'Re: [Ipsec-tools-devel] NetBSD pr/37644 - racoon fails to bring'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec-tools-devel
Subject:    Re: [Ipsec-tools-devel] NetBSD pr/37644 - racoon fails to bring
From:       "S.P.Zeidler" <spz () serpens ! de>
Date:       2008-02-08 12:33:16
Message-ID: 20080208123315.GH17439 () serpens ! de
[Download RAW message or body]

Hi,

Thus wrote Arnaud Ebalard (arno@natisbad.org):

good domainname ;->

> > unless someone protests before Sunday I'll commit the patch from
> > http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=37644
> > (adding scope as far as racoon uses it in ipsecdoi_id2sockaddr()
> > in ipsec-tools/src/racoon/ipsec_doi.c) to the NetBSD cvs.
> 
> It looks ok to me but can you describe the case where the copy of the
> scope_id value from id_b is useful (for link local address, obviously)? 

grabmyaddr.c recvaddrs() does:
	if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr))
		sin->sin6_scope_id = I->ifa_ifindex;

and grab_myaddrs() does (paraphrased):
	if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)
	 || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
	#ifdef KAME
		sin6->sin6_scope_id = ntohs(*(u_int16_t *)&sin6->sin6_addr.s6addr[2]);
	#else
		sin6->sin6_scope_id = if_nametoindex(ifap->ifa_name);
	#endif
	}

sockmisc.c recvfromto() has:
	if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
		sin6->sin6_scope_id = pi->ipi6_ifindex;
	else
		sin6->sin6_scope_id = 0;

So there are several generators of sockaddr_in6 that set sin6->sin6_scope_id.

For cases where a comparison is done between sockaddr_in6 created
from different functions (which doesn't seem to happen right now,
but that doesn't mean it won't happen in the future),
I assume/hope that whatever produces 'buf' for ipsecdoi_id2sockaddr
will continue to provide a value that matches above usage in the
linklocal case; it does so now. It's only the scope_global addresses
that have nothing useful set.

In the grabmyaddr.c recvaddrs case, a memset to 0 takes care of the
non-linklocal case.

regards,
	spz
-- 
spz@serpens.de (S.P.Zeidler)

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic