use the ipv6 dst addr to look up an ipsec tdb in bridge_ipsec in.

using the ipv6 next protocol header probably doesnt work. it also
probably doesnt matter cos i'm not sure anyone uses this feature in
bridge. or maybe there isn't anyone who uses ipv6. both are plausible
options.

hahaha^Wok patrick@

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 6f45ec1..3b526e6 100644 (file)
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_bridge.c,v 1.349 2021/01/28 20:06:38 mvs Exp $     */
+/*     $OpenBSD: if_bridge.c,v 1.350 2021/02/23 09:51:08 dlg Exp $     */
 
 /*
  * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@@ -1534,7 +1534,7 @@ bridge_ipsec(struct ifnet *ifp, struct ether_header *eh, int hassnap,
                        bzero(&dst, sizeof(union sockaddr_union));
                        dst.sa.sa_family = AF_INET6;
                        dst.sin6.sin6_len = sizeof(struct sockaddr_in6);
-                       m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt),
+                       m_copydata(m, offsetof(struct ip6_hdr, ip6_dst),
                            sizeof(struct in6_addr),
                            (caddr_t)&dst.sin6.sin6_addr);