Trigger soft lifetime expiration on sequence number
ClosedPublic
Actions

Authored by pdk_semihalf.com on Nov 14 2019, 12:32 PM.

Details

Reviewers

mw
wma
jmg
delphij
ae

Group Reviewers

security
secteam

Commits

rS366759: Trigger soft lifetime expiration on sequence number

Summary

This patch adds 80% of UINT32_MAX limit on sequence number.
When sequence number reaches limit kernel sends SADB_EXPIRE message to
IKE daemon which is responsible to perform rekeying.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

pdk_semihalf.com created this revision.Nov 14 2019, 12:32 PM

Herald added subscribers: ae, imp. · View Herald TranscriptNov 14 2019, 12:32 PM

pdk_semihalf.com added a reviewer: jmg.Nov 14 2019, 12:36 PM

delphij accepted this revision.Nov 21 2019, 11:32 PM

This revision is now accepted and ready to land.Nov 21 2019, 11:32 PM

Since replay field is optional, I think you need add the check that it is not NULL.

pdk_semihalf.com updated this revision to Diff 64717.Nov 22 2019, 8:28 AM

This revision now requires review to proceed.Nov 22 2019, 8:28 AM

Added checking if pointer to reply structure is not NULL

ae accepted this revision.Nov 22 2019, 1:42 PM

This revision is now accepted and ready to land.Nov 22 2019, 1:42 PM

Closed by commit rS366759: Trigger soft lifetime expiration on sequence number (authored by mw). · Explain WhyOct 16 2020, 11:27 AM

This revision was automatically updated to reflect the committed changes.

mw added a commit: rS366759: Trigger soft lifetime expiration on sequence number.

Herald added a subscriber: melifaro. · View Herald TranscriptOct 16 2020, 11:27 AM

Revision Contents
Changeset List

Path

Size

head/

sys/

netipsec/

key.c

7 lines

Diff 78308

View Options

Trigger soft lifetime expiration on sequence numberClosedPublicActions