Page MenuHomeFreeBSD

Add large replay widow support to setkey(8) and improve setkey's debugging
ClosedPublic

Authored by ae on Apr 12 2017, 7:43 PM.
Tags
None
Referenced Files
F162606255: D10375.diff
Tue, Jul 14, 11:44 PM
Unknown Object (File)
Fri, Jul 3, 7:39 PM
Unknown Object (File)
Wed, Jul 1, 6:13 AM
Unknown Object (File)
Mon, Jun 29, 8:04 AM
Unknown Object (File)
May 19 2026, 4:59 AM
Unknown Object (File)
May 18 2026, 5:40 AM
Unknown Object (File)
May 18 2026, 4:03 AM
Unknown Object (File)
May 17 2026, 4:55 PM
Subscribers

Details

Summary

rS309144 added support for large replay window, but setkey(8) and libipsec lacks this support.
This patch adds support of new sadb_x_sa_replay extension header to libipsec and setkey(8).
setkey(8) can set replay window for SA using '-r' option. When the replay window size is large than 255 bytes, we should add SADB_X_EXT_SA_REPLAY extension header.

Also extend setkey's debugging support. setkey -x can be used like tcpdump for PF_KEY's traffic. Add support for several new extension headers and NAT-T headers. In kdebug_sadb_address() use inet_ntop() for IP address formatting instead of using less readable hexdump.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable