svn commit: r258670 - user/ae/inet6/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Wed Nov 27 04:31:03 UTC 2013
Author: ae
Date: Wed Nov 27 04:31:01 2013
New Revision: 258670
URL: http://svnweb.freebsd.org/changeset/base/258670
Log:
A try to clean up ipsec code from the embedded scope ids.
Modified:
user/ae/inet6/sys/netipsec/ipsec.c
user/ae/inet6/sys/netipsec/ipsec_output.c
user/ae/inet6/sys/netipsec/xform_ah.c
user/ae/inet6/sys/netipsec/xform_ipip.c
Modified: user/ae/inet6/sys/netipsec/ipsec.c
==============================================================================
--- user/ae/inet6/sys/netipsec/ipsec.c Wed Nov 27 03:05:24 2013 (r258669)
+++ user/ae/inet6/sys/netipsec/ipsec.c Wed Nov 27 04:31:01 2013 (r258670)
@@ -72,6 +72,7 @@
#include <netinet/ip6.h>
#ifdef INET6
#include <netinet6/ip6_var.h>
+#include <netinet6/scope6_var.h>
#endif
#include <netinet/in_pcb.h>
#ifdef INET6
@@ -793,8 +794,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
sin6->sin6_len = sizeof(struct sockaddr_in6);
bcopy(&ip6->ip6_src, &sin6->sin6_addr, sizeof(ip6->ip6_src));
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) {
- sin6->sin6_addr.s6_addr16[1] = 0;
- sin6->sin6_scope_id = ntohs(ip6->ip6_src.s6_addr16[1]);
+ if (m->m_pkthdr.rcvif != NULL) /* XXX */
+ sin6->sin6_scope_id = in6_getscopezone(
+ m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL);
}
spidx->prefs = sizeof(struct in6_addr) << 3;
@@ -804,8 +806,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
sin6->sin6_len = sizeof(struct sockaddr_in6);
bcopy(&ip6->ip6_dst, &sin6->sin6_addr, sizeof(ip6->ip6_dst));
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
- sin6->sin6_addr.s6_addr16[1] = 0;
- sin6->sin6_scope_id = ntohs(ip6->ip6_dst.s6_addr16[1]);
+ if (m->m_pkthdr.rcvif != NULL) /* XXX */
+ sin6->sin6_scope_id = in6_getscopezone(
+ m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL);
}
spidx->prefd = sizeof(struct in6_addr) << 3;
Modified: user/ae/inet6/sys/netipsec/ipsec_output.c
==============================================================================
--- user/ae/inet6/sys/netipsec/ipsec_output.c Wed Nov 27 03:05:24 2013 (r258669)
+++ user/ae/inet6/sys/netipsec/ipsec_output.c Wed Nov 27 04:31:01 2013 (r258670)
@@ -62,6 +62,7 @@
#include <netinet/ip6.h>
#ifdef INET6
#include <netinet6/ip6_var.h>
+#include <netinet6/scope6_var.h>
#endif
#include <netinet/in_pcb.h>
#ifdef INET6
@@ -328,11 +329,12 @@ again:
sin6->sin6_family = AF_INET6;
sin6->sin6_port = IPSEC_PORT_ANY;
sin6->sin6_addr = ip6->ip6_src;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) {
+ if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) &&
+ m->m_pkthdr.rcvif != NULL) {
/* fix scope id for comparing SPD */
- sin6->sin6_addr.s6_addr16[1] = 0;
- sin6->sin6_scope_id =
- ntohs(ip6->ip6_src.s6_addr16[1]);
+ sin6->sin6_scope_id = in6_getscopezone(
+ m->m_pkthdr.rcvif,
+ IPV6_ADDR_SCOPE_LINKLOCAL);
}
}
if (saidx->dst.sin6.sin6_len == 0) {
@@ -341,11 +343,12 @@ again:
sin6->sin6_family = AF_INET6;
sin6->sin6_port = IPSEC_PORT_ANY;
sin6->sin6_addr = ip6->ip6_dst;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
+ if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) &&
+ m->m_pkthdr.rcvif != NULL) {
/* fix scope id for comparing SPD */
- sin6->sin6_addr.s6_addr16[1] = 0;
- sin6->sin6_scope_id =
- ntohs(ip6->ip6_dst.s6_addr16[1]);
+ sin6->sin6_scope_id = in6_getscopezone(
+ m->m_pkthdr.rcvif,
+ IPV6_ADDR_SCOPE_LINKLOCAL);
}
}
}
@@ -745,12 +748,6 @@ ipsec6_encapsulate(struct mbuf *m, struc
ip6 = mtod(m, struct ip6_hdr *);
bcopy((caddr_t)ip6, (caddr_t)oip6, sizeof(struct ip6_hdr));
- /* Fake link-local scope-class addresses */
- if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_src))
- oip6->ip6_src.s6_addr16[1] = 0;
- if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_dst))
- oip6->ip6_dst.s6_addr16[1] = 0;
-
/* construct new IPv6 header. see RFC 2401 5.1.2.2 */
/* ECN consideration. */
ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
Modified: user/ae/inet6/sys/netipsec/xform_ah.c
==============================================================================
--- user/ae/inet6/sys/netipsec/xform_ah.c Wed Nov 27 03:05:24 2013 (r258669)
+++ user/ae/inet6/sys/netipsec/xform_ah.c Wed Nov 27 04:31:01 2013 (r258670)
@@ -433,12 +433,6 @@ ah_massage_headers(struct mbuf **m0, int
ip6.ip6_vfc &= ~IPV6_VERSION_MASK;
ip6.ip6_vfc |= IPV6_VERSION;
- /* Scoped address handling. */
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src))
- ip6.ip6_src.s6_addr16[1] = 0;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst))
- ip6.ip6_dst.s6_addr16[1] = 0;
-
/* Done with IPv6 header. */
m_copyback(m, 0, sizeof(struct ip6_hdr), (caddr_t) &ip6);
Modified: user/ae/inet6/sys/netipsec/xform_ipip.c
==============================================================================
--- user/ae/inet6/sys/netipsec/xform_ipip.c Wed Nov 27 03:05:24 2013 (r258669)
+++ user/ae/inet6/sys/netipsec/xform_ipip.c Wed Nov 27 04:31:01 2013 (r258670)
@@ -536,11 +536,6 @@ ipip_output(
/* scoped address handling */
ip6 = mtod(m, struct ip6_hdr *);
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
- ip6->ip6_src.s6_addr16[1] = 0;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
- ip6->ip6_dst.s6_addr16[1] = 0;
-
M_PREPEND(m, sizeof(struct ip6_hdr), M_NOWAIT);
if (m == 0) {
DPRINTF(("%s: M_PREPEND failed\n", __func__));
More information about the svn-src-user
mailing list