err.no Git - linux-2.6/commit

author	Paul Moore <paul.moore@hp.com>
	Fri, 21 Dec 2007 22:58:11 +0000 (14:58 -0800)
committer	David S. Miller <davem@davemloft.net>
	Mon, 28 Jan 2008 23:00:01 +0000 (15:00 -0800)
commit	afeb14b49098ba7a51c96e083a4105a0301f94c4
tree	2675451596adbea8aa261704c356d074136abbbd	tree \| snapshot
parent	dfd4f0ae2e111e2b93c295938c0e64ebbb69ae6e	commit \| diff

[XFRM]: RFC4303 compliant auditing

This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303.  This includes audit hooks for the following events:

* Could not find a valid SA [sections 2.1, 3.4.2]
   . xfrm_audit_state_notfound()
   . xfrm_audit_state_notfound_simple()

* Sequence number overflow [section 3.3.3]
   . xfrm_audit_state_replay_overflow()

* Replayed packet [section 3.4.3]
   . xfrm_audit_state_replay()

* Integrity check failure [sections 3.4.4.1, 3.4.4.2]
   . xfrm_audit_state_icvfail()

While RFC4304 deals only with ESP most of the changes in this patch apply to
IPsec in general, i.e. both AH and ESP.  The one case, integrity check
failure, where ESP specific code had to be modified the same was done to the
AH code for the sake of consistency.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/xfrm.h		diff \| blob \| history
net/ipv4/ah4.c		diff \| blob \| history
net/ipv4/esp4.c		diff \| blob \| history
net/ipv6/ah6.c		diff \| blob \| history
net/ipv6/esp6.c		diff \| blob \| history
net/ipv6/xfrm6_input.c		diff \| blob \| history
net/xfrm/xfrm_input.c		diff \| blob \| history
net/xfrm/xfrm_output.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history
net/xfrm/xfrm_state.c		diff \| blob \| history