@@ -1460,7 +1460,7 @@
* us to examine the IP header (IPv4 or IPv6).
*/
unsigned int flags = PIPV4_PASSTOS | PIP_MSSFIX | PIPV4_CLIENT_NAT
- | PIPV6_IMCP_NOHOST_CLIENT;
+ | PIPV6_ICMP_NOHOST_CLIENT;
process_ip_header(c, flags, &c->c2.buf);
#ifdef PACKET_TRUNCATION_CHECK
@@ -1644,73 +1644,60 @@
}
if (!c->options.block_ipv6)
{
- flags &= ~(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER);
+ flags &= ~(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER);
}
if (buf->len > 0)
{
- /*
- * The --passtos and --mssfix options require
- * us to examine the IPv4 header.
- */
-
- if (flags & (PIP_MSSFIX
-#if PASSTOS_CAPABILITY
- | PIPV4_PASSTOS
-#endif
- | PIPV4_CLIENT_NAT
- ))
+ struct buffer ipbuf = *buf;
+ if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
{
- struct buffer ipbuf = *buf;
- if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
- {
#if PASSTOS_CAPABILITY
- /* extract TOS from IP header */
- if (flags & PIPV4_PASSTOS)
- {
- link_socket_extract_tos(c->c2.link_socket, &ipbuf);
- }
+ /* extract TOS from IP header */
+ if (flags & PIPV4_PASSTOS)
+ {
+ link_socket_extract_tos(c->c2.link_socket, &ipbuf);
+ }
#endif
- /* possibly alter the TCP MSS */
- if (flags & PIP_MSSFIX)
- {
- mss_fixup_ipv4(&ipbuf, c->c2.frame.mss_fix);
- }
-
- /* possibly do NAT on packet */
- if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat)
- {
- const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING;
- client_nat_transform(c->options.client_nat, &ipbuf, direction);
- }
- /* possibly extract a DHCP router message */
- if (flags & PIPV4_EXTRACT_DHCP_ROUTER)
- {
- const in_addr_t dhcp_router = dhcp_extract_router_msg(&ipbuf);
- if (dhcp_router)
- {
- route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router);
- }
- }
- }
- else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
+ /* possibly alter the TCP MSS */
+ if (flags & PIP_MSSFIX)
{
- /* possibly alter the TCP MSS */
- if (flags & PIP_MSSFIX)
- {
- mss_fixup_ipv6(&ipbuf, c->c2.frame.mss_fix);
- }
- if (!(flags & PIP_OUTGOING) && (flags
- &(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER)))
- {
- ipv6_send_icmp_unreachable(c, buf,
- (bool)(flags & PIPV6_IMCP_NOHOST_CLIENT));
- /* Drop the IPv6 packet */
- buf->len = 0;
- }
-
+ mss_fixup_ipv4(&ipbuf, c->c2.frame.mss_fix);
}
+
+ /* possibly do NAT on packet */
+ if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat)
+ {
+ const int direction = (flags & PIP_OUTGOING) ? CN_INCOMING : CN_OUTGOING;
+ client_nat_transform(c->options.client_nat, &ipbuf, direction);
+ }
+ /* possibly extract a DHCP router message */
+ if (flags & PIPV4_EXTRACT_DHCP_ROUTER)
+ {
+ const in_addr_t dhcp_router = dhcp_extract_router_msg(&ipbuf);
+ if (dhcp_router)
+ {
+ route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router);
+ }
+ }
+ }
+ else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
+ {
+ /* possibly alter the TCP MSS */
+ if (flags & PIP_MSSFIX)
+ {
+ mss_fixup_ipv6(&ipbuf, c->c2.frame.mss_fix);
+ }
+ if (!(flags & PIP_OUTGOING) && (flags
+ &(PIPV6_ICMP_NOHOST_CLIENT | PIPV6_ICMP_NOHOST_SERVER)))
+ {
+ ipv6_send_icmp_unreachable(c, buf,
+ (bool)(flags & PIPV6_ICMP_NOHOST_CLIENT));
+ /* Drop the IPv6 packet */
+ buf->len = 0;
+ }
+
}
}
}
@@ -297,8 +297,9 @@
#define PIP_OUTGOING (1<<2)
#define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
#define PIPV4_CLIENT_NAT (1<<4)
-#define PIPV6_IMCP_NOHOST_CLIENT (1<<5)
-#define PIPV6_IMCP_NOHOST_SERVER (1<<6)
+#define PIPV6_ICMP_NOHOST_CLIENT (1<<5)
+#define PIPV6_ICMP_NOHOST_SERVER (1<<6)
+
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);
@@ -3645,7 +3645,7 @@
if (mbuf_extract_item(ms, &item)) /* cleartext IP packet */
{
- unsigned int pip_flags = PIPV4_PASSTOS | PIPV6_IMCP_NOHOST_SERVER;
+ unsigned int pip_flags = PIPV4_PASSTOS | PIPV6_ICMP_NOHOST_SERVER;
set_prefix(item.instance);
item.instance->context.c2.buf = item.buffer->buf;