xfrm: Add support for IPsec extended sequence numbers

This patch adds support for IPsec extended sequence numbers (esn) as defined in RFC 4303. The bits to manage the anti-replay window are based on a patch from Alex Badea. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Steffen Klassert <steffen.klassert@secunet.com> 2011-03-07 19:09:51 -0500
committer: David S. Miller <davem@davemloft.net> 2011-03-13 23:22:31 -0400
commit: 2cd084678fc1eb75aec4f7ae3d339d232c00ec61 (patch)
tree: ac6413e56d1189f57bb0f84920dfa3257a11d3d2 /net/xfrm/xfrm_input.c
parent: 97e15c3a8504ea39a209778d7dcdbdf440404a91 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 55d5f5c3d119..872065ca7f8c 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -107,6 +107,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
        struct net *net = dev_net(skb->dev);
        int err;
        __be32 seq;
+        __be32 seq_hi;
        struct xfrm_state *x;
        xfrm_address_t *daddr;
        struct xfrm_mode *inner_mode;
@@ -184,7 +185,10 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                spin_unlock(&x->lock);
+                seq_hi = htonl(xfrm_replay_seqhi(x, seq));
                XFRM_SKB_CB(skb)->seq.input.low = seq;
+                XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
                nexthdr = x->type->input(x, skb);
author	Steffen Klassert <steffen.klassert@secunet.com>	2011-03-07 19:09:51 -0500
committer	David S. Miller <davem@davemloft.net>	2011-03-13 23:22:31 -0400
commit	2cd084678fc1eb75aec4f7ae3d339d232c00ec61 (patch)
tree	ac6413e56d1189f57bb0f84920dfa3257a11d3d2 /net/xfrm/xfrm_input.c
parent	97e15c3a8504ea39a209778d7dcdbdf440404a91 (diff)