310-ab8b-a85725594a96>2012-01-21 19:06:33 +0000
commit3aa6449306b1e05be99ed3243481ff747ed4db7e (patch)
treeaab762d1000f1978746678ca80076a746c799738
parentcab8ce11816f730f6272bcffeca3c92218fa4b04 (diff)
-document ICMP MESH messages better, discard ICMP payload on exit->mesh->vpn path for certain ICMP types
git-svn-id: https://gnunet.org/svn/gnunet@19301 140774ce-b5e7-0310-ab8b-a85725594a96
-rw-r--r--src/exit/exit.h29
-rw-r--r--src/exit/gnunet-daemon-exit.c10
2 files changed, 27 insertions, 12 deletions
diff --git a/src/exit/exit.h b/src/exit/exit.h
index 92918b92a8..f7366df202 100644
--- a/src/exit/exit.h
+++ b/src/exit/exit.h
@@ -218,7 +218,10 @@ struct GNUNET_EXIT_IcmpServiceMessage
struct GNUNET_MessageHeader header;
/**
- * Address family, AF_INET or AF_INET6, in network byte order.
+ * Address family, AF_INET or AF_INET6, in network byte order. This
+ * AF value determines if the 'icmp_header' is ICMPv4 or ICMPv6.
+ * The receiver (exit) may still have to translate (PT) to the services'
+ * ICMP version (if possible).
*/
int32_t af;
@@ -232,7 +235,10 @@ struct GNUNET_EXIT_IcmpServiceMessage
*/
struct GNUNET_TUN_IcmpHeader icmp_header;
- /* followed by ICMP payload */
+ /* followed by ICMP payload; however, for certain ICMP message
+ types where the payload is the original IP packet, the payload
+ is omitted as it is useless for the receiver (who will need
+ to create some fake payload manually) */
};
@@ -249,18 +255,25 @@ struct GNUNET_EXIT_IcmpInternetMessage
/**
* Address family, AF_INET or AF_INET6, in network byte order.
+ * Determines both the ICMP version used in the 'icmp_header' and
+ * the IP address format that is used for the target IP. If
+ * PT is necessary, the sender has already done it.
*/
int32_t af;
/**
- * ICMP header to use.
+ * ICMP header to use. Must match the target 'af' given
+ * above.
*/
struct GNUNET_TUN_IcmpHeader icmp_header;
/* followed by IP address of the destination; either
'struct in_addr' or 'struct in6_addr', depending on af */
- /* followed by ICMP payload */
+ /* followed by ICMP payload; however, for certain ICMP message
+ types where the payload is the original IP packet, the payload
+ is omitted as it is useless for the receiver (who will need
+ to create some fake payload manually) */
};
@@ -277,15 +290,19 @@ struct GNUNET_EXIT_IcmpToVPNMessage
/**
* Address family, AF_INET or AF_INET6, in network byte order.
+ * Useful to determine if this is an ICMPv4 or ICMPv6 header.
*/
int32_t af;
/**
- * ICMP header to use.
+ * ICMP header to use. ICMPv4 or ICMPv6, depending on 'af'.
*/
struct GNUNET_TUN_IcmpHeader icmp_header;
- /* followed by ICMP payload */
+ /* followed by ICMP payload; however, for certain ICMP message
+ types where the payload is the original IP packet, the payload
+ is omitted as it is useless for the receiver (who will need
+ to create some fake payload manually) */
};
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index dec263b53c..4179e88a7b 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
spt = ntohs (udp->spt);
dpt = ntohs (udp->dpt);
+ /* throw away ICMP payload, won't be useful for the other side anyway */
+ pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
break;
default:
GNUNET_STATISTICS_update (stats,
@@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
spt = ntohs (udp->spt);
dpt = ntohs (udp->dpt);
+ /* throw away ICMP payload, won't be useful for the other side anyway */
+ pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
break;
case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
@@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
memcpy (&i2v->icmp_header,
icmp,
pktlen);
- /* FIXME: should we sanitize the host-specific payload here? On the
- one hand, quite a bit of what we send is meaningless on the other
- side (our IPs, ports, etc.); on the other hand, trying to compact
- the packet would be very messy, and blanking fields out is also
- hardly productive as they seem to contain nothing remotely
- sensitive. */
send_packet_to_mesh_tunnel (state->tunnel,
tnq);
}