Page MenuHomeFreeBSD

Implement anti-replay algorithm with ESN support
ClosedPublic

Authored by jaz_semihalf.com on Nov 14 2019, 12:27 PM.
Tags
None
Referenced Files
F80142944: D22367.diff
Thu, Mar 28, 12:44 PM
Unknown Object (File)
Feb 2 2024, 2:26 AM
Unknown Object (File)
Jan 28 2024, 10:42 AM
Unknown Object (File)
Dec 31 2023, 2:32 AM
Unknown Object (File)
Dec 31 2023, 2:32 AM
Unknown Object (File)
Dec 31 2023, 2:32 AM
Unknown Object (File)
Dec 31 2023, 1:11 AM
Unknown Object (File)
Dec 23 2023, 2:04 AM

Details

Summary

As RFC 4304 describes there is anti-replay algorithm responsibility
to provide appropriate value of Extended Sequence Number.

This patch introduces anti-replay algorithm with ESN support based on
RFC 4304, however to avoid performance regressions window implementation
was based on RFC 6479, which was already implemented in FreeBSD.

To keep things clean and improve code readability, implementation of window
is kept in separate functions.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

@secteam Do you have any objections to this patch?

I don't think secteam is the right reviewer for this change. Has this been reviewed by folks on the freebsd-net mailing list?

I don't think secteam is the right reviewer for this change. Has this been reviewed by folks on the freebsd-net mailing list?

Secteam was added automatically. As far as I know their approval is neseccary to push commit into tree.
At this time no one reviewed it. I must admit that I don't really know who should review IPSec related patches. If you know someone who can review this patch feel free to add.

Rebase + improvements in sys/netipsec/key_debug.c which came out after enabling IPSEC_DEBUG

I'm not intimately familiar with IPsec replay detection, but this look to me from a cursory review.

sys/netipsec/ipsec.c
1184
1337

Address @jhb review: improve some comments and squash D22368 changes into this one.

This revision is now accepted and ready to land.Oct 5 2020, 5:39 PM
This revision was automatically updated to reflect the committed changes.