diff options
| author | Marcin Wojtas <mw@FreeBSD.org> | 2020-10-16 11:24:12 +0000 |
|---|---|---|
| committer | Marcin Wojtas <mw@FreeBSD.org> | 2020-10-16 11:24:12 +0000 |
| commit | 8b7f39947c4437c48365e9aa38696225bb854112 (patch) | |
| tree | 4dba8e18a65a1bd2a410ff795662c41510b1c04a /sys/netipsec/ipsec.h | |
| parent | 1c34dcb5325a19a983812abf137de47fc051ece8 (diff) | |
| download | src-8b7f39947c4437c48365e9aa38696225bb854112.tar.gz src-8b7f39947c4437c48365e9aa38696225bb854112.zip | |
Implement anti-replay algorithm with ESN support
As RFC 4304 describes there is anti-replay algorithm responsibility
to provide appropriate value of Extended Sequence Number.
This patch introduces anti-replay algorithm with ESN support based on
RFC 4304, however to avoid performance regressions window implementation
was based on RFC 6479, which was already implemented in FreeBSD.
To keep things clean and improve code readability, implementation of window
is kept in seperate functions.
Submitted by: Grzegorz Jaszczyk <jaz@semihalf.com>
Patryk Duda <pdk@semihalf.com>
Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D22367
Obtained from: Semihalf
Sponsored by: Stormshield
Notes
Notes:
svn path=/head/; revision=366757
Diffstat (limited to 'sys/netipsec/ipsec.h')
| -rw-r--r-- | sys/netipsec/ipsec.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index e7a359159aa0..c7a44d60f082 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -325,7 +325,7 @@ int udp_ipsec_output(struct mbuf *, struct secasvar *); int udp_ipsec_input(struct mbuf *, int, int); int udp_ipsec_pcbctl(struct inpcb *, struct sockopt *); -int ipsec_chkreplay(uint32_t, struct secasvar *); +int ipsec_chkreplay(uint32_t, uint32_t *, struct secasvar *); int ipsec_updatereplay(uint32_t, struct secasvar *); int ipsec_updateid(struct secasvar *, crypto_session_t *, crypto_session_t *); int ipsec_initialized(void); |