summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-03-08 00:09:09 +0000
committerDavid S. Miller <davem@davemloft.net>2011-03-13 20:22:30 -0700
commit97e15c3a8504ea39a209778d7dcdbdf440404a91 (patch)
tree1fb53589ef65caaadbf63a7cd9417f06f4f80a12 /include/net
parent9fdc4883d92d20842c5acea77a4a21bb1574b495 (diff)
downloadlinux-97e15c3a8504ea39a209778d7dcdbdf440404a91.tar.gz
linux-97e15c3a8504ea39a209778d7dcdbdf440404a91.tar.bz2
linux-97e15c3a8504ea39a209778d7dcdbdf440404a91.zip
xfrm: Support anti-replay window size bigger than 32 packets
As it is, the anti-replay bitmap in struct xfrm_replay_state can only accomodate 32 packets. Even though it is possible to configure anti-replay window sizes up to 255 packets from userspace. So we reject any packet with a sequence number within the configured window but outside the bitmap. With this patch, we represent the anti-replay window as a bitmap of variable length that can be accessed via the new struct xfrm_replay_state_esn. Thus, we have no limit on the window size anymore. To use the new anti-replay window implementantion, new userspace tools are required. We leave the old implementation untouched to stay in sync with old userspace tools. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
0 files changed, 0 insertions, 0 deletions