[XFRM]: RFC4303 compliant auditing
This patch adds a number of new IPsec audit events to meet the auditing requirements of RFC4303. This includes audit hooks for the following events: * Could not find a valid SA [sections 2.1, 3.4.2] . xfrm_audit_state_notfound() . xfrm_audit_state_notfound_simple() * Sequence number overflow [section 3.3.3] . xfrm_audit_state_replay_overflow() * Replayed packet [section 3.4.3] . xfrm_audit_state_replay() * Integrity check failure [sections 3.4.4.1, 3.4.4.2] . xfrm_audit_state_icvfail() While RFC4304 deals only with ESP most of the changes in this patch apply to IPsec in general, i.e. both AH and ESP. The one case, integrity check failure, where ESP specific code had to be modified the same was done to the AH code for the sake of consistency. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Paul Moore
committed by
David S. Miller
David S. Miller
parent
dfd4f0ae2e
commit
afeb14b490
@ -186,6 +186,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
|
||||
BUG();
|
||||
|
||||
if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
|
||||
xfrm_audit_state_icvfail(x, skb, IPPROTO_ESP);
|
||||
ret = -EBADMSG;
|
||||
goto unlock;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user