Module Name: src
Committed By: drochner
Date: Fri Feb 18 16:10:11 UTC 2011
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
deal with IPv6 address scope, so that SA lookup for
link-local addresses works
(PR kern/43071 is related, but refers to KAME IPSEC)
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/sys/netipsec/ipsec_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.25 src/sys/netipsec/ipsec_input.c:1.26
--- src/sys/netipsec/ipsec_input.c:1.25 Thu Feb 17 20:20:18 2011
+++ src/sys/netipsec/ipsec_input.c Fri Feb 18 16:10:11 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.26 2011/02/18 16:10:11 drochner Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.26 2011/02/18 16:10:11 drochner Exp $");
/*
* IPsec input processing.
@@ -75,6 +75,7 @@
#ifdef INET6
#include <netinet6/ip6_var.h>
#include <netinet6/ip6_private.h>
+#include <netinet6/scope6_var.h>
#endif
#include <netinet/in_pcb.h>
#ifdef INET6
@@ -204,6 +205,10 @@
m_copydata(m, offsetof(struct ip6_hdr, ip6_dst),
sizeof(struct in6_addr),
&dst_address.sin6.sin6_addr);
+ if (sa6_recoverscope(&dst_address.sin6)) {
+ m_freem(m);
+ return EINVAL;
+ }
break;
#endif /* INET6 */
default:
