CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2012/06/29 08:48:04
Modified files:
sys/crypto : cryptodev.h cryptosoft.c
sys/net : if_pfsync.h pfkeyv2.h pfkeyv2_convert.c
pfkeyv2_parsemessage.c
sys/netinet : ip_ah.c ip_esp.c ip_ipsp.h
Log message:
Add support for the Extended (64-bit) Sequence Number as defined
in RFC4302 and RFC4303. Right now only software crypto engine is
capable of doing it.
Replay check was rewritten to implement algorithm described in the
Appendix A of RFC4303 and the window size was increased to 64.
Tested against OpenBSD, Linux (strongswan) and Windows.
No objection from the usual suspects.
