ah_output_done, as the callback function for the digest function, receives the exit status in err, and calls xfrm_output_resume, which also takes a parameter called err. Assuming that the digest function exited successfully, the value of err is 0, and prevents xfrm_output_resume from calling ah_output, which calls the digest function, again. However, setting the value of err to ah->nexthdr gives err a positive protocol value, resulting in infinite calls of the digest function, preventing the sending of the packet to the network.
It appears that, except for the first call, xfrm_output_resume should take err directly from the value that ah_output_done receives, like esp_output_done, and unlike ah_input_done, which calls xfrm_input_resume, which explicitly takes a parameter called nexthdr. When the change was made, ICMP would work with ah transport mode. Signed-off-by: Yuan Kang <yuan.k...@freescale.com> --- net/ipv4/ah4.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index c1f4154..33ca186 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -136,8 +136,6 @@ static void ah_output_done(struct crypto_async_request *base, int err) memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr)); } - err = ah->nexthdr; - kfree(AH_SKB_CB(skb)->tmp); xfrm_output_resume(skb, err); } -- 220.127.116.11 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html