2557 * before ICV calculation if ICV is not a multiple
2558 * of 64 bits. This padding is arbitrary and transmitted
2559 * with the packet at the end of the authentication data.
2560 * Payload length should include the padding bytes.
2561 *
2562 * 2) Explicit padding of the whole datagram may be
2563 * required by the algorithm which need not be
2564 * transmitted. It is assumed that this will be taken
2565 * care by the algorithm module.
2566 */
2567 bzero(phdr_ah + 1, ah_data_sz); /* Zero out ICV for pseudo-hdr. */
2568
2569 if (inbound_ah == NULL) {
2570 /* Outbound AH datagram. */
2571
2572 phdr_ah->ah_length = (ah_align_sz >> 2) + 1;
2573 phdr_ah->ah_reserved = 0;
2574 phdr_ah->ah_spi = assoc->ipsa_spi;
2575
2576 phdr_ah->ah_replay =
2577 htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1));
2578 if (phdr_ah->ah_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2579 /*
2580 * XXX We have replay counter wrapping. We probably
2581 * want to nuke this SA (and its peer).
2582 */
2583 ipsec_assocfailure(info.mi_idnum, 0, 0,
2584 SL_ERROR | SL_CONSOLE | SL_WARN,
2585 "Outbound AH SA (0x%x), dst %s has wrapped "
2586 "sequence.\n", phdr_ah->ah_spi,
2587 assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
2588 ahstack->ipsecah_netstack);
2589
2590 sadb_replay_delete(assoc);
2591 /* Caller will free phdr_mp and return NULL. */
2592 return (B_FALSE);
2593 }
2594
2595 if (ah_data_sz != ah_align_sz) {
2596 uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2597 ah_data_sz);
|
2557 * before ICV calculation if ICV is not a multiple
2558 * of 64 bits. This padding is arbitrary and transmitted
2559 * with the packet at the end of the authentication data.
2560 * Payload length should include the padding bytes.
2561 *
2562 * 2) Explicit padding of the whole datagram may be
2563 * required by the algorithm which need not be
2564 * transmitted. It is assumed that this will be taken
2565 * care by the algorithm module.
2566 */
2567 bzero(phdr_ah + 1, ah_data_sz); /* Zero out ICV for pseudo-hdr. */
2568
2569 if (inbound_ah == NULL) {
2570 /* Outbound AH datagram. */
2571
2572 phdr_ah->ah_length = (ah_align_sz >> 2) + 1;
2573 phdr_ah->ah_reserved = 0;
2574 phdr_ah->ah_spi = assoc->ipsa_spi;
2575
2576 phdr_ah->ah_replay =
2577 htonl(atomic_inc_32_nv(&assoc->ipsa_replay));
2578 if (phdr_ah->ah_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2579 /*
2580 * XXX We have replay counter wrapping. We probably
2581 * want to nuke this SA (and its peer).
2582 */
2583 ipsec_assocfailure(info.mi_idnum, 0, 0,
2584 SL_ERROR | SL_CONSOLE | SL_WARN,
2585 "Outbound AH SA (0x%x), dst %s has wrapped "
2586 "sequence.\n", phdr_ah->ah_spi,
2587 assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
2588 ahstack->ipsecah_netstack);
2589
2590 sadb_replay_delete(assoc);
2591 /* Caller will free phdr_mp and return NULL. */
2592 return (B_FALSE);
2593 }
2594
2595 if (ah_data_sz != ah_align_sz) {
2596 uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2597 ah_data_sz);
|