summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/xform_esp.c
diff options
context:
space:
mode:
authorpjd <pjd@FreeBSD.org>2006-04-10 15:04:36 +0000
committerpjd <pjd@FreeBSD.org>2006-04-10 15:04:36 +0000
commit98fc9938afbd40dd139657197f8c385fd792ad71 (patch)
tree90fcabf580a6c3dc6c206a2d8fb27221ee66d0c9 /sys/netipsec/xform_esp.c
parent7fd1474b9c2e989b87a761b3e8d1bee795283543 (diff)
downloadFreeBSD-src-98fc9938afbd40dd139657197f8c385fd792ad71.zip
FreeBSD-src-98fc9938afbd40dd139657197f8c385fd792ad71.tar.gz
Hide net.inet.ipsec.test_{replay,integrity} sysctls under #ifdef REGRESSION.
Requested by: sam, rwatson
Diffstat (limited to 'sys/netipsec/xform_esp.c')
-rw-r--r--sys/netipsec/xform_esp.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index a556167..cd9c312 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -761,8 +761,10 @@ esp_output(
if (sav->replay) {
u_int32_t replay;
+#ifdef REGRESSION
/* Emulate replay attack when ipsec_replay is TRUE. */
if (!ipsec_replay)
+#endif
sav->replay->count++;
replay = htonl(sav->replay->count);
bcopy((caddr_t) &replay,
@@ -947,6 +949,7 @@ esp_output_cb(struct cryptop *crp)
free(tc, M_XDATA);
crypto_freereq(crp);
+#ifdef REGRESSION
/* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
if (ipsec_integrity) {
static unsigned char ipseczeroes[AH_HMAC_HASHLEN];
@@ -962,6 +965,7 @@ esp_output_cb(struct cryptop *crp)
AH_HMAC_HASHLEN, ipseczeroes);
}
}
+#endif
/* NB: m is reclaimed by ipsec_process_done. */
err = ipsec_process_done(m, isr);
OpenPOWER on IntegriCloud