Page MenuHomeFreeBSD
Differential D10375

Add large replay widow support to setkey(8) and improve setkey's debugging
ClosedPublic
Actions

Authored by ae on Apr 12 2017, 7:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 5, 8:34 PM
Unknown Object (File)
Sun, Nov 23, 5:13 PM
Unknown Object (File)
Thu, Nov 20, 7:05 PM
Unknown Object (File)
Nov 3 2025, 1:16 PM
Unknown Object (File)
Nov 3 2025, 1:16 PM
Unknown Object (File)
Nov 3 2025, 1:16 PM
Unknown Object (File)
Nov 3 2025, 1:14 PM
Unknown Object (File)
Oct 28 2025, 8:54 AM
View All Files
Subscribers
imp

Details

Reviewers
emeric.poupon_stormshield.eu
gnn
Group Reviewers
network
Commits
rS316759: Add large replay widow support to setkey(8) and libipsec.
Summary

rS309144 added support for large replay window, but setkey(8) and libipsec lacks this support.
This patch adds support of new sadb_x_sa_replay extension header to libipsec and setkey(8).
setkey(8) can set replay window for SA using '-r' option. When the replay window size is large than 255 bytes, we should add SADB_X_EXT_SA_REPLAY extension header.

Also extend setkey's debugging support. setkey -x can be used like tcpdump for PF_KEY's traffic. Add support for several new extension headers and NAT-T headers. In kdebug_sadb_address() use inet_ntop() for IP address formatting instead of using less readable hexdump.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
lib/
libipsec/
43 lines
sbin/
setkey/
3 lines
30 lines
sys/
netipsec/
103 lines

Diff 27406

View Options

head/lib/libipsec/pfkey.c

Loading...
View Options

head/sbin/setkey/Makefile

Loading...
View Options

head/sbin/setkey/parse.y

Loading...
View Options

head/sys/netipsec/key_debug.c

Loading...