IPv6 Linklocal address and IPSec bug

[Sebastien_(_dot_)_Josset_(_at_)_space_(_dot_)_alcatel_(_dot_)_fr]

Hi,


I've found and fixed a small bug in OpenBSD 3.3 Release IPv6/IPSec kernel stack.
Cyphered IPv6 packets with link local scope are dropped instead of beeing
uncyphered.
This is due to an internal hack for link local IPv6 address: For unicast link
local address bytes
from 10 to 63 must be set to 0. So developpers use them to store the network
interface index.

netinet6/ip6_input.c:345 : What is done
     if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
          ip6->ip6_dst.s6_addr16[1]
               = htons(m->m_pkthdr.rcvif->if_index);
the destination address has been modified and doesn't match no more with IPSec
Security Association.
When searching for the associated SA we need to put it to 0 again.

netinet/ipsec_input.c:182
     default:
          DPRINTF(("ipsec_common_input(): unsupported protocol "
              "family %d\n", af));
          m_freem(m);
          IPSEC_ISTAT(espstat.esps_nopf, ahstat.ahs_nopf,
              ipcompstat.ipcomps_nopf);
          return EPFNOSUPPORT;
     }
+    if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
+         ip6->ip6_dst.s6_addr16[1]
+              = 0;
     s = spltdb();
     tdbp = gettdb(spi, &dst_address, sproto);

I found it while testing IPv6/IPSec/Multicast.

Best regards,


Sébastien Josset
ALCATEL SPACE
Research Department/Advanced Telecom Satellite Systems
Tel : +33 (0)53435 5104  /  Fax : +33 (0)53435 5560
Porte : W218  /  E-Mail : sebastien_(_dot_)_josset_(_at_)_space_(_dot_)_alcatel_(_dot_)_fr