diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-21 20:44:55 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-21 20:44:55 +0000 |
| commit | 7799006bacfb065486aa79b2e20628a6cce97f13 (patch) | |
| tree | 0d1a17ec36d5c8dc7b5b1654dc0395951f5adf52 | |
| parent | a3df244991c0ff468244f2fc6aba00d2be940cea (diff) | |
make it possble to use IPsec over link-local address (policy table uses
sin6_scope_id, IPsec porion uses embedded form). beck ok
| -rw-r--r-- | sys/net/pfkeyv2_convert.c | 23 | ||||
| -rw-r--r-- | sys/netinet/ip_ipip.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 4 |
4 files changed, 27 insertions, 12 deletions
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 14415c99eca..f32cf9b814c 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.18 2003/12/02 23:16:29 markus Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.19 2004/06/21 20:44:54 itojun Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -98,7 +98,11 @@ #include <sys/kernel.h> #include <sys/socket.h> #include <net/route.h> +#include <net/if.h> #include <netinet/ip_ipsp.h> +#ifdef INET6 +#include <netinet6/in6_var.h> +#endif #include <net/pfkeyv2.h> #include <crypto/cryptodev.h> #include <crypto/xform.h> @@ -437,10 +441,6 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, (src->sa.sa_family != dstmask->sa.sa_family)) return; - /* Generic netmask handling, works for IPv4 and IPv6. */ - rt_maskedcopy(&src->sa, &src->sa, &srcmask->sa); - rt_maskedcopy(&dst->sa, &dst->sa, &dstmask->sa); - /* * We set these as an indication that tdb_filter/tdb_filtermask are * in fact initialized. @@ -452,6 +452,10 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, { #ifdef INET case AF_INET: + /* netmask handling */ + rt_maskedcopy(&src->sa, &src->sa, &srcmask->sa); + rt_maskedcopy(&dst->sa, &dst->sa, &dstmask->sa); + flow->sen_type = SENT_IP4; flow->sen_direction = ftype->sadb_protocol_direction; flow->sen_ip_src = src->sin.sin_addr; @@ -473,6 +477,15 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, #ifdef INET6 case AF_INET6: + in6_embedscope(&src->sin6.sin6_addr, &src->sin6, + NULL, NULL); + in6_embedscope(&dst->sin6.sin6_addr, &dst->sin6, + NULL, NULL); + + /* netmask handling */ + rt_maskedcopy(&src->sa, &src->sa, &srcmask->sa); + rt_maskedcopy(&dst->sa, &dst->sa, &dstmask->sa); + flow->sen_type = SENT_IP6; flow->sen_ip6_direction = ftype->sadb_protocol_direction; flow->sen_ip6_src = src->sin6.sin6_addr; diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 4b3631a4333..5772e6e8ec7 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.30 2003/12/10 07:22:43 itojun Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.31 2004/06/21 20:44:54 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -542,8 +542,8 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, ip6o->ip6_vfc |= IPV6_VERSION; ip6o->ip6_plen = htons(m->m_pkthdr.len); ip6o->ip6_hlim = ip_defttl; - ip6o->ip6_dst = tdb->tdb_dst.sin6.sin6_addr; - ip6o->ip6_src = tdb->tdb_src.sin6.sin6_addr; + in6_embedscope(&ip6o->ip6_src, &tdb->tdb_src.sin6, NULL, NULL); + in6_embedscope(&ip6o->ip6_dst, &tdb->tdb_dst.sin6, NULL, NULL); #ifdef INET if (tp == IPVERSION) { diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 4928b0d9bb4..a8099ead19a 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.48 2004/04/14 20:10:04 markus Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.49 2004/06/21 20:44:54 itojun Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -190,8 +190,8 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, sdst.sin6.sin6_family = ssrc.sin6.sin6_family = AF_INET6; sdst.sin6.sin6_len = ssrc.sin6.sin6_family = sizeof(struct sockaddr_in6); - ssrc.sin6.sin6_addr = ddst->sen_ip6_src; - sdst.sin6.sin6_addr = ddst->sen_ip6_dst; + in6_recoverscope(&ssrc.sin6, &ddst->sen_ip6_src, NULL); + in6_recoverscope(&sdst.sin6, &ddst->sen_ip6_dst, NULL); /* * If TCP/UDP, extract the port numbers to use in the lookup. diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index e2b1538ea08..0765dac25cd 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.72 2004/04/18 16:41:40 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.73 2004/06/21 20:44:54 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -178,6 +178,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, m_copydata(m, offsetof(struct ip6_hdr, ip6_dst), sizeof(struct in6_addr), (caddr_t) &(dst_address.sin6.sin6_addr)); + in6_recoverscope(&dst_address.sin6, &dst_address.sin6.sin6_addr, + NULL); break; #endif /* INET6 */ |