diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-06-20 04:54:59 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-06-20 04:54:59 +0000 |
commit | 73de609c5322d7942ab3fed452934d37f01a7e37 (patch) | |
tree | bc5acff8c59ed21fdeb7b235ac5162706786748d | |
parent | 41deedae4e299843e9336bbf5f7321b002e8b90a (diff) |
do not play with rcvif, if the traffic is non-IPv4.
by setting rcvif to enc*, we break IPv6 scope considerations.
-rw-r--r-- | sys/netinet/ipsec_input.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 4c17c487b10..f0152204e6e 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.28 2000/06/19 17:11:32 itojun Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.29 2000/06/20 04:54:58 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -203,10 +203,17 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) return ENXIO; } - if (tdbp->tdb_interface) - m->m_pkthdr.rcvif = (struct ifnet *) tdbp->tdb_interface; - else - m->m_pkthdr.rcvif = &encif[0].sc_if; + if (tdbp->tdb_dst.sa.sa_family == AF_INET) + { + /* + * XXX The fragment conflicts with scoped nature of IPv6, so do it for + * only for IPv4 for now + */ + if (tdbp->tdb_interface) + m->m_pkthdr.rcvif = (struct ifnet *) tdbp->tdb_interface; + else + m->m_pkthdr.rcvif = &encif[0].sc_if; + } /* Register first use, setup expiration timer */ if (tdbp->tdb_first_use == 0) @@ -252,6 +259,9 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) caddr_t sport = 0, dport = 0; int prot, af, sproto; struct flow *flow; +#if NBPFILTER > 0 + struct ifnet *bpfif; +#endif #ifdef INET struct ip *ip, ipn; @@ -566,7 +576,11 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) m->m_flags |= M_AUTH; #if NBPFILTER > 0 - if (m->m_pkthdr.rcvif->if_bpf) + if (tdbp->tdb_interface) + bpfif = (struct ifnet *) tdbp->tdb_interface; + else + bpfif = &encif[0].sc_if; + if (bpfif->if_bpf) { /* * We need to prepend the address family as @@ -586,7 +600,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) m1.m_len = ENC_HDRLEN; m1.m_data = (char *) &hdr; - bpf_mtap(m->m_pkthdr.rcvif->if_bpf, &m1); + bpf_mtap(bpfif->if_bpf, &m1); } #endif |