Subject: Re: kern/34734: ipsec tunnels over ipv6 are broken
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Michael van Elst <mlelstv@serpens.de>
List: netbsd-bugs
Date: 12/10/2006 13:10:03
The following reply was made to PR kern/34734; it has been noted by GNATS.

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/34734: ipsec tunnels over ipv6 are broken
Date: Sun, 10 Dec 2006 14:06:31 +0100

 This patch from JINMEI Tatuya looks better. But I haven't been able
 to test it for scoped addresses under netbsd4.
 
 Index: ipsec.c
 ===================================================================
 RCS file: /cvsroot/src/sys/netinet6/ipsec.c,v
 retrieving revision 1.110
 diff -r1.110 ipsec.c
 3331,3332c3331
 < 	struct sockaddr_in6 *sin6;
 < 	struct in6_addr in6;
 ---
 > 	struct sockaddr_in6 sin6;
 3341,3342c3340,3343
 < 		sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);
 < 		if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &in6))
 ---
 > 		sin6 = *((struct sockaddr_in6 *)&sav->sah->saidx.dst);
 > 		if (sa6_embedscope(&sin6, 0) != 0)
 > 			return 0;
 > 		if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &sin6.sin6_addr))
 
 
 If nobody complains I will commit it.
 
 
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."