• Paul Moore's avatar
    [XFRM]: RFC4303 compliant auditing · afeb14b4
    Paul Moore authored
    This patch adds a number of new IPsec audit events to meet the auditing
    requirements of RFC4303.  This includes audit hooks for the following events:
    
     * Could not find a valid SA [sections 2.1, 3.4.2]
       . xfrm_audit_state_notfound()
       . xfrm_audit_state_notfound_simple()
    
     * Sequence number overflow [section 3.3.3]
       . xfrm_audit_state_replay_overflow()
    
     * Replayed packet [section 3.4.3]
       . xfrm_audit_state_replay()
    
     * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
       . xfrm_audit_state_icvfail()
    
    While RFC4304 deals only with ESP most of the changes in this patch apply to
    IPsec in general, i.e. both AH and ESP.  The one case, integrity check
    failure, where ESP specific code had to be modified the same was done to the
    AH code for the sake of consistency.
    Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
    Acked-by: default avatarJames Morris <jmorris@namei.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    afeb14b4
esp4.c 11.7 KB