Fix packets from clients being routed when routing is disabled

2024-09-19 16:41:11 +02:00 · 2018-10-31 13:08:39 +01:00 · 2018-10-31 13:08:39 +01:00 · 7fd1778d7c
commit 7fd1778d7c
parent 8308098ef3
1 changed files with 27 additions and 5 deletions
--- a/edge_utils.c
+++ b/edge_utils.c
@ -51,6 +51,10 @@
 #define N2N_TRANSOP_AESCBC_IDX  2
 /* etc. */

+#define ETH_FRAMESIZE 14
+#define IP4_SRCOFFSET 12
+#define IP4_DSTOFFSET 16
+
 /* ************************************** */

 /** Initialise an edge to defaults.
@ -719,6 +723,8 @@ static int handle_PACKET(n2n_edge_t * eee,
  uint8_t *           eth_payload=NULL;
  int                 retval = -1;
  time_t              now;
+  ether_hdr_t *       eh;
+  ipstr_t             ip_buf;

  now = time(NULL);

@ -753,11 +759,29 @@ static int handle_PACKET(n2n_edge_t * eee,
    if(rx_transop_idx >=0)
      {
 	eth_payload = decodebuf;
+	eh = (ether_hdr_t*)eth_payload;
 	eth_size = eee->transop[rx_transop_idx].rev(&(eee->transop[rx_transop_idx]),
 						    eth_payload, N2N_PKT_BUF_SIZE,
 						    payload, psize);
 	++(eee->transop[rx_transop_idx].rx_cnt); /* stats */

+	if(!(eee->allow_routing)) {
+	  if(ntohs(eh->type) == 0x0800) {
+	    uint32_t *dst = (uint32_t*)&eth_payload[ETH_FRAMESIZE + IP4_DSTOFFSET];
+
+	    /* Note: all elements of the_ip are in network order */
+	    if(*dst != eee->device.ip_addr) {
+	      /* This is a packet that needs to be routed */
+	      traceEvent(TRACE_INFO, "Discarding routed packet [%s]",
+			 intoa(ntohl(*dst), ip_buf, sizeof(ip_buf)));
+	      return(-1);
+	    } else {
+	      /* This packet is directed to us */
+	      /* traceEvent(TRACE_INFO, "Sending non-routed packet"); */
+	    }
+	  }
+	}
+
 	/* Write ethernet packet to tap device. */
 	traceEvent(TRACE_INFO, "sending to TAP %u", (unsigned int)eth_size);
 	data_sent_len = tuntap_write(&(eee->device), eth_payload, eth_size);
@ -1096,15 +1120,13 @@ void send_packet2net(n2n_edge_t * eee,
  if(!(eee->allow_routing)) {
    if(ntohs(eh.type) == 0x0800) {
      /* This is an IP packet from the local source address - not forwarded. */
-#define ETH_FRAMESIZE 14
-#define IP4_SRCOFFSET 12
-      uint32_t *dst = (uint32_t*)&tap_pkt[ETH_FRAMESIZE + IP4_SRCOFFSET];
+      uint32_t *src = (uint32_t*)&tap_pkt[ETH_FRAMESIZE + IP4_SRCOFFSET];

      /* Note: all elements of the_ip are in network order */
-      if(*dst != eee->device.ip_addr) {
+      if(*src != eee->device.ip_addr) {
 	/* This is a packet that needs to be routed */
 	traceEvent(TRACE_INFO, "Discarding routed packet [%s]",
-		   intoa(ntohl(*dst), ip_buf, sizeof(ip_buf)));
+		   intoa(ntohl(*src), ip_buf, sizeof(ip_buf)));
 	return;
      } else {
 	/* This packet is originated by us */