svn commit: r309144 - in head: lib/libipsec sys/net sys/netipsec
Raphael Kubo da Costa
rakuco at FreeBSD.org
Fri Nov 25 21:39:39 UTC 2016
Fabien Thomas <fabient at FreeBSD.org> writes:
> Author: fabient
> Date: Fri Nov 25 14:44:49 2016
> New Revision: 309144
> URL: https://svnweb.freebsd.org/changeset/base/309144
>
> Log:
> IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets.
>
> Since the previous algorithm, based on bit shifting, does not scale
> with large replay windows, the algorithm used here is based on
> RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting.
> The replay window will be fast to be updated, but will cost as many bits
> in RAM as its size.
>
> The previous implementation did not provide a lock on the replay window,
> which may lead to replay issues.
This broke the build here:
In file included from /usr/src/sys/netipsec/key_debug.c:54:
In file included from /usr/src/sys/netipsec/ipsec.h:46:
In file included from /usr/src/sys/netipsec/keydb.h:38:
/usr/src/sys/sys/mutex.h:367:2: error: LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h>
#error LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h>
More information about the svn-src-head
mailing list