Re: [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag

[PATCH net-next] xfrm: no-anti-replay protection flag · Petr Vaněk <hidden> · 2020-05-25
Re: [PATCH net-next] xfrm: no-anti-replay protection flag · Christophe Gouault <hidden> · 2020-05-27
Re: [PATCH net-next] xfrm: no-anti-replay protection flag · Petr Vaněk <hidden> · 2020-05-30
[PATCH net-next v2] xfrm: introduce oseq-may-wrap flag · Petr Vaněk <hidden> · 2020-05-30
Re: [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag · Christophe Gouault <hidden> · 2020-06-02
Re: [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag · Steffen Klassert <steffen.klassert@secunet.com> · 2020-06-26
[PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag · Petr Vaněk <hidden> · 2020-07-31
Re: [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag · David Ahern <hidden> · 2020-08-03

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: 2020-06-26 05:25:01
Also in: lkml

On Sat, May 30, 2020 at 02:39:12PM +0200, Petr Vaněk wrote:

RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
distributed ICVs in which case the sender does not need to monitor or
reset the counter. However, the sender still increments the counter and
when it reaches the maximum value, the counter rolls over back to zero.

This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which
allows sequence number to cycle in outbound packets if set. This flag is
used only in legacy and bmp code, because esn should not be negotiated
if anti-replay is disabled (see note in 3.3.3 section).

Signed-off-by: Petr Vaněk <redacted>

Now applied to ipsec-next, thanks a lot!

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help