cvs commit: src/sys/netipsec ipsec.c ipsec.h xform_ah.c xform_esp.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sun Apr 9 19:11:46 UTC 2006
pjd 2006-04-09 19:11:45 UTC
FreeBSD src repository
Modified files:
sys/netipsec ipsec.c ipsec.h xform_ah.c xform_esp.c
Log:
Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
Revision Changes Path
1.15 +15 -0 src/sys/netipsec/ipsec.c
1.10 +2 -0 src/sys/netipsec/ipsec.h
1.11 +15 -1 src/sys/netipsec/xform_ah.c
1.16 +22 -1 src/sys/netipsec/xform_esp.c
More information about the cvs-src
mailing list