2 files changed, 4 insertions, 1 deletions

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index d76803a3dcae..ec8de0aa20ec 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -179,8 +179,10 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                 err = ah_mac_digest(ahp, skb, ah->auth_data);
                 if (err)
                         goto unlock;
-                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len))
+                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
+                        xfrm_audit_state_icvfail(x, skb, IPPROTO_AH);
                         err = -EBADMSG;
+                }
         }
 unlock:
         spin_unlock(&x->lock);
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 28ea5c77ca23..b334c7619c08 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -191,6 +191,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
                         BUG();
 
                 if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
+                        xfrm_audit_state_icvfail(x, skb, IPPROTO_ESP);
                         err = -EBADMSG;
                         goto unlock;
                 }