Page MenuHomeFreeBSD
Differential D8468 Diff 22509 head/sys/netipsec/xform_ah.c

Changeset View

Standalone View

View Options

head/sys/netipsec/xform_ah.c

Show First 20 LinesShow All 955 Lines▼ Show 20 Lines#endif /* INET6 */
ah->ah_reserve = 0; ah->ah_reserve = 0;
ah->ah_spi = sav->spi; ah->ah_spi = sav->spi;
/* Zeroize authenticator. */ /* Zeroize authenticator. */
m_copyback(m, skip + rplen, authsize, ipseczeroes); m_copyback(m, skip + rplen, authsize, ipseczeroes);
/* Insert packet replay counter, as requested. */ /* Insert packet replay counter, as requested. */
if (sav->replay) { if (sav->replay) {
SECASVAR_LOCK(sav);
if (sav->replay->count == ~0 && if (sav->replay->count == ~0 &&
(sav->flags & SADB_X_EXT_CYCSEQ) == 0) { (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
SECASVAR_UNLOCK(sav);
DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n", DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
__func__, ipsec_address(&sav->sah->saidx.dst, buf, __func__, ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi))); sizeof(buf)), (u_long) ntohl(sav->spi)));
AHSTAT_INC(ahs_wrap); AHSTAT_INC(ahs_wrap);
error = EINVAL; error = EINVAL;
goto bad; goto bad;
} }
#ifdef REGRESSION #ifdef REGRESSION
/* Emulate replay attack when ipsec_replay is TRUE. */ /* Emulate replay attack when ipsec_replay is TRUE. */
if (!V_ipsec_replay) if (!V_ipsec_replay)
#endif #endif
sav->replay->count++; sav->replay->count++;
ah->ah_seq = htonl(sav->replay->count); ah->ah_seq = htonl(sav->replay->count);
SECASVAR_UNLOCK(sav);
} }
/* Get crypto descriptors. */ /* Get crypto descriptors. */
crp = crypto_getreq(1); crp = crypto_getreq(1);
if (crp == NULL) { if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n", DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__)); __func__));
AHSTAT_INC(ahs_crypto); AHSTAT_INC(ahs_crypto);
▲ Show 20 LinesShow All 213 LinesShow Last 20 Lines