#include <net/ipv6.h>
#include <net/protocol.h>
#include <net/xfrm.h>
-#include <asm/scatterlist.h>
static int zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
{
goto error_free_iph;
}
- ah = (struct ip_auth_hdr *)skb_transport_header(skb);
+ ah = ip_auth_hdr(skb);
ah->nexthdr = nexthdr;
top_iph->priority = 0;
top_iph->hop_limit = 0;
ahp = x->data;
- ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) +
- ahp->icv_trunc_len) >> 2) - 2;
+ ah->hdrlen = (XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len) >> 2) - 2;
ah->reserved = 0;
ah->spi = x->id.spi;
* There is offset of AH before IPv6 header after the process.
*/
- struct ipv6_auth_hdr *ah;
+ struct ip_auth_hdr *ah;
struct ipv6hdr *ip6h;
struct ah_data *ahp;
unsigned char *tmp_hdr = NULL;
pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
goto out;
+ skb->ip_summed = CHECKSUM_NONE;
+
hdr_len = skb->data - skb_network_header(skb);
- ah = (struct ipv6_auth_hdr*)skb->data;
+ ah = (struct ip_auth_hdr *)skb->data;
ahp = x->data;
nexthdr = ah->nexthdr;
ah_hlen = (ah->hdrlen + 2) << 2;
- if (ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_full_len) &&
- ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len))
+ if (ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_full_len) &&
+ ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len))
goto out;
if (!pskb_may_pull(skb, ah_hlen))
ip6h->flow_lbl[2] = 0;
ip6h->hop_limit = 0;
+ spin_lock(&x->lock);
{
u8 auth_data[MAX_AH_AUTH_LEN];
skb_push(skb, hdr_len);
err = ah_mac_digest(ahp, skb, ah->auth_data);
if (err)
- goto free_out;
- err = -EINVAL;
+ goto unlock;
if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n");
- x->stats.integrity_failed++;
- goto free_out;
+ err = -EBADMSG;
}
}
+unlock:
+ spin_unlock(&x->lock);
+
+ if (err)
+ goto free_out;
skb->network_header += ah_hlen;
memcpy(skb_network_header(skb), tmp_hdr, hdr_len);
if (!ahp->work_icv)
goto error;
- x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);
- if (x->props.mode == XFRM_MODE_TUNNEL)
+ x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
+ ahp->icv_trunc_len);
+ switch (x->props.mode) {
+ case XFRM_MODE_BEET:
+ case XFRM_MODE_TRANSPORT:
+ break;
+ case XFRM_MODE_TUNNEL:
x->props.header_len += sizeof(struct ipv6hdr);
+ break;
+ default:
+ goto error;
+ }
x->data = ahp;
return 0;