diff options
author | Todd T. Fries <todd@cvs.openbsd.org> | 2008-06-10 09:57:52 +0000 |
---|---|---|
committer | Todd T. Fries <todd@cvs.openbsd.org> | 2008-06-10 09:57:52 +0000 |
commit | 9b4dd576eb25626fd0e2ab45791851de8ec632c8 (patch) | |
tree | 307db713136abb298ae7847178596125ddaf4432 | |
parent | 1130db200aafcf42fe2141efb832a58bcd44ab5f (diff) |
encapsulating v4 in v6 IPSec should not be so fun,
do not process v4 headers as v6, 255 TTL + icmp (0x01) = ff01:: suddenly, eww!
debugged with bluhm@, verified by grunk@, ok markus@
-rw-r--r-- | sys/netinet/ip_ipip.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index c763e9b6bd7..6a4c3bc4f43 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.40 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.41 2008/06/10 09:57:51 todd Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -496,12 +496,15 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, return ENOBUFS; } - /* scoped address handling */ - ip6 = mtod(m, struct ip6_hdr *); - if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) - ip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = 0; + /* If the inner protocol is IPv6, clear link local scope */ + if (tp == (IPV6_VERSION >> 4)) { + /* scoped address handling */ + ip6 = mtod(m, struct ip6_hdr *); + if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) + ip6->ip6_src.s6_addr16[1] = 0; + if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) + ip6->ip6_dst.s6_addr16[1] = 0; + } M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == 0) { |