CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Marcin Wojtas <mw@FreeBSD.org>
	Fri, 16 Oct 2020 11:24:12 +0000 (11:24 +0000)
committer	Marcin Wojtas <mw@FreeBSD.org>
	Fri, 16 Oct 2020 11:24:12 +0000 (11:24 +0000)
commit	8b7f39947c4437c48365e9aa38696225bb854112
tree	4dba8e18a65a1bd2a410ff795662c41510b1c04a	tree \| snapshot
parent	1c34dcb5325a19a983812abf137de47fc051ece8	commit \| diff

Implement anti-replay algorithm with ESN support

As RFC 4304 describes there is anti-replay algorithm responsibility
to provide appropriate value of Extended Sequence Number.

This patch introduces anti-replay algorithm with ESN support based on
RFC 4304, however to avoid performance regressions window implementation
was based on RFC 6479, which was already implemented in FreeBSD.

To keep things clean and improve code readability, implementation of window
is kept in seperate functions.

Submitted by:           Grzegorz Jaszczyk <jaz@semihalf.com>
                        Patryk Duda <pdk@semihalf.com>
Reviewed by:            jhb
Differential revision:  https://reviews.freebsd.org/D22367
Obtained from:          Semihalf
Sponsored by:           Stormshield

sys/netipsec/ipsec.c		diff \| blob \| history
sys/netipsec/ipsec.h		diff \| blob \| history
sys/netipsec/key_debug.c		diff \| blob \| history
sys/netipsec/keydb.h		diff \| blob \| history
sys/netipsec/xform_ah.c		diff \| blob \| history
sys/netipsec/xform_esp.c		diff \| blob \| history