Cross Reference: /src/sys/netipsec/ipsec.c

Lines Matching defs:replay
115  * This allows to verify if the other side has proper replay attacks detection.
1572  * Check the variable replay window.
1573  * ipsec_chkreplay() performs replay check before ICV verification.
1574  * ipsec_updatereplay() updates replay bitmap.  This must be called after
1575  * ICV verification (it also performs replay check, which is usually done
1584 	const struct secreplay *replay;
1591 	KASSERT(sav->replay != NULL);
1593 	replay = sav->replay;
1595 	if (replay->wsize == 0)
1596 		return 1;	/* no need to check replay. */
1599 	frlast = replay->wsize - 1;
1600 	wsizeb = replay->wsize << 3;
1607 	if (replay->count == 0)
1610 	if (seq > replay->lastseq) {
1615 		diff = replay->lastseq - seq;
1624 		if ((replay->bitmap)[fr] & (1 << (diff % 8)))
1633  * check replay counter whether to update or not.
1640 	struct secreplay *replay;
1647 	KASSERT(sav->replay != NULL);
1649 	replay = sav->replay;
1651 	if (replay->wsize == 0)
1652 		goto ok;	/* no need to check replay. */
1655 	frlast = replay->wsize - 1;
1656 	wsizeb = replay->wsize << 3;
1663 	if (replay->count == 0) {
1664 		replay->lastseq = seq;
1665 		memset(replay->bitmap, 0, replay->wsize);
1666 		(replay->bitmap)[frlast] = 1;
1670 	if (seq > replay->lastseq) {
1672 		diff = seq - replay->lastseq;
1678 			vshiftl(replay->bitmap, diff, replay->wsize);
1679 			(replay->bitmap)[frlast] |= 1;
1682 			memset(replay->bitmap, 0, replay->wsize);
1683 			(replay->bitmap)[frlast] = 1;
1685 		replay->lastseq = seq;
1690 		diff = replay->lastseq - seq;
1699 		if ((replay->bitmap)[fr] & (1 << (diff % 8)))
1703 		(replay->bitmap)[fr] |= (1 << (diff % 8));
1709 	if (replay->count == ~0) {
1713 		replay->overflow++;
1719 		IPSECLOG(LOG_WARNING, "replay counter made %d cycle. %s\n",
1720 		    replay->overflow, ipsec_logsastr(sav, buf, sizeof(buf)));
1723 	replay->count++;
OpenGrok
