diff options
| author |   todd <todd@openbsd.org> | 2008-06-10 09:57:51 +0000 |
|---|---|---|
| committer | todd <todd@openbsd.org> | 2008-06-10 09:57:51 +0000 |
| commit | 424a21ea430a2a98a95825b605dc02716630a21f (patch) | |
| tree | f132f92f4aa80a7082716c9aa257b62717ebd22e /sys/netinet/ip_ipip.c | |
| parent | sync (diff) | |
| download | wireguard-openbsd-424a21ea430a2a98a95825b605dc02716630a21f.tar.xz wireguard-openbsd-424a21ea430a2a98a95825b605dc02716630a21f.zip | |
encapsulating v4 in v6 IPSec should not be so fun,
do not process v4 headers as v6, 255 TTL + icmp (0x01) = ff01:: suddenly, eww!
debugged with bluhm@, verified by grunk@, ok markus@
Diffstat (limited to 'sys/netinet/ip_ipip.c')
| -rw-r--r-- | sys/netinet/ip_ipip.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index c763e9b6bd7..6a4c3bc4f43 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.40 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.41 2008/06/10 09:57:51 todd Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -496,12 +496,15 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, return ENOBUFS; } - /* scoped address handling */ - ip6 = mtod(m, struct ip6_hdr *); - if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) - ip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = 0; + /* If the inner protocol is IPv6, clear link local scope */ + if (tp == (IPV6_VERSION >> 4)) { + /* scoped address handling */ + ip6 = mtod(m, struct ip6_hdr *); + if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) + ip6->ip6_src.s6_addr16[1] = 0; + if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) + ip6->ip6_dst.s6_addr16[1] = 0; + } M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == 0) { |