X-Git-Url: http://pilppa.org/gitweb/?a=blobdiff_plain;f=net%2Fipv6%2Fah6.c;h=2ff0c8233e47a0096e5670aaa3e41d80d7e3f6a3;hb=72441bdc76f7f71d7b75cdaa48f26dbb1f3d932e;hp=67cd06613a253b3fc6197726dc259764b2be0f34;hpb=4fa4d23fa20de67df919030c1216295664866ad7;p=linux-2.6-omap-h63xx.git diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 67cd06613a2..2ff0c8233e4 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -35,7 +35,6 @@ #include #include #include -#include static int zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr) { @@ -284,7 +283,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) ah->reserved = 0; ah->spi = x->id.spi; - ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); + ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); spin_lock_bh(&x->lock); err = ah_mac_digest(ahp, skb, ah->auth_data); @@ -371,6 +370,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) ip6h->flow_lbl[2] = 0; ip6h->hop_limit = 0; + spin_lock(&x->lock); { u8 auth_data[MAX_AH_AUTH_LEN]; @@ -379,14 +379,15 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) skb_push(skb, hdr_len); err = ah_mac_digest(ahp, skb, ah->auth_data); if (err) - goto free_out; - err = -EINVAL; - if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) { - LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n"); - x->stats.integrity_failed++; - goto free_out; - } + goto unlock; + if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) + err = -EBADMSG; } +unlock: + spin_unlock(&x->lock); + + if (err) + goto free_out; skb->network_header += ah_hlen; memcpy(skb_network_header(skb), tmp_hdr, hdr_len); @@ -483,6 +484,7 @@ static int ah6_init_state(struct xfrm_state *x) break; case XFRM_MODE_TUNNEL: x->props.header_len += sizeof(struct ipv6hdr); + break; default: goto error; } @@ -513,7 +515,7 @@ static void ah6_destroy(struct xfrm_state *x) kfree(ahp); } -static struct xfrm_type ah6_type = +static const struct xfrm_type ah6_type = { .description = "AH6", .owner = THIS_MODULE,