Date: Wed, 27 Nov 2013 04:31:02 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r258670 - user/ae/inet6/sys/netipsec Message-ID: <201311270431.rAR4V2j7097015@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Wed Nov 27 04:31:01 2013 New Revision: 258670 URL: http://svnweb.freebsd.org/changeset/base/258670 Log: A try to clean up ipsec code from the embedded scope ids. Modified: user/ae/inet6/sys/netipsec/ipsec.c user/ae/inet6/sys/netipsec/ipsec_output.c user/ae/inet6/sys/netipsec/xform_ah.c user/ae/inet6/sys/netipsec/xform_ipip.c Modified: user/ae/inet6/sys/netipsec/ipsec.c ============================================================================== --- user/ae/inet6/sys/netipsec/ipsec.c Wed Nov 27 03:05:24 2013 (r258669) +++ user/ae/inet6/sys/netipsec/ipsec.c Wed Nov 27 04:31:01 2013 (r258670) @@ -72,6 +72,7 @@ #include <netinet/ip6.h> #ifdef INET6 #include <netinet6/ip6_var.h> +#include <netinet6/scope6_var.h> #endif #include <netinet/in_pcb.h> #ifdef INET6 @@ -793,8 +794,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s sin6->sin6_len = sizeof(struct sockaddr_in6); bcopy(&ip6->ip6_src, &sin6->sin6_addr, sizeof(ip6->ip6_src)); if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) { - sin6->sin6_addr.s6_addr16[1] = 0; - sin6->sin6_scope_id = ntohs(ip6->ip6_src.s6_addr16[1]); + if (m->m_pkthdr.rcvif != NULL) /* XXX */ + sin6->sin6_scope_id = in6_getscopezone( + m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL); } spidx->prefs = sizeof(struct in6_addr) << 3; @@ -804,8 +806,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s sin6->sin6_len = sizeof(struct sockaddr_in6); bcopy(&ip6->ip6_dst, &sin6->sin6_addr, sizeof(ip6->ip6_dst)); if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) { - sin6->sin6_addr.s6_addr16[1] = 0; - sin6->sin6_scope_id = ntohs(ip6->ip6_dst.s6_addr16[1]); + if (m->m_pkthdr.rcvif != NULL) /* XXX */ + sin6->sin6_scope_id = in6_getscopezone( + m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL); } spidx->prefd = sizeof(struct in6_addr) << 3; Modified: user/ae/inet6/sys/netipsec/ipsec_output.c ============================================================================== --- user/ae/inet6/sys/netipsec/ipsec_output.c Wed Nov 27 03:05:24 2013 (r258669) +++ user/ae/inet6/sys/netipsec/ipsec_output.c Wed Nov 27 04:31:01 2013 (r258670) @@ -62,6 +62,7 @@ #include <netinet/ip6.h> #ifdef INET6 #include <netinet6/ip6_var.h> +#include <netinet6/scope6_var.h> #endif #include <netinet/in_pcb.h> #ifdef INET6 @@ -328,11 +329,12 @@ again: sin6->sin6_family = AF_INET6; sin6->sin6_port = IPSEC_PORT_ANY; sin6->sin6_addr = ip6->ip6_src; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) { + if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) && + m->m_pkthdr.rcvif != NULL) { /* fix scope id for comparing SPD */ - sin6->sin6_addr.s6_addr16[1] = 0; - sin6->sin6_scope_id = - ntohs(ip6->ip6_src.s6_addr16[1]); + sin6->sin6_scope_id = in6_getscopezone( + m->m_pkthdr.rcvif, + IPV6_ADDR_SCOPE_LINKLOCAL); } } if (saidx->dst.sin6.sin6_len == 0) { @@ -341,11 +343,12 @@ again: sin6->sin6_family = AF_INET6; sin6->sin6_port = IPSEC_PORT_ANY; sin6->sin6_addr = ip6->ip6_dst; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) { + if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) && + m->m_pkthdr.rcvif != NULL) { /* fix scope id for comparing SPD */ - sin6->sin6_addr.s6_addr16[1] = 0; - sin6->sin6_scope_id = - ntohs(ip6->ip6_dst.s6_addr16[1]); + sin6->sin6_scope_id = in6_getscopezone( + m->m_pkthdr.rcvif, + IPV6_ADDR_SCOPE_LINKLOCAL); } } } @@ -745,12 +748,6 @@ ipsec6_encapsulate(struct mbuf *m, struc ip6 = mtod(m, struct ip6_hdr *); bcopy((caddr_t)ip6, (caddr_t)oip6, sizeof(struct ip6_hdr)); - /* Fake link-local scope-class addresses */ - if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_src)) - oip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_dst)) - oip6->ip6_dst.s6_addr16[1] = 0; - /* construct new IPv6 header. see RFC 2401 5.1.2.2 */ /* ECN consideration. */ ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow); Modified: user/ae/inet6/sys/netipsec/xform_ah.c ============================================================================== --- user/ae/inet6/sys/netipsec/xform_ah.c Wed Nov 27 03:05:24 2013 (r258669) +++ user/ae/inet6/sys/netipsec/xform_ah.c Wed Nov 27 04:31:01 2013 (r258670) @@ -433,12 +433,6 @@ ah_massage_headers(struct mbuf **m0, int ip6.ip6_vfc &= ~IPV6_VERSION_MASK; ip6.ip6_vfc |= IPV6_VERSION; - /* Scoped address handling. */ - if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src)) - ip6.ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst)) - ip6.ip6_dst.s6_addr16[1] = 0; - /* Done with IPv6 header. */ m_copyback(m, 0, sizeof(struct ip6_hdr), (caddr_t) &ip6); Modified: user/ae/inet6/sys/netipsec/xform_ipip.c ============================================================================== --- user/ae/inet6/sys/netipsec/xform_ipip.c Wed Nov 27 03:05:24 2013 (r258669) +++ user/ae/inet6/sys/netipsec/xform_ipip.c Wed Nov 27 04:31:01 2013 (r258670) @@ -536,11 +536,6 @@ ipip_output( /* scoped address handling */ ip6 = mtod(m, struct ip6_hdr *); - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) - ip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = 0; - M_PREPEND(m, sizeof(struct ip6_hdr), M_NOWAIT); if (m == 0) { DPRINTF(("%s: M_PREPEND failed\n", __func__));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311270431.rAR4V2j7097015>