freebsd-nq/sys/netipsec
Marcin Wojtas 8b7f39947c Implement anti-replay algorithm with ESN support
As RFC 4304 describes there is anti-replay algorithm responsibility
to provide appropriate value of Extended Sequence Number.

This patch introduces anti-replay algorithm with ESN support based on
RFC 4304, however to avoid performance regressions window implementation
was based on RFC 6479, which was already implemented in FreeBSD.

To keep things clean and improve code readability, implementation of window
is kept in seperate functions.

Submitted by:           Grzegorz Jaszczyk <jaz@semihalf.com>
                        Patryk Duda <pdk@semihalf.com>
Reviewed by:            jhb
Differential revision:  https://reviews.freebsd.org/D22367
Obtained from:          Semihalf
Sponsored by:           Stormshield
2020-10-16 11:24:12 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec_input.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec_output.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h
ipsec.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
key.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
keysock.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
keysock.h
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform_ah.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
xform_esp.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00