diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-08 00:09:09 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-03-13 20:22:30 -0700 |
commit | 97e15c3a8504ea39a209778d7dcdbdf440404a91 (patch) | |
tree | 1fb53589ef65caaadbf63a7cd9417f06f4f80a12 /include/net | |
parent | 9fdc4883d92d20842c5acea77a4a21bb1574b495 (diff) | |
download | linux-97e15c3a8504ea39a209778d7dcdbdf440404a91.tar.gz linux-97e15c3a8504ea39a209778d7dcdbdf440404a91.tar.bz2 linux-97e15c3a8504ea39a209778d7dcdbdf440404a91.zip |
xfrm: Support anti-replay window size bigger than 32 packets
As it is, the anti-replay bitmap in struct xfrm_replay_state can
only accomodate 32 packets. Even though it is possible to configure
anti-replay window sizes up to 255 packets from userspace. So we
reject any packet with a sequence number within the configured window
but outside the bitmap. With this patch, we represent the anti-replay
window as a bitmap of variable length that can be accessed via the
new struct xfrm_replay_state_esn. Thus, we have no limit on the
window size anymore. To use the new anti-replay window implementantion,
new userspace tools are required. We leave the old implementation
untouched to stay in sync with old userspace tools.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
0 files changed, 0 insertions, 0 deletions