[GNUnet-SVN] r19301 - gnunet/src/exit

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r19301 - gnunet/src/exit

From:	gnunet
Subject:	[GNUnet-SVN] r19301 - gnunet/src/exit
Date:	Sat, 21 Jan 2012 20:06:33 +0100

Author: grothoff
Date: 2012-01-21 20:06:33 +0100 (Sat, 21 Jan 2012)
New Revision: 19301

Modified:
   gnunet/src/exit/exit.h
   gnunet/src/exit/gnunet-daemon-exit.c
Log:
-document ICMP MESH messages better, discard ICMP payload on exit->mesh->vpn 
path for certain ICMP types

Modified: gnunet/src/exit/exit.h
===================================================================
--- gnunet/src/exit/exit.h      2012-01-21 17:38:52 UTC (rev 19300)
+++ gnunet/src/exit/exit.h      2012-01-21 19:06:33 UTC (rev 19301)
@@ -218,7 +218,10 @@
   struct GNUNET_MessageHeader header;
 
   /**
-   * Address family, AF_INET or AF_INET6, in network byte order.
+   * Address family, AF_INET or AF_INET6, in network byte order.  This
+   * AF value determines if the 'icmp_header' is ICMPv4 or ICMPv6.
+   * The receiver (exit) may still have to translate (PT) to the services'
+   * ICMP version (if possible).
    */
   int32_t af;
 
@@ -232,7 +235,10 @@
    */
   struct GNUNET_TUN_IcmpHeader icmp_header;
 
-  /* followed by ICMP payload */
+  /* followed by ICMP payload; however, for certain ICMP message
+     types where the payload is the original IP packet, the payload
+     is omitted as it is useless for the receiver (who will need
+     to create some fake payload manually)  */
 };
 
 
@@ -249,18 +255,25 @@
 
   /**
    * Address family, AF_INET or AF_INET6, in network byte order.
+   * Determines both the ICMP version used in the 'icmp_header' and
+   * the IP address format that is used for the target IP.  If
+   * PT is necessary, the sender has already done it.
    */
   int32_t af;
 
   /**
-   * ICMP header to use.
+   * ICMP header to use.  Must match the target 'af' given
+   * above.
    */
   struct GNUNET_TUN_IcmpHeader icmp_header;
 
   /* followed by IP address of the destination; either
      'struct in_addr' or 'struct in6_addr', depending on af */
 
-  /* followed by ICMP payload */
+  /* followed by ICMP payload; however, for certain ICMP message
+     types where the payload is the original IP packet, the payload
+     is omitted as it is useless for the receiver (who will need
+     to create some fake payload manually)   */
 };
 
 
@@ -277,15 +290,19 @@
 
   /**
    * Address family, AF_INET or AF_INET6, in network byte order.
+   * Useful to determine if this is an ICMPv4 or ICMPv6 header.
    */
   int32_t af;
 
   /**
-   * ICMP header to use.
+   * ICMP header to use.  ICMPv4 or ICMPv6, depending on 'af'.
    */
   struct GNUNET_TUN_IcmpHeader icmp_header;
 
-  /* followed by ICMP payload */
+  /* followed by ICMP payload; however, for certain ICMP message
+     types where the payload is the original IP packet, the payload
+     is omitted as it is useless for the receiver (who will need
+     to create some fake payload manually) */
 };
 
 

Modified: gnunet/src/exit/gnunet-daemon-exit.c
===================================================================
--- gnunet/src/exit/gnunet-daemon-exit.c        2012-01-21 17:38:52 UTC (rev 
19300)
+++ gnunet/src/exit/gnunet-daemon-exit.c        2012-01-21 19:06:33 UTC (rev 
19301)
@@ -644,6 +644,8 @@
        udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
        spt = ntohs (udp->spt);
        dpt = ntohs (udp->dpt);
+       /* throw away ICMP payload, won't be useful for the other side anyway */
+       pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
        break;
       default:
        GNUNET_STATISTICS_update (stats,
@@ -674,6 +676,8 @@
        udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
        spt = ntohs (udp->spt);
        dpt = ntohs (udp->dpt);
+       /* throw away ICMP payload, won't be useful for the other side anyway */
+       pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
        break;
       case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
       case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
@@ -735,12 +739,6 @@
   memcpy (&i2v->icmp_header,
          icmp,
          pktlen);
-  /* FIXME: should we sanitize the host-specific payload here?  On the
-     one hand, quite a bit of what we send is meaningless on the other
-     side (our IPs, ports, etc.); on the other hand, trying to compact
-     the packet would be very messy, and blanking fields out is also
-     hardly productive as they seem to contain nothing remotely
-     sensitive. */  
   send_packet_to_mesh_tunnel (state->tunnel,
                              tnq);
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r19301 - gnunet/src/exit, gnunet <=

Prev by Date: [GNUnet-SVN] r19300 - in gnunet-update/test: new new/libfake/src new/test-package new/test-package/src old/libfake/src old/test-package
Next by Date: [GNUnet-SVN] r19302 - in gnunet/src: exit vpn
Previous by thread: [GNUnet-SVN] r19300 - in gnunet-update/test: new new/libfake/src new/test-package new/test-package/src old/libfake/src old/test-package
Next by thread: [GNUnet-SVN] r19302 - in gnunet/src: exit vpn
Index(es):
- Date
- Thread