Add large replay widow support to setkey(8) and improve setkey's debugging

Authored by ae on Apr 12 2017, 7:43 PM.



rS309144 added support for large replay window, but setkey(8) and libipsec lacks this support.
This patch adds support of new sadb_x_sa_replay extension header to libipsec and setkey(8).
setkey(8) can set replay window for SA using '-r' option. When the replay window size is large than 255 bytes, we should add SADB_X_EXT_SA_REPLAY extension header.

Also extend setkey's debugging support. setkey -x can be used like tcpdump for PF_KEY's traffic. Add support for several new extension headers and NAT-T headers. In kdebug_sadb_address() use inet_ntop() for IP address formatting instead of using less readable hexdump.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.
ae created this revision.Apr 12 2017, 7:43 PM

Thanks for completing the job!

This revision is now accepted and ready to land.Apr 13 2017, 7:42 AM
gnn accepted this revision.Apr 13 2017, 1:57 PM
This revision was automatically updated to reflect the committed changes.