linux/net/xfrm
Paul Moore afeb14b490 [XFRM]: RFC4303 compliant auditing
This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303.  This includes audit hooks for the following events:

 * Could not find a valid SA [sections 2.1, 3.4.2]
   . xfrm_audit_state_notfound()
   . xfrm_audit_state_notfound_simple()

 * Sequence number overflow [section 3.3.3]
   . xfrm_audit_state_replay_overflow()

 * Replayed packet [section 3.4.3]
   . xfrm_audit_state_replay()

 * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
   . xfrm_audit_state_icvfail()

While RFC4304 deals only with ESP most of the changes in this patch apply to
IPsec in general, i.e. both AH and ESP.  The one case, integrity check
failure, where ESP specific code had to be modified the same was done to the
AH code for the sake of consistency.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 15:00:01 -08:00
..
Kconfig [XFRM]: Add packet processing statistics option. 2008-01-28 14:59:39 -08:00
Makefile [XFRM]: Define packet dropping statistics. 2008-01-28 14:59:38 -08:00
xfrm_algo.c cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
xfrm_hash.c [IPSEC]: kmalloc + memset conversion to kzalloc 2008-01-28 14:55:05 -08:00
xfrm_hash.h [XFRM] STATE: Use destination address for src hash. 2006-10-04 00:31:02 -07:00
xfrm_input.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm_output.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm_policy.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm_proc.c [XFRM]: Define packet dropping statistics. 2008-01-28 14:59:38 -08:00
xfrm_state.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm_user.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00