dark/zerotiertspu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check network ethernet type whitelist instead of hard-coded ethernet types.

Browse source
This commit is contained in:
Adam Ierymenko 2013-08-28 16:01:27 -04:00
parent 8e1b897f0a
commit 55616388ea
5 changed files with 83 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

7
node/Switch.cpp
View file

@ -85,13 +85,14 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
LOG("ignored tap: %s -> %s %s (bridging is not (yet?) supported)",from.toString().c_str(),to.toString().c_str(),Filter::etherTypeName(etherType));
return;
}
if (to == network->tap().mac()) {
LOG("%s: frame received from self, ignoring (bridge loop?)",network->tap().deviceName().c_str());
LOG("%s: frame received from self, ignoring (bridge loop? OS bug?)",network->tap().deviceName().c_str());
return;
}
if ((etherType != ZT_ETHERTYPE_ARP)&&(etherType != ZT_ETHERTYPE_IPV4)&&(etherType != ZT_ETHERTYPE_IPV6)) {
LOG("ignored tap: %s -> %s %s (not a supported etherType)",from.toString().c_str(),to.toString().c_str(),Filter::etherTypeName(etherType));
if (!network->permitsEtherType(etherType)) {
LOG("ignored tap: %s -> %s: ethernet type %s not allowed on network %.16llx",from.toString().c_str(),to.toString().c_str(),Filter::etherTypeName(etherType),(unsigned long long)network->id());
return;
}