netfilter: nf_conntrack: fix confirmation race condition
[linux/fpc-iii.git] / include / net / ah.h
blobae1c322f42429100a21eb623691a293b71b20da0
1 #ifndef _NET_AH_H
2 #define _NET_AH_H
4 #include <linux/crypto.h>
5 #include <net/xfrm.h>
7 /* This is the maximum truncated ICV length that we know of. */
8 #define MAX_AH_AUTH_LEN 12
10 struct ah_data
12 u8 *work_icv;
13 int icv_full_len;
14 int icv_trunc_len;
16 struct crypto_hash *tfm;
19 static inline int ah_mac_digest(struct ah_data *ahp, struct sk_buff *skb,
20 u8 *auth_data)
22 struct hash_desc desc;
23 int err;
25 desc.tfm = ahp->tfm;
26 desc.flags = 0;
28 memset(auth_data, 0, ahp->icv_trunc_len);
29 err = crypto_hash_init(&desc);
30 if (unlikely(err))
31 goto out;
32 err = skb_icv_walk(skb, &desc, 0, skb->len, crypto_hash_update);
33 if (unlikely(err))
34 goto out;
35 err = crypto_hash_final(&desc, ahp->work_icv);
37 out:
38 return err;
41 struct ip_auth_hdr;
43 static inline struct ip_auth_hdr *ip_auth_hdr(const struct sk_buff *skb)
45 return (struct ip_auth_hdr *)skb_transport_header(skb);
48 #endif