diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-02-14 16:22:35 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-02-14 16:22:35 +0000 |
| commit | a4557d0709b46621e97e43658bbce9773257274a (patch) | |
| tree | a392eec8e52103c311993f998ad952c9726700f4 /sys/netinet/ip_ipsp.h | |
| parent | 1491d4f7e17ce15628fb1e48e09db5b15f98a2c0 (diff) | |
Merge of an original work by markus@ and gerhard@ to increase
the anti-replay window size to 2100 entries; plus small ESN
related improvements. ok markus
Diffstat (limited to 'sys/netinet/ip_ipsp.h')
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 2e6afe7e398..b7573d3d109 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.152 2012/10/18 10:49:48 markus Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.153 2013/02/14 16:22:34 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -355,8 +355,11 @@ struct tdb { /* tunnel descriptor block */ u_int8_t *tdb_amxkey; /* Raw authentication key */ u_int8_t *tdb_emxkey; /* Raw encryption key */ +#define TDB_REPLAYWASTE 32 +#define TDB_REPLAYMAX (2100+TDB_REPLAYWASTE) + u_int64_t tdb_rpl; /* Replay counter */ - u_int64_t tdb_bitmap; /* Used for replay sliding window */ + u_int32_t tdb_seen[howmany(TDB_REPLAYMAX, 32)]; /* Anti-replay window */ u_int8_t tdb_iv[4]; /* Used for HALF-IV ESP */ |