Diffusion FreeBSD src repository - subversion rS366757

Implement anti-replay algorithm with ESN support
rS366757
Actions

Description

Implement anti-replay algorithm with ESN support

As RFC 4304 describes there is anti-replay algorithm responsibility
to provide appropriate value of Extended Sequence Number.

This patch introduces anti-replay algorithm with ESN support based on
RFC 4304, however to avoid performance regressions window implementation
was based on RFC 6479, which was already implemented in FreeBSD.

To keep things clean and improve code readability, implementation of window
is kept in seperate functions.

Submitted by: Grzegorz Jaszczyk <jaz@semihalf.com>

Patryk Duda <pdk@semihalf.com>

Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D22367
Obtained from: Semihalf
Sponsored by: Stormshield

Details

Provenance

mw	Authored on

Reviewer

jhb

Differential Revision

D22367: Implement anti-replay algorithm with ESN support

Parents

rS366756: Set default stack size for Linux apps to 8MB. This matches Linux'

Branches

Unknown

Tags

Unknown

Event Timeline

mw committed rS366757: Implement anti-replay algorithm with ESN support.Oct 16 2020, 11:24 AM

mw added an edge: D22367: Implement anti-replay algorithm with ESN support.

Changes (6)

Path

Size

head/

sys/

netipsec/

rS366757

View Options

head/sys/netipsec/ipsec.c

View Options

head/sys/netipsec/ipsec.h

View Options

head/sys/netipsec/key_debug.c

View Options

head/sys/netipsec/keydb.h

View Options

head/sys/netipsec/xform_ah.c

View Options

head/sys/netipsec/xform_esp.c

Implement anti-replay algorithm with ESN supportrS366757Actions

Description

Details

Event Timeline

Changes (6)

rS366757

head/sys/netipsec/ipsec.c

head/sys/netipsec/ipsec.h

head/sys/netipsec/key_debug.c

head/sys/netipsec/keydb.h

head/sys/netipsec/xform_ah.c

head/sys/netipsec/xform_esp.c

Implement anti-replay algorithm with ESN support
rS366757
Actions