From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 8 Mar 2011 00:09:09 +0000 (+0000)
Subject: xfrm: Support anti-replay window size bigger than 32 packets
X-Git-Tag: v2.6.39-rc1~468^2~53
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97e15c3a8504ea39a209778d7dcdbdf440404a91;p=pandora-kernel.git

xfrm: Support anti-replay window size bigger than 32 packets

As it is, the anti-replay bitmap in struct xfrm_replay_state can
only accomodate 32 packets. Even though it is possible to configure
anti-replay window sizes up to 255 packets from userspace. So we
reject any packet with a sequence number within the configured window
but outside the bitmap. With this patch, we represent the anti-replay
window as a bitmap of variable length that can be accessed via the
new struct xfrm_replay_state_esn. Thus, we have no limit on the
window size anymore. To use the new anti-replay window implementantion,
new userspace tools are required. We leave the old implementation
untouched to stay in sync with old userspace tools.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed