(usagi-users 03094) kernel cannot process an IPv6 destination options header after the AH header.

[Ueki Kohei <ueki.kohei@xxxxxxxxxxxxxx>]

Hello All.

I found a problem in the current Usagi kernel(usagi-linux26-s20041025).
The kernel cannot process an Destination Options Extention Header after 
the AH Header in an IPv6 packet.

According to RFC2402 and draft-ietf-ipsec-rfc2402bis-08.txt, 
the destination options extension header(s) could appear before or after 
or both before and after the AH header depending on the 
semantics desired.
But, the function ipv6_clear_mutable_options() cannot treat the 
destination options extension header after the AH header.

I tried the TAHI test item ipsec#20. 
This test item uses a destination option header after AH, and the
test is failed.
This test item is passed when the undermentioned patch is applied.


A patch to solve this problem is shown below.
--------- begin from here ----------------
--- ah6.c.ORIG	2004-11-05 13:53:29.980203625 +0900
+++ ah6.c	2004-11-05 13:54:10.584381917 +0900
@@ -123,10 +123,10 @@
 	} exthdr = { .iph = iph };
 	char *end = exthdr.raw + len;
 	int nexthdr = iph->nexthdr;
-
+	struct ipv6_auth_hdr *ah;
 	exthdr.iph++;
 
-	while (exthdr.raw < end) {
+	while (exthdr.raw <= end) {
 		switch (nexthdr) {
 		case NEXTHDR_HOP:
 		case NEXTHDR_DEST:
@@ -142,7 +142,18 @@
 		case NEXTHDR_ROUTING:
 			ipv6_rearrange_rthdr(iph, exthdr.rth);
 			break;
-
+		
+		case NEXTHDR_AUTH:
+			ah=(struct ipv6_auth_hdr *)exthdr.opth;
+			if(ah->nexthdr == NEXTHDR_DEST){
+				exthdr.opth += sizeof(struct ipv6_auth_hdr);
+				if (!zero_out_mutable_opts(exthdr.opth)) {
+					LIMIT_NETDEBUG(printk(
+						KERN_WARNING "overrun destopt\n"));
+					return -EINVAL;
+				}
+			}
+ 
 		default :
 			return 0;
 		}
--------- end to here ----------------

Regard,
Ueki Kohei