From owner-svn-src-user@FreeBSD.ORG  Wed Nov 27 04:31:03 2013
Return-Path: <owner-svn-src-user@FreeBSD.ORG>
Delivered-To: svn-src-user@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3F2DF3FA;
 Wed, 27 Nov 2013 04:31:03 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 20217259C;
 Wed, 27 Nov 2013 04:31:03 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rAR4V2k7097019;
 Wed, 27 Nov 2013 04:31:02 GMT (envelope-from ae@svn.freebsd.org)
Received: (from ae@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id rAR4V2j7097015;
 Wed, 27 Nov 2013 04:31:02 GMT (envelope-from ae@svn.freebsd.org)
Message-Id: <201311270431.rAR4V2j7097015@svn.freebsd.org>
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Wed, 27 Nov 2013 04:31:02 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
Subject: svn commit: r258670 - user/ae/inet6/sys/netipsec
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
 src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user/>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 04:31:03 -0000

Author: ae
Date: Wed Nov 27 04:31:01 2013
New Revision: 258670
URL: http://svnweb.freebsd.org/changeset/base/258670

Log:
  A try to clean up ipsec code from the embedded scope ids.

Modified:
  user/ae/inet6/sys/netipsec/ipsec.c
  user/ae/inet6/sys/netipsec/ipsec_output.c
  user/ae/inet6/sys/netipsec/xform_ah.c
  user/ae/inet6/sys/netipsec/xform_ipip.c

Modified: user/ae/inet6/sys/netipsec/ipsec.c
==============================================================================
--- user/ae/inet6/sys/netipsec/ipsec.c	Wed Nov 27 03:05:24 2013	(r258669)
+++ user/ae/inet6/sys/netipsec/ipsec.c	Wed Nov 27 04:31:01 2013	(r258670)
@@ -72,6 +72,7 @@
 #include <netinet/ip6.h>
 #ifdef INET6
 #include <netinet6/ip6_var.h>
+#include <netinet6/scope6_var.h>
 #endif
 #include <netinet/in_pcb.h>
 #ifdef INET6
@@ -793,8 +794,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
 	sin6->sin6_len = sizeof(struct sockaddr_in6);
 	bcopy(&ip6->ip6_src, &sin6->sin6_addr, sizeof(ip6->ip6_src));
 	if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) {
-		sin6->sin6_addr.s6_addr16[1] = 0;
-		sin6->sin6_scope_id = ntohs(ip6->ip6_src.s6_addr16[1]);
+		if (m->m_pkthdr.rcvif != NULL) /* XXX */
+			sin6->sin6_scope_id = in6_getscopezone(
+			    m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL);
 	}
 	spidx->prefs = sizeof(struct in6_addr) << 3;
 
@@ -804,8 +806,9 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
 	sin6->sin6_len = sizeof(struct sockaddr_in6);
 	bcopy(&ip6->ip6_dst, &sin6->sin6_addr, sizeof(ip6->ip6_dst));
 	if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
-		sin6->sin6_addr.s6_addr16[1] = 0;
-		sin6->sin6_scope_id = ntohs(ip6->ip6_dst.s6_addr16[1]);
+		if (m->m_pkthdr.rcvif != NULL) /* XXX */
+			sin6->sin6_scope_id = in6_getscopezone(
+			    m->m_pkthdr.rcvif, IPV6_ADDR_SCOPE_LINKLOCAL);
 	}
 	spidx->prefd = sizeof(struct in6_addr) << 3;
 

Modified: user/ae/inet6/sys/netipsec/ipsec_output.c
==============================================================================
--- user/ae/inet6/sys/netipsec/ipsec_output.c	Wed Nov 27 03:05:24 2013	(r258669)
+++ user/ae/inet6/sys/netipsec/ipsec_output.c	Wed Nov 27 04:31:01 2013	(r258670)
@@ -62,6 +62,7 @@
 #include <netinet/ip6.h>
 #ifdef INET6
 #include <netinet6/ip6_var.h>
+#include <netinet6/scope6_var.h>
 #endif
 #include <netinet/in_pcb.h>
 #ifdef INET6
@@ -328,11 +329,12 @@ again:
 				sin6->sin6_family = AF_INET6;
 				sin6->sin6_port = IPSEC_PORT_ANY;
 				sin6->sin6_addr = ip6->ip6_src;
-				if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) {
+				if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) &&
+				    m->m_pkthdr.rcvif != NULL) {
 					/* fix scope id for comparing SPD */
-					sin6->sin6_addr.s6_addr16[1] = 0;
-					sin6->sin6_scope_id =
-					    ntohs(ip6->ip6_src.s6_addr16[1]);
+					sin6->sin6_scope_id = in6_getscopezone(
+					    m->m_pkthdr.rcvif,
+					    IPV6_ADDR_SCOPE_LINKLOCAL);
 				}
 			}
 			if (saidx->dst.sin6.sin6_len == 0) {
@@ -341,11 +343,12 @@ again:
 				sin6->sin6_family = AF_INET6;
 				sin6->sin6_port = IPSEC_PORT_ANY;
 				sin6->sin6_addr = ip6->ip6_dst;
-				if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
+				if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) &&
+				    m->m_pkthdr.rcvif != NULL) {
 					/* fix scope id for comparing SPD */
-					sin6->sin6_addr.s6_addr16[1] = 0;
-					sin6->sin6_scope_id =
-					    ntohs(ip6->ip6_dst.s6_addr16[1]);
+					sin6->sin6_scope_id = in6_getscopezone(
+					    m->m_pkthdr.rcvif,
+					    IPV6_ADDR_SCOPE_LINKLOCAL);
 				}
 			}
 		}
@@ -745,12 +748,6 @@ ipsec6_encapsulate(struct mbuf *m, struc
 	ip6 = mtod(m, struct ip6_hdr *);
 	bcopy((caddr_t)ip6, (caddr_t)oip6, sizeof(struct ip6_hdr));
 
-	/* Fake link-local scope-class addresses */
-	if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_src))
-		oip6->ip6_src.s6_addr16[1] = 0;
-	if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_dst))
-		oip6->ip6_dst.s6_addr16[1] = 0;
-
 	/* construct new IPv6 header. see RFC 2401 5.1.2.2 */
 	/* ECN consideration. */
 	ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);

Modified: user/ae/inet6/sys/netipsec/xform_ah.c
==============================================================================
--- user/ae/inet6/sys/netipsec/xform_ah.c	Wed Nov 27 03:05:24 2013	(r258669)
+++ user/ae/inet6/sys/netipsec/xform_ah.c	Wed Nov 27 04:31:01 2013	(r258670)
@@ -433,12 +433,6 @@ ah_massage_headers(struct mbuf **m0, int
 		ip6.ip6_vfc &= ~IPV6_VERSION_MASK;
 		ip6.ip6_vfc |= IPV6_VERSION;
 
-		/* Scoped address handling. */
-		if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src))
-			ip6.ip6_src.s6_addr16[1] = 0;
-		if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst))
-			ip6.ip6_dst.s6_addr16[1] = 0;
-
 		/* Done with IPv6 header. */
 		m_copyback(m, 0, sizeof(struct ip6_hdr), (caddr_t) &ip6);
 

Modified: user/ae/inet6/sys/netipsec/xform_ipip.c
==============================================================================
--- user/ae/inet6/sys/netipsec/xform_ipip.c	Wed Nov 27 03:05:24 2013	(r258669)
+++ user/ae/inet6/sys/netipsec/xform_ipip.c	Wed Nov 27 04:31:01 2013	(r258670)
@@ -536,11 +536,6 @@ ipip_output(
 
 		/* scoped address handling */
 		ip6 = mtod(m, struct ip6_hdr *);
-		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
-			ip6->ip6_src.s6_addr16[1] = 0;
-		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
-			ip6->ip6_dst.s6_addr16[1] = 0;
-
 		M_PREPEND(m, sizeof(struct ip6_hdr), M_NOWAIT);
 		if (m == 0) {
 			DPRINTF(("%s: M_PREPEND failed\n", __func__));