This is a USAGI patch to fix IPv6 auth header length calculation.
(I'm not USAGI member.  I'm working on IPv6 IPsec based on 2.5 code
base).

RFC2402 2.2 Payload Length
:
   This 8-bit field specifies the length of AH in 32-bit words (4-byte
   units), minus "2".  (All IPv6 extension headers, as per RFC 1883,
   encode the "Hdr Ext Len" field by first subtracting 1 (64-bit word)
   from the header length (measured in 64-bit words).  AH is an IPv6
   extension header.  However, since its length is measured in 32-bit
   words, the "Payload Length" is calculated by subtracting 2 (32 bit
   words).)  In the "standard" case of a 96-bit authentication value

Would you mind to apply this to avoid wrong header length calculation?