[Pkg-privacy-commits] [onioncat] 86/340: IPv6 routing table improved (prefix length checking)

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch debian
in repository onioncat.

commit ce61ff24bb4bfe5a3e42bb418ae6185a8bdd09d9
Author: eagle <eagle at 58e1ccc2-750e-0410-8d0d-f93ca75ab447>
Date:   Sun Dec 7 21:29:54 2008 +0000

    IPv6 routing table improved (prefix length checking)
    
    
    git-svn-id: http://www.cypherpunk.at/svn/onioncat/trunk@377 58e1ccc2-750e-0410-8d0d-f93ca75ab447
---
 ChangeLog           |  2 ++
 TODO                |  4 +++-
 src/ocatctrl.c      | 11 ++++++++++-
 src/ocatipv6route.c | 31 ++++++++++++++++++++++++++++---
 4 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 16a176a..f43dbe4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 * version 
+ - bugfixes
+ - IPv6 routes are aware of prefix lengths
  - IPv6 routing table can be manipulated through controller or config file
  - limited IPv6 routing capability
  - keepalive sent after connection setup (eases identification for remote
diff --git a/TODO b/TODO
index 78b4b86..c5cd632 100644
--- a/TODO
+++ b/TODO
@@ -1,11 +1,12 @@
 * forward multicasting packets (ff00::/8)
 * frame checking may be improved
-* improve getopt() -- currently many things are hardcoded
 * generally improve tun opening routine
 * header compression
 * log levels and log output are currently somehow random
 * interaction with OS routing table to be able to forward packets to "foreign" networks beside the TOR prefix
 * peer list should be improved
+* IPv6 routing table should be improved (is just a flat list yet)
+* controller interface should be improved (is not thread-safe)
 //* IPv6 adresses are not checked for their validity
 //* garbage collector for packet queue missing
 //* garbage collector for session cleanup
@@ -20,3 +21,4 @@
 //* tun-header packet dependent
 //* IPv4 forwarding + routing
 //* fragment handler
+//* improve getopt() -- currently many things are hardcoded
diff --git a/src/ocatctrl.c b/src/ocatctrl.c
index 8930db5..22689b7 100644
--- a/src/ocatctrl.c
+++ b/src/ocatctrl.c
@@ -188,13 +188,22 @@ void *ctrl_handler(void *p)
          if (rlen > 6)
          {
             if ((c = parse_route(&buf[6])) == E_RT_SYNTAX)
-               c = ipv6_parse_route(&buf[6]);
+               if ((c = ipv6_parse_route(&buf[6])) > 0)
+                  c = 0;
             switch (c)
             {
                case E_RT_NOTORGW:
                   s = "gateway has not TOR prefix";
                   break;
 
+               case E_RT_ILLNM:
+                  s = "illegal netmask or prefix length";
+                  break;
+
+               case E_RT_DUP:
+                  s = "route already exists";
+                  break;
+
                case E_RT_GWSELF:
                   s = "gateway points to me";
                   break;
diff --git a/src/ocatipv6route.c b/src/ocatipv6route.c
index 2bea9db..6808742 100644
--- a/src/ocatipv6route.c
+++ b/src/ocatipv6route.c
@@ -42,22 +42,43 @@ static int v6route_cnt_ = 0;
 static pthread_mutex_t v6route_mutex_ = PTHREAD_MUTEX_INITIALIZER;
 
 
+/*! Reduce IPv6 address to prefix, i.e. cut off host id.
+ *  @param net IPv6 address
+ *  @param prefixlen Prefix length
+ */
+void ipv6_reduce(struct in6_addr *net, int prefixlen)
+{
+   int i;
+   char m;
+
+   for (i = 0; i < ((128 - prefixlen) >> 3); i++)
+      net->s6_addr[15 - i] = 0;
+
+   m = 0xff << (8 - (prefixlen % 8));
+   net->s6_addr[prefixlen >> 3] &= m;
+
+}
+
+
 /*! Lookup IPv6 route. 
  */
 struct in6_addr *ipv6_lookup_route(const struct in6_addr *dest)
 {
+   struct in6_addr addr;
    int i, n;
 
    pthread_mutex_lock(&v6route_mutex_);
    n = v6route_cnt_;
-   //for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&v6route_[i].dest); i++)
    for (i = 0; i < n; i++)
-      if (IN6_ARE_ADDR_EQUAL(&v6route_[i].dest, dest))
+   {
+      addr = *dest;
+      ipv6_reduce(&addr, v6route_[i].prefixlen);
+      if (IN6_ARE_ADDR_EQUAL(&v6route_[i].dest, &addr))
       {
          log_debug("IPv6 route found");
          break;
-         //return &v6route_[i].gw;
       }
+   }
    pthread_mutex_unlock(&v6route_mutex_);
    return i < n ? &v6route_[i].gw : NULL;
 }
@@ -147,6 +168,10 @@ int ipv6_parse_route(const char *rs)
    if (IN6_ARE_ADDR_EQUAL(&route6.gw, &CNF(ocat_addr)))
       return E_RT_GWSELF;
 
+   ipv6_reduce(&route6.dest, route6.prefixlen);
+   if (ipv6_lookup_route(&route6.dest))
+      return E_RT_DUP;
+
    return ipv6_add_route(&route6);
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onioncat.git