diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-08-28 16:01:27 -0400 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-08-28 16:01:27 -0400 |
| commit | 55616388eaa5c43b4316882a5c4ab2e0c132b62e (patch) | |
| tree | 6e02779f8864c636e6d35609a984d884ae7741b3 /node/PacketDecoder.cpp | |
| parent | 8e1b897f0ae8a228799058153e9dda0a18aeb4c1 (diff) | |
| download | infinitytier-55616388eaa5c43b4316882a5c4ab2e0c132b62e.tar.gz infinitytier-55616388eaa5c43b4316882a5c4ab2e0c132b62e.zip | |
Check network ethernet type whitelist instead of hard-coded ethernet types.
Diffstat (limited to 'node/PacketDecoder.cpp')
| -rw-r--r-- | node/PacketDecoder.cpp | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/node/PacketDecoder.cpp b/node/PacketDecoder.cpp index 345c7914..fd817410 100644 --- a/node/PacketDecoder.cpp +++ b/node/PacketDecoder.cpp @@ -418,10 +418,10 @@ bool PacketDecoder::_doFRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer> if (network) { if (network->isAllowed(source())) { unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE); - if ((etherType != ZT_ETHERTYPE_ARP)&&(etherType != ZT_ETHERTYPE_IPV4)&&(etherType != ZT_ETHERTYPE_IPV6)) { - TRACE("dropped FRAME from %s: unsupported ethertype",source().toString().c_str()); - } else if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) { + if (network->permitsEtherType(etherType)) { network->tap().put(source().toMAC(),network->tap().mac(),etherType,data() + ZT_PROTO_VERB_FRAME_IDX_PAYLOAD,size() - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD); + } else if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) { + TRACE("dropped FRAME from %s: ethernet type %u not allowed on network %.16llx",source().toString().c_str(),etherType,(unsigned long long)network->id()); } } else { TRACE("dropped FRAME from %s(%s): not a member of closed network %llu",source().toString().c_str(),_remoteAddress.toString().c_str(),network->id()); @@ -509,8 +509,8 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared return true; } - if (++hops >= ZT_MULTICAST_PROPAGATION_DEPTH) { - TRACE("dropped MULTICAST_FRAME from original submitter %s, received from %s(%s): max depth reached",originalSubmitterAddress.toString().c_str(),source().toString().c_str(),_remoteAddress.toString().c_str()); + if (!network->permitsEtherType(etherType)) { + LOG("dropped MULTICAST_FRAME from original submitter %s, received from %s(%s): ethernet type %s not allowed on network %.16llx",originalSubmitterAddress.toString().c_str(),source().toString().c_str(),_remoteAddress.toString().c_str(),Filter::etherTypeName(etherType),(unsigned long long)network->id()); return true; } @@ -533,6 +533,11 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared _r->multicaster->addToDedupHistory(mccrc,now); } + if (++hops >= ZT_MULTICAST_PROPAGATION_DEPTH) { + TRACE("not propagating MULTICAST_FRAME from original submitter %s, received from %s(%s): max depth reached",originalSubmitterAddress.toString().c_str(),source().toString().c_str(),_remoteAddress.toString().c_str()); + return true; + } + Address upstream(source()); // save this since we might mangle it below Multicaster::MulticastBloomFilter bloom(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_BLOOM_FILTER,ZT_PROTO_VERB_MULTICAST_FRAME_BLOOM_FILTER_SIZE_BYTES)); SharedPtr<Peer> propPeers[ZT_MULTICAST_PROPAGATION_BREADTH]; |