catch a case where an ip6 address with scope embedded was compared with
one without -- interestingly this didn't break the connection but just caused a useless encapsulation (this code needs to be rearranged to get it clean)
This commit is contained in:
parent
23ffdf5bd3
commit
813bea3edb
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ipsec_output.c,v 1.35 2011/06/07 15:54:57 drochner Exp $ */
|
||||
/* $NetBSD: ipsec_output.c,v 1.36 2011/06/09 21:04:37 drochner Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
|
||||
|
@ -29,7 +29,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.35 2011/06/07 15:54:57 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.36 2011/06/09 21:04:37 drochner Exp $");
|
||||
|
||||
/*
|
||||
* IPsec output processing.
|
||||
|
@ -632,6 +632,18 @@ bad:
|
|||
#endif
|
||||
|
||||
#ifdef INET6
|
||||
static int
|
||||
in6_sa_equal_addrwithscope(const struct sockaddr_in6 *sa, const struct in6_addr *ia)
|
||||
{
|
||||
struct in6_addr ia2;
|
||||
|
||||
memcpy(&ia2, &sa->sin6_addr, sizeof(ia2));
|
||||
if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6_addr))
|
||||
ia2.s6_addr16[1] = htons(sa->sin6_scope_id);
|
||||
|
||||
return IN6_ARE_ADDR_EQUAL(ia, &ia2);
|
||||
}
|
||||
|
||||
int
|
||||
ipsec6_process_packet(
|
||||
struct mbuf *m,
|
||||
|
@ -673,7 +685,7 @@ ipsec6_process_packet(
|
|||
dst->sa.sa_family != AF_INET6 || /* PF mismatch */
|
||||
((dst->sa.sa_family == AF_INET6) &&
|
||||
(!IN6_IS_ADDR_UNSPECIFIED(&dst->sin6.sin6_addr)) &&
|
||||
(!IN6_ARE_ADDR_EQUAL(&dst->sin6.sin6_addr,
|
||||
(!in6_sa_equal_addrwithscope(&dst->sin6,
|
||||
&ip6->ip6_dst)))) {
|
||||
struct mbuf *mp;
|
||||
|
||||
|
|
Loading…
Reference in New Issue