From: Fan Du <fan.du@windriver.com>
To: <steffen.klassert@secunet.com>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>
Subject: [PATCH net-next 0/3] {IPv4,xfrm} Add ESN support for AH
Date: Wed, 8 Jan 2014 16:53:09 +0800 [thread overview]
Message-ID: <1389171192-28091-1-git-send-email-fan.du@windriver.com> (raw)
Hi,
This is initial Extended Sequence Number support for AH based on IPv4.
The rationale is totally by the RFC 4302, which states:
3.3.3.2.2. Implicit Packet Padding and ESN
If the ESN option is elected for an SA, then the high-order 32 bits
of the ESN must be included in the ICV computation. For purposes of
ICV computation, these bits are appended (implicitly) immediately
after the end of the payload, and before any implicit packet padding.
So we attach the high-order 32bits as a scatterlist right after the packet
payload to compute ICV value.
Test:
I add a knob in iproute2/ip/xfrm_state.c to enable esn when setting SA,
which make it possible to test with-esn and without-esn scenarios, both
cases works ok with ping using packetsize(-s) from default to 32768.
Fan Du (3):
{IPv4,xfrm} Add Extended Sequence Number support for AH egress part
{IPv4,xfrm} Add Extended Sequence Number support for AH ingress part
xfrm: Don't prohibit AH from using ESN feature
net/ipv4/ah4.c | 49 ++++++++++++++++++++++++++++++++++++++++++-------
net/xfrm/xfrm_user.c | 4 ----
2 files changed, 42 insertions(+), 11 deletions(-)
--
1.7.9.5
next reply other threads:[~2014-01-08 8:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-08 8:53 Fan Du [this message]
2014-01-08 8:53 ` [PATCH net-next 1/3] {IPv4,xfrm} Add Extended Sequence Number (ESN) support for AH egress part Fan Du
2014-01-08 8:53 ` [PATCH net-next 2/3] {IPv4,xfrm} Add Extended Sequence Number (ESN) support for AH ingress part Fan Du
2014-01-08 8:53 ` [PATCH net-next 3/3] xfrm: Don't prohibit AH from using ESN feature Fan Du
2014-01-09 10:50 ` Steffen Klassert
2014-01-09 11:09 ` Fan Du
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1389171192-28091-1-git-send-email-fan.du@windriver.com \
--to=fan.du@windriver.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).