[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-audit
Subject:    Re: [PATCH 1/2] XFRM: RFC4303 compliant auditing
From:       David Miller <davem () davemloft ! net>
Date:       2007-12-21 22:58:38
Message-ID: 20071221.145838.17444757.davem () davemloft ! net
[Download RAW message or body]

From: Paul Moore <paul.moore@hp.com>
Date: Fri, 21 Dec 2007 09:14:55 -0500

> This patch adds a number of new IPsec audit events to meet the auditing
> requirements of RFC4303.  This includes audit hooks for the following events:
> 
>  * Could not find a valid SA [sections 2.1, 3.4.2]
>    . xfrm_audit_state_notfound()
>    . xfrm_audit_state_notfound_simple()
> 
>  * Sequence number overflow [section 3.3.3]
>    . xfrm_audit_state_replay_overflow()
> 
>  * Replayed packet [section 3.4.3]
>    . xfrm_audit_state_replay()
> 
>  * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
>    . xfrm_audit_state_icvfail()
> 
> While RFC4304 deals only with ESP most of the changes in this patch apply to
> IPsec in general, i.e. both AH and ESP.  The one case, integrity check
> failure, where ESP specific code had to be modified the same was done to the
> AH code for the sake of consistency.
> 
> Signed-off-by: Paul Moore <paul.moore@hp.com>

Applied.

[prev in list] [next in list] [prev in thread] [next in thread]