ah_output_done, as the callback function for the
digest function, receives the exit status in err,
and calls xfrm_output_resume, which also takes a
parameter called err.
Assuming that the digest function exited successfully,
the value of err is 0, and prevents xfrm_output_resume
from calling ah_output, which calls the digest function,
again. However, setting the value of err to ah->nexthdr
gives err a positive protocol value, resulting in
infinite calls of the digest function, preventing the
sending of the packet to the network.

It appears that, except for the first call,
xfrm_output_resume should take err directly from the
value that ah_output_done receives, like esp_output_done,
and unlike ah_input_done, which calls xfrm_input_resume,
which explicitly takes a parameter called nexthdr.
When the change was made, ICMP would work with ah transport

Signed-off-by: Yuan Kang <yuan.k...@freescale.com>
 net/ipv4/ah4.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index c1f4154..33ca186 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -136,8 +136,6 @@ static void ah_output_done(struct crypto_async_request 
*base, int err)
                memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
-       err = ah->nexthdr;
        xfrm_output_resume(skb, err);

To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to