(usagi-users 01468) Re: 5 bugs in AH + fragmentation ( and PATCH)

[Kazunori MIYAZAWA <miyazawa@xxxxxxxxxxxxxxxxx>]

On Thu, 16 May 2002 09:24:19 -0700
"David Stevens" <dlstevens@xxxxxxxxxx> wrote:

> >> 2) A recent change removed the lines:
> >>
> >>       pseudo_authhdr->spi = authhdr->spi;
> >>       pseudo_authhdr->seq_no = authhdr->seq_no;
> >>
> >>    from ipsec6_ah_calc(). Without them, the sequence number and spi are
> >>    not included in the digest calculation, and all output AH digests for
> >>    fragmented packets are incorrect. Fix: readd the lines
> >
> >In ipsec6_ah_calc, the authhdr points an address of AH on skb.
> >memcpy at line 281 in ipsec6_utils.c copys packet to pseudo_packet
> including
> >AH with spi and seq_no.
> >
> >I guess 2) is not needed.
> 
>       I thought that's why you might have removed it, and I didn't get
> the details from the code, but they are not set without the lines. I used
> printk() to print the buffer, and it fails for all output digests without
> these lines. I assume "authhdr" isn't pointing to the first skb's header
> area at the point this is done, but I didn't track it down. I just know
> without those lines, the seq_no and spi are not set in "pseudo_packet" and
> the digest is incorrect.
> 

Sorry, I guessed wrong. It is necessary.

--Kazunori Miyazawa(YOKOGAWA Electric Corporation)