git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev.stipakov@f-secure.com>
	Thu, 3 Nov 2016 21:28:23 +0000 (23:28 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 4 Nov 2016 09:05:59 +0000 (10:05 +0100)
commit	e8c42658ff8df10ad56659788a73900648b9d92d
tree	8ac1fa85de1f8c6ed3f6bffc4949ef5a55843d1e	tree
parent	beaa6564a7ce3e48473a8bde7b4f9291df490d62	commit \| diff

Drop recursively routed packets

v4:
- Account for IP header offset in TAP mode
- Correct handle of non-IP protocols in TAP mode

v3: Use better way of figuring out IP proto version which
does not break TAP mode. Add an option to allow recursive
routing, could be useful when packets sent by openvpn itself
are not subject to the routing tables that would move packets
into the tunnel.

v2: better method naming

On certain OSes (Windows, OS X) when network adapter is
disabled (ethernet cable pulled off, Wi-Fi hardware switch disabled),
operating system starts to use tun as an external interface.
Outgoing packets are routed to tun, UDP encapsulated, given to
routing table and sent to.. tun.

As a consequence, system starts talking to itself on full power,
traffic counters skyrocket and user is not happy.

To prevent that, drop packets which have gateway IP as
destination address.

Tested on Win7/10, OS X, Linux.

Trac #642

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1478208503-25929-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12894.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/forward.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/proto.h		diff \| blob \| blame \| history