Searched hist:dfa9422b4a41712ab6f90f88d82bc90942e1243d (Results 1 – 4 of 4) sorted by relevance
| /freebsd/sys/netipsec/ |
| H A D | ipsec.h | diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
|
| H A D | xform_ah.c | diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
|
| H A D | xform_esp.c | diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
|
| H A D | ipsec.c | diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
diff dfa9422b4a41712ab6f90f88d82bc90942e1243d Sun Apr 09 21:11:45 CEST 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> Introduce two new sysctls:
net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
the same sequence number. This allows to verify if the other side
has proper replay attacks detection.
net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
corrupted HMAC. This allows to verify if the other side properly
detects modified packets.
I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).
|