diff options
author | grothoff <grothoff@140774ce-b5e7-0310-ab8b-a85725594a96> | 2012-01-21 19:06:33 +0000 |
---|---|---|
committer | grothoff <grothoff@140774ce-b5e7-0310-ab8b-a85725594a96> | 2012-01-21 19:06:33 +0000 |
commit | 3aa6449306b1e05be99ed3243481ff747ed4db7e (patch) | |
tree | aab762d1000f1978746678ca80076a746c799738 | |
parent | cab8ce11816f730f6272bcffeca3c92218fa4b04 (diff) |
-document ICMP MESH messages better, discard ICMP payload on exit->mesh->vpn path for certain ICMP types
git-svn-id: https://gnunet.org/svn/gnunet@19301 140774ce-b5e7-0310-ab8b-a85725594a96
-rw-r--r-- | src/exit/exit.h | 29 | ||||
-rw-r--r-- | src/exit/gnunet-daemon-exit.c | 10 |
2 files changed, 27 insertions, 12 deletions
diff --git a/src/exit/exit.h b/src/exit/exit.h index 92918b92a8..f7366df202 100644 --- a/src/exit/exit.h +++ b/src/exit/exit.h @@ -218,7 +218,10 @@ struct GNUNET_EXIT_IcmpServiceMessage struct GNUNET_MessageHeader header; /** - * Address family, AF_INET or AF_INET6, in network byte order. + * Address family, AF_INET or AF_INET6, in network byte order. This + * AF value determines if the 'icmp_header' is ICMPv4 or ICMPv6. + * The receiver (exit) may still have to translate (PT) to the services' + * ICMP version (if possible). */ int32_t af; @@ -232,7 +235,10 @@ struct GNUNET_EXIT_IcmpServiceMessage */ struct GNUNET_TUN_IcmpHeader icmp_header; - /* followed by ICMP payload */ + /* followed by ICMP payload; however, for certain ICMP message + types where the payload is the original IP packet, the payload + is omitted as it is useless for the receiver (who will need + to create some fake payload manually) */ }; @@ -249,18 +255,25 @@ struct GNUNET_EXIT_IcmpInternetMessage /** * Address family, AF_INET or AF_INET6, in network byte order. + * Determines both the ICMP version used in the 'icmp_header' and + * the IP address format that is used for the target IP. If + * PT is necessary, the sender has already done it. */ int32_t af; /** - * ICMP header to use. + * ICMP header to use. Must match the target 'af' given + * above. */ struct GNUNET_TUN_IcmpHeader icmp_header; /* followed by IP address of the destination; either 'struct in_addr' or 'struct in6_addr', depending on af */ - /* followed by ICMP payload */ + /* followed by ICMP payload; however, for certain ICMP message + types where the payload is the original IP packet, the payload + is omitted as it is useless for the receiver (who will need + to create some fake payload manually) */ }; @@ -277,15 +290,19 @@ struct GNUNET_EXIT_IcmpToVPNMessage /** * Address family, AF_INET or AF_INET6, in network byte order. + * Useful to determine if this is an ICMPv4 or ICMPv6 header. */ int32_t af; /** - * ICMP header to use. + * ICMP header to use. ICMPv4 or ICMPv6, depending on 'af'. */ struct GNUNET_TUN_IcmpHeader icmp_header; - /* followed by ICMP payload */ + /* followed by ICMP payload; however, for certain ICMP message + types where the payload is the original IP packet, the payload + is omitted as it is useless for the receiver (who will need + to create some fake payload manually) */ }; diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index dec263b53c..4179e88a7b 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -644,6 +644,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; spt = ntohs (udp->spt); dpt = ntohs (udp->dpt); + /* throw away ICMP payload, won't be useful for the other side anyway */ + pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); break; default: GNUNET_STATISTICS_update (stats, @@ -674,6 +676,8 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; spt = ntohs (udp->spt); dpt = ntohs (udp->dpt); + /* throw away ICMP payload, won't be useful for the other side anyway */ + pktlen = sizeof (struct GNUNET_TUN_IcmpHeader); break; case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: @@ -735,12 +739,6 @@ icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, memcpy (&i2v->icmp_header, icmp, pktlen); - /* FIXME: should we sanitize the host-specific payload here? On the - one hand, quite a bit of what we send is meaningless on the other - side (our IPs, ports, etc.); on the other hand, trying to compact - the packet would be very messy, and blanking fields out is also - hardly productive as they seem to contain nothing remotely - sensitive. */ send_packet_to_mesh_tunnel (state->tunnel, tnq); } |