From owner-svn-src-head@FreeBSD.ORG Thu May 28 19:28:09 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CAD5A448; Thu, 28 May 2015 19:28:09 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9FF229B2; Thu, 28 May 2015 19:28:09 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4SJS9Oe009945; Thu, 28 May 2015 19:28:09 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4SJS94f009944; Thu, 28 May 2015 19:28:09 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201505281928.t4SJS94f009944@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Thu, 28 May 2015 19:28:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r283665 - head/sys/netinet X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 19:28:09 -0000 Author: tuexen Date: Thu May 28 19:28:08 2015 New Revision: 283665 URL: https://svnweb.freebsd.org/changeset/base/283665 Log: Take source and destination address into account when determining the scope. This fixes a problem when a client with a global address connects to a server with a private address. Thanks to Irene Ruengeler in helping me to find the issue. MFC after: 3 days Modified: head/sys/netinet/sctp_output.c Modified: head/sys/netinet/sctp_output.c ============================================================================== --- head/sys/netinet/sctp_output.c Thu May 28 18:52:32 2015 (r283664) +++ head/sys/netinet/sctp_output.c Thu May 28 19:28:08 2015 (r283665) @@ -5612,7 +5612,8 @@ do_a_abort: stc.laddr_type = SCTP_IPV4_ADDRESS; /* scope_id is only for v6 */ stc.scope_id = 0; - if (IN4_ISPRIVATE_ADDRESS(&src4->sin_addr)) { + if ((IN4_ISPRIVATE_ADDRESS(&src4->sin_addr)) || + (IN4_ISPRIVATE_ADDRESS(&dst4->sin_addr))) { stc.ipv4_scope = 1; } /* Must use the address in this case */ @@ -5636,16 +5637,18 @@ do_a_abort: stc.local_scope = 0; stc.site_scope = 1; stc.ipv4_scope = 1; - } else if (IN6_IS_ADDR_LINKLOCAL(&src6->sin6_addr)) { + } else if (IN6_IS_ADDR_LINKLOCAL(&src6->sin6_addr) || + IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr)) { /* - * If the new destination is a - * LINK_LOCAL we must have common - * both site and local scope. Don't - * set local scope though since we - * must depend on the source to be - * added implicitly. We cannot - * assure just because we share one - * link that all links are common. + * If the new destination or source + * is a LINK_LOCAL we must have + * common both site and local scope. + * Don't set local scope though + * since we must depend on the + * source to be added implicitly. We + * cannot assure just because we + * share one link that all links are + * common. */ stc.local_scope = 0; stc.site_scope = 1; @@ -5661,11 +5664,12 @@ do_a_abort: * pull out the scope_id from * incoming pkt */ - } else if (IN6_IS_ADDR_SITELOCAL(&src6->sin6_addr)) { + } else if (IN6_IS_ADDR_SITELOCAL(&src6->sin6_addr) || + IN6_IS_ADDR_SITELOCAL(&dst6->sin6_addr)) { /* - * If the new destination is - * SITE_LOCAL then we must have site - * scope in common. + * If the new destination or source + * is SITE_LOCAL then we must have + * site scope in common. */ stc.site_scope = 1; }