diff options
author | pjd <pjd@FreeBSD.org> | 2006-04-10 15:04:36 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2006-04-10 15:04:36 +0000 |
commit | 98fc9938afbd40dd139657197f8c385fd792ad71 (patch) | |
tree | 90fcabf580a6c3dc6c206a2d8fb27221ee66d0c9 /sys/netipsec/xform_esp.c | |
parent | 7fd1474b9c2e989b87a761b3e8d1bee795283543 (diff) | |
download | FreeBSD-src-98fc9938afbd40dd139657197f8c385fd792ad71.zip FreeBSD-src-98fc9938afbd40dd139657197f8c385fd792ad71.tar.gz |
Hide net.inet.ipsec.test_{replay,integrity} sysctls under #ifdef REGRESSION.
Requested by: sam, rwatson
Diffstat (limited to 'sys/netipsec/xform_esp.c')
-rw-r--r-- | sys/netipsec/xform_esp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index a556167..cd9c312 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -761,8 +761,10 @@ esp_output( if (sav->replay) { u_int32_t replay; +#ifdef REGRESSION /* Emulate replay attack when ipsec_replay is TRUE. */ if (!ipsec_replay) +#endif sav->replay->count++; replay = htonl(sav->replay->count); bcopy((caddr_t) &replay, @@ -947,6 +949,7 @@ esp_output_cb(struct cryptop *crp) free(tc, M_XDATA); crypto_freereq(crp); +#ifdef REGRESSION /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */ if (ipsec_integrity) { static unsigned char ipseczeroes[AH_HMAC_HASHLEN]; @@ -962,6 +965,7 @@ esp_output_cb(struct cryptop *crp) AH_HMAC_HASHLEN, ipseczeroes); } } +#endif /* NB: m is reclaimed by ipsec_process_done. */ err = ipsec_process_done(m, isr); |