Date: Fri, 25 Nov 2016 22:39:06 +0100 From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: Fabien Thomas <fabient@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r309144 - in head: lib/libipsec sys/net sys/netipsec Message-ID: <8660nbfddx.fsf@FreeBSD.org> In-Reply-To: <201611251444.uAPEinKb066023@repo.freebsd.org> (Fabien Thomas's message of "Fri, 25 Nov 2016 14:44:49 %2B0000 (UTC)") References: <201611251444.uAPEinKb066023@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Fabien Thomas <fabient@FreeBSD.org> writes: > Author: fabient > Date: Fri Nov 25 14:44:49 2016 > New Revision: 309144 > URL: https://svnweb.freebsd.org/changeset/base/309144 > > Log: > IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. > > Since the previous algorithm, based on bit shifting, does not scale > with large replay windows, the algorithm used here is based on > RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting. > The replay window will be fast to be updated, but will cost as many bits > in RAM as its size. > > The previous implementation did not provide a lock on the replay window, > which may lead to replay issues. This broke the build here: In file included from /usr/src/sys/netipsec/key_debug.c:54: In file included from /usr/src/sys/netipsec/ipsec.h:46: In file included from /usr/src/sys/netipsec/keydb.h:38: /usr/src/sys/sys/mutex.h:367:2: error: LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h> #error LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8660nbfddx.fsf>