Page MenuHomeFreeBSD
Files F143970725

D51596.id159704.diff
No OneTemporary
Actions

D51596.id159704.diff
View Options

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -322,6 +322,8 @@
if (a6->sin6_port != b6->sin6_port)
return (false);
+ if (a6->sin6_scope_id != b6->sin6_scope_id)
+ return (false);
return (memcmp(&a6->sin6_addr, &b6->sin6_addr,
sizeof(a6->sin6_addr)) == 0);
@@ -392,6 +394,8 @@
{
int af;
+ memset(sa, 0, sizeof(*sa));
+
if (! nvlist_exists_number(nvl, "af"))
return (EINVAL);
if (! nvlist_exists_binary(nvl, "address"))
@@ -432,6 +436,10 @@
memcpy(&in6->sin6_addr, addr, sizeof(in6->sin6_addr));
in6->sin6_port = nvlist_get_number(nvl, "port");
+
+ if (nvlist_exists_number(nvl, "scopeid"))
+ in6->sin6_scope_id = nvlist_get_number(nvl, "scopeid");
+
break;
}
#endif
@@ -468,6 +476,7 @@
nvlist_add_number(nvl, "port", s6->sin6_port);
nvlist_add_binary(nvl, "address", &s6->sin6_addr,
sizeof(s6->sin6_addr));
+ nvlist_add_number(nvl, "scopeid", s6->sin6_scope_id);
break;
}
default:
@@ -725,7 +734,8 @@
NET_EPOCH_ENTER(et);
ret = in6_selectsrc_addr(curthread->td_proc->p_fibnum,
&TO_IN6(&peer->remote)->sin6_addr,
- 0, NULL, &TO_IN6(&peer->local)->sin6_addr, NULL);
+ TO_IN6(&peer->remote)->sin6_scope_id, NULL,
+ &TO_IN6(&peer->local)->sin6_addr, NULL);
NET_EPOCH_EXIT(et);
if (ret != 0) {
goto error;
@@ -2275,6 +2285,15 @@
memcpy(&ip6->ip6_dst, &in6_remote->sin6_addr,
sizeof(ip6->ip6_dst));
+ if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) {
+ /* Local and remote must have the same scope. */
+ ip6->ip6_src.__u6_addr.__u6_addr16[1] =
+ htons(in6_remote->sin6_scope_id & 0xffff);
+ }
+ if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst))
+ ip6->ip6_dst.__u6_addr.__u6_addr16[1] =
+ htons(in6_remote->sin6_scope_id & 0xffff);
+
udp = mtodo(m, sizeof(*ip6));
udp->uh_sum = in6_cksum_pseudo(ip6,
m->m_pkthdr.len - sizeof(struct ip6_hdr),
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -499,6 +499,81 @@
ovpn_cleanup
}
+atf_test_case "linklocal" "cleanup"
+linklocal_head()
+{
+ atf_set descr 'Use IPv6 link-local addresses'
+ atf_set require.user root
+ atf_set require.progs openvpn
+}
+
+linklocal_body()
+{
+ ovpn_init
+
+ l=$(vnet_mkepair)
+
+ vnet_mkjail a ${l}a
+ jexec a ifconfig ${l}a inet6 fe80::a/64 up no_dad
+ vnet_mkjail b ${l}b
+ jexec b ifconfig ${l}b inet6 fe80::b/64 up no_dad
+
+ # Sanity check
+ atf_check -s exit:0 -o ignore jexec a ping6 -c 1 fe80::b%${l}a
+
+ ovpn_start a "
+ dev ovpn0
+ dev-type tun
+ proto udp6
+
+ cipher AES-256-GCM
+ auth SHA256
+
+ local fe80::a%${l}a
+ server-ipv6 2001:db8:1::/64
+
+ ca $(atf_get_srcdir)/ca.crt
+ cert $(atf_get_srcdir)/server.crt
+ key $(atf_get_srcdir)/server.key
+ dh $(atf_get_srcdir)/dh.pem
+
+ mode server
+ script-security 2
+ auth-user-pass-verify /usr/bin/true via-env
+ topology subnet
+
+ keepalive 100 600
+ "
+ ovpn_start b "
+ dev tun0
+ dev-type tun
+
+ client
+
+ remote fe80::a%${l}b
+ auth-user-pass $(atf_get_srcdir)/user.pass
+
+ ca $(atf_get_srcdir)/ca.crt
+ cert $(atf_get_srcdir)/client.crt
+ key $(atf_get_srcdir)/client.key
+ dh $(atf_get_srcdir)/dh.pem
+
+ keepalive 100 600
+ "
+
+ # Give the tunnel time to come up
+ sleep 10
+ jexec a ifconfig
+
+ atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
+ atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
+}
+
+linklocal_cleanup()
+{
+ ovpn_cleanup
+}
+
atf_test_case "timeout_client" "cleanup"
timeout_client_head()
{
@@ -1412,6 +1487,7 @@
atf_add_test_case "6in4"
atf_add_test_case "6in6"
atf_add_test_case "4in6"
+ atf_add_test_case "linklocal"
atf_add_test_case "timeout_client"
atf_add_test_case "explicit_exit"
atf_add_test_case "multi_client"

File Metadata

Mime Type
text/plain
Expires
Tue, Feb 3, 6:21 PM (11 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28426026
Default Alt Text
D51596.id159704.diff (3 KB)

Event Timeline