d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1a2079d936
freebsd-dev/sys/netipsec
History
Fabien Thomas bf4356266d IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 
Since the previous algorithm, based on bit shifting, does not scale
with large replay windows, the algorithm used here is based on
RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting.
The replay window will be fast to be updated, but will cost as many bits
in RAM as its size.

The previous implementation did not provide a lock on the replay window,
which may lead to replay issues.

Reviewed by:	ae
Obtained from:	emeric.poupon@stormshield.eu
Sponsored by:	Stormshield
Differential Revision:	https://reviews.freebsd.org/D8468
2016-11-25 14:44:49 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h Summary: Remove spurious, extra, next header comments. 2015-05-15 18:04:49 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h Constify mbuf pointer for IPSEC functions where mbuf isn't modified. 2016-04-21 10:58:07 +00:00
ipsec_input.c Remove redundant sanity checks from ipsec[46]_common_input_cb(). 2016-08-31 11:51:52 +00:00
ipsec_mbuf.c sys/net* : for pointers replace 0 with NULL. 2016-04-15 17:30:33 +00:00
ipsec_output.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ipsec.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
ipsec.h Remove stale function declaration 2016-04-21 11:02:06 +00:00
key_debug.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
key_debug.h Constify mbuf pointer for IPSEC functions where mbuf isn't modified. 2016-04-21 10:58:07 +00:00
key_var.h
key.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
key.h Handle non-compressed packets for IPComp in tunnel mode. 2016-04-24 09:02:17 +00:00
keydb.h IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
keysock.c Remove the 4.3BSD compatible macro m_copy(), use m_copym() instead. 2016-09-15 07:41:48 +00:00
keysock.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
xform_ah.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
xform_esp.c IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. 2016-11-25 14:44:49 +00:00
xform_ipcomp.c Fix build for NOINET and NOINET6 kernels. 2016-04-24 17:09:51 +00:00
xform_tcp.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
xform.h RFC4868 section 2.3 requires that the output be half... This fixes 2015-07-29 07:15:16 +00:00