[src/trunk]: src/sys/netipsec deal with IPv6 address scope, so that SA lookup...

[drochner <drochner%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/833c1bd46baa
branches:  trunk
changeset: 762273:833c1bd46baa
user:      drochner <drochner%NetBSD.org@localhost>
date:      Fri Feb 18 16:10:11 2011 +0000

description:
deal with IPv6 address scope, so that SA lookup for
link-local addresses works
(PR kern/43071 is related, but refers to KAME IPSEC)

diffstat:

 sys/netipsec/ipsec_input.c |  9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diffs (37 lines):

diff -r 435934763ee1 -r 833c1bd46baa sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c        Fri Feb 18 16:10:09 2011 +0000
+++ b/sys/netipsec/ipsec_input.c        Fri Feb 18 16:10:11 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $        */
+/*     $NetBSD: ipsec_input.c,v 1.26 2011/02/18 16:10:11 drochner Exp $        */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
 /*     $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $        */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.26 2011/02/18 16:10:11 drochner Exp $");
 
 /*
  * IPsec input processing.
@@ -75,6 +75,7 @@
 #ifdef INET6
 #include <netinet6/ip6_var.h>
 #include <netinet6/ip6_private.h>
+#include <netinet6/scope6_var.h>
 #endif
 #include <netinet/in_pcb.h>
 #ifdef INET6
@@ -204,6 +205,10 @@
                m_copydata(m, offsetof(struct ip6_hdr, ip6_dst),
                    sizeof(struct in6_addr),
                    &dst_address.sin6.sin6_addr);
+               if (sa6_recoverscope(&dst_address.sin6)) {
+                       m_freem(m);
+                       return EINVAL;
+               }
                break;
 #endif /* INET6 */
        default: