uint8_t tos;
uint16_t tot_len;
uint16_t id;
- uint16_t frag_off;
+ uint16_t frag;
#define IPHDR_FRAG_OFF ((uint16_t)0x1fff)
#define IPHDR_FRAG_MORE ((uint16_t)0x2000)
#define IPHDR_FRAG_DONT ((uint16_t)0x4000)
h->iph.tos=0;
h->iph.tot_len=htons(len+(h->iph.ihl*4)+8);
h->iph.id=0;
- h->iph.frag_off=0;
+ h->iph.frag=0;
h->iph.ttl=255; /* XXX should be configurable */
h->iph.protocol=1;
h->iph.saddr=htonl(st->secnet_address);
}
}
/* How do we spot broadcast destination addresses? */
- if (ntohs(iph->frag_off)&IPHDR_FRAG_OFF) return False;
+ if (ntohs(iph->frag)&IPHDR_FRAG_OFF) return False;
source=ntohl(iph->saddr);
if (source==0) return False;
if ((source&0xff000000)==0x7f000000) return False;
/* client indicates where the packet we're constructing a response to
comes from. NULL indicates the host. */
static void netlink_icmp_simple(struct netlink *st, struct buffer_if *buf,
- struct netlink_client *client,
uint8_t type, uint8_t code,
union icmpinfofield info)
{
client->outcount++;
}
+/* Deliver a packet to the host; used after we have decided that that
+ * is what to do with it. */
+static void netlink_host_deliver(struct netlink *st,
+ uint32_t source, uint32_t dest,
+ struct buffer_if *buf)
+{
+ st->deliver_to_host(st->dst,buf);
+ st->outcount++;
+}
+
/* Deliver a packet. "client" is the _origin_ of the packet, not its
destination, and is NULL for packets from the host and packets
generated internally in secnet. */
/* The packet's not going down a tunnel. It might (ought to)
be for the host. */
if (ipset_contains_addr(st->networks,dest)) {
- st->deliver_to_host(st->dst,buf);
- st->outcount++;
+ netlink_host_deliver(st,source,dest,buf);
BUF_ASSERT_FREE(buf);
} else {
string_t s,d;
Message(M_DEBUG,"%s: don't know where to deliver packet "
"(s=%s, d=%s)\n", st->name, s, d);
free(s); free(d);
- netlink_icmp_simple(st,buf,client,ICMP_TYPE_UNREACHABLE,
+ netlink_icmp_simple(st,buf,ICMP_TYPE_UNREACHABLE,
ICMP_CODE_NET_UNREACHABLE, icmp_noinfo);
BUF_FREE(buf);
}
st->name,s,d);
free(s); free(d);
- netlink_icmp_simple(st,buf,client,ICMP_TYPE_UNREACHABLE,
+ netlink_icmp_simple(st,buf,ICMP_TYPE_UNREACHABLE,
ICMP_CODE_NET_PROHIBITED, icmp_noinfo);
BUF_FREE(buf);
} else {
BUF_ASSERT_FREE(buf);
} else {
/* Generate ICMP destination unreachable */
- netlink_icmp_simple(st,buf,client,/* client==NULL */
+ netlink_icmp_simple(st,buf,
ICMP_TYPE_UNREACHABLE,
ICMP_CODE_NET_UNREACHABLE,
icmp_noinfo);
/* Packet has already been checked */
if (iph->ttl<=1) {
/* Generate ICMP time exceeded */
- netlink_icmp_simple(st,buf,client,ICMP_TYPE_TIME_EXCEEDED,
+ netlink_icmp_simple(st,buf,ICMP_TYPE_TIME_EXCEEDED,
ICMP_CODE_TTL_EXCEEDED,icmp_noinfo);
BUF_FREE(buf);
return;
}
h=(struct icmphdr *)buf->start;
- if ((ntohs(h->iph.frag_off)&(IPHDR_FRAG_OFF|IPHDR_FRAG_MORE))!=0) {
+ if ((ntohs(h->iph.frag)&(IPHDR_FRAG_OFF|IPHDR_FRAG_MORE))!=0) {
Message(M_WARNING,"%s: fragmented packet addressed to secnet; "
"ignoring it\n",st->name);
BUF_FREE(buf);
Message(M_WARNING,"%s: unknown incoming ICMP\n",st->name);
} else {
/* Send ICMP protocol unreachable */
- netlink_icmp_simple(st,buf,client,ICMP_TYPE_UNREACHABLE,
+ netlink_icmp_simple(st,buf,ICMP_TYPE_UNREACHABLE,
ICMP_CODE_PROTOCOL_UNREACHABLE,icmp_noinfo);
BUF_FREE(buf);
return;
address validity and generate ICMP, etc. */
if (st->ptp) {
if (client) {
- st->deliver_to_host(st->dst,buf);
+ netlink_host_deliver(st,source,dest,buf);
} else {
netlink_client_deliver(st,st->clients,source,dest,buf);
}