[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02047) Re: Suspicious change in ipv6_auth_hdr
- To: usagi-users@xxxxxxxxxxxxxx, kunihiro@xxxxxxxxxxxxxx
- Subject: (usagi-users 02047) Re: Suspicious change in ipv6_auth_hdr
- From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
- Date: Sat, 04 Jan 2003 16:41:12 +0900 (JST)
- In-reply-to: <87vg15xtvd.wl@ipinfusion.com>
- Organization: USAGI Project
- References: <87vg15xtvd.wl@ipinfusion.com>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Sender: "Hideaki YOSHIFUJI" <yoshfuji@xxxxxxxxxxxxxxxxxxxxxxxxx>
In article <87vg15xtvd.wl@xxxxxxxxxxxxxx> (at Fri, 03 Jan 2003 23:21:42 -0800), Kunihiro Ishiguro <kunihiro@xxxxxxxxxxxxxx> says:
> There is a below change in USAGI patch.
>
> net/ipv6/exthdr.c:ipv6_auth_hdr
>
> - len = (skb->h.raw[1]+1)<<2;
> + len = (skb->h.raw[1]+2)<<2;
>
> To get length of authentication header, original code uses offset 1.
> But USAGI patch changed it to offset 2. Isn't this bad? IPv6 AH
> header length is second octet so it seems orignal code is right.
RFC2402 2.2 Payload Length
:
This 8-bit field specifies the length of AH in 32-bit words (4-byte
units), minus "2". (All IPv6 extension headers, as per RFC 1883,
encode the "Hdr Ext Len" field by first subtracting 1 (64-bit word)
from the header length (measured in 64-bit words). AH is an IPv6
extension header. However, since its length is measured in 32-bit
words, the "Payload Length" is calculated by subtracting 2 (32 bit
words).) In the "standard" case of a 96-bit authentication value
This means:
PayloadLen = (length / 4) - 2
So, what we do to get length of the extension header is:
length = (PayloadLen + 2) * 4
Let
length = len
PayladLen = skb->h.raw[1]
then you will get
len = (skb->h.raw[1] + 2) * 4
= (skb->h.raw[1] + 2> << 2;
You get it?
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA