1
linux/net/ipv4
Paul Moore afeb14b490 [XFRM]: RFC4303 compliant auditing
This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303.  This includes audit hooks for the following events:

 * Could not find a valid SA [sections 2.1, 3.4.2]
   . xfrm_audit_state_notfound()
   . xfrm_audit_state_notfound_simple()

 * Sequence number overflow [section 3.3.3]
   . xfrm_audit_state_replay_overflow()

 * Replayed packet [section 3.4.3]
   . xfrm_audit_state_replay()

 * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
   . xfrm_audit_state_icvfail()

While RFC4304 deals only with ESP most of the changes in this patch apply to
IPsec in general, i.e. both AH and ESP.  The one case, integrity check
failure, where ESP specific code had to be modified the same was done to the
AH code for the sake of consistency.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 15:00:01 -08:00
..
ipvs [IPVS]: Use htons() where appropriate. 2008-01-28 14:58:02 -08:00
netfilter [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
af_inet.c [IPV4]: Pass the net pointer to the arp_req_set_proxy() 2008-01-28 14:58:09 -08:00
ah4.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
arp.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
cipso_ipv4.c [IPV4] net/ipv4/cipso_ipv4.c: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:52 -08:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
esp4.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
fib_frontend.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
fib_hash.c [IPV4]: last default route is a fib table property 2008-01-28 14:57:01 -08:00
fib_lookup.h [IPV4]: Unify assignment of fi to fib_result 2008-01-28 14:57:01 -08:00
fib_rules.c [INET]: Small possible memory leak in FIB rules 2007-11-10 22:12:03 -08:00
fib_semantics.c [IPV4]: no need pass pointer to a default into fib_detect_death 2008-01-28 14:57:00 -08:00
fib_trie.c [IPV4]: Thresholds in fib_trie.c are used as consts, so make them const. 2008-01-28 14:57:57 -08:00
icmp.c [IPSEC]: Do not let packets pass when ICMP flag is off 2008-01-28 14:57:43 -08:00
igmp.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
inet_connection_sock.c [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
inet_diag.c [INET]: Fix inet_diag dead-lock regression 2007-12-03 15:51:25 +11:00
inet_fragment.c [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
inet_hashtables.c [INET]: Uninline the __inet_lookup_established function. 2008-01-28 14:59:27 -08:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [INET]: Uninline the inet_twsk_put function. 2008-01-28 14:59:28 -08:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
ip_fragment.c [NET]: Fix uninitialised variable in ip_frag_reasm() 2007-10-17 21:37:22 -07:00
ip_gre.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
ip_input.c [IPv4] RAW: Compact the API for the kernel 2008-01-28 14:54:28 -08:00
ip_options.c [IPV4] ip_options.c: kmalloc + memset conversion to kzalloc 2007-07-31 14:06:45 -07:00
ip_output.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
ip_sockglue.c [IPV4]: Clean the ip_sockglue.c from some ugly ifdefs 2007-11-07 04:08:55 -08:00
ipcomp.c [IPSEC]: Forbid BEET + ipcomp for now 2008-01-28 14:53:43 -08:00
ipconfig.c [IPCONFIG]: Mark vendor_class_identifier as __initdata. 2008-01-28 14:54:22 -08:00
ipip.c [IPIP]: Allow rebinding the tunnel to another interface 2008-01-28 14:57:25 -08:00
ipmr.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
Kconfig typo fixes 2007-10-20 01:34:40 +02:00
Makefile [IPV4]: Cleanup the sysctl_net_ipv4.c file 2008-01-28 14:56:27 -08:00
netfilter.c [NETFILTER]: constify nf_afinfo 2008-01-28 14:59:05 -08:00
proc.c [IPV4]: Switch users of ipv4_devconf(_all) to use the pernet one 2008-01-28 14:58:12 -08:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
route.c [INET]: Avoid an integer divide in rt_garbage_collect() 2008-01-28 14:59:57 -08:00
syncookies.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
sysctl_net_ipv4.c [INET]: Merge sys.net.ipv4.ip_forward and sys.net.ipv4.conf.all.forwarding 2008-01-28 14:56:31 -08:00
tcp_bic.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_cong.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_cubic.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c [TCP]: Avoid two divides in __tcp_grow_window() 2008-01-28 15:00:01 -08:00
tcp_ipv4.c [TCP]: Convert several length variable to unsigned. 2008-01-28 14:59:56 -08:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c [TCP]: Move sack_ok access to obviously named funcs & cleanup 2007-10-10 16:48:00 -07:00
tcp_output.c [TCP] Avoid two divides in tcp_output.c 2008-01-28 14:59:41 -08:00
tcp_probe.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c [TCP]: Avoid a divide in tcp_mtu_probing() 2008-01-28 15:00:00 -08:00
tcp_vegas.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp.c [TCP]: Use BUILD_BUG_ON for tcp_skb_cb size checking 2008-01-28 14:57:07 -08:00
tunnel4.c [INET]: Cleanup the xfrm4_tunnel_(un)register 2007-11-10 21:48:54 -08:00
udp_impl.h [UDP]: Randomize port selection. 2007-10-10 16:48:31 -07:00
udp.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
udplite.c [IPV4]: Use the {DEFINE|REF}_PROTO_INUSE infrastructure 2007-11-07 04:08:58 -08:00
xfrm4_input.c [IPSEC]: Use the correct family for input state lookup 2008-01-28 14:55:49 -08:00
xfrm4_mode_beet.c [IPSEC]: Separate inner/outer mode processing on input 2008-01-28 14:53:46 -08:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Rename tunnel-mode functions to avoid collisions with tunnels 2008-01-28 14:59:18 -08:00
xfrm4_output.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
xfrm4_policy.c [XFRM] IPv6: Fix dst/routing check at transformation. 2008-01-28 14:59:36 -08:00
xfrm4_state.c [IPSEC]: Kill afinfo->nf_post_routing 2008-01-28 14:53:55 -08:00
xfrm4_tunnel.c [IPSEC]: Move tunnel parsing for IPv4 out of xfrm4_input 2007-10-17 21:28:53 -07:00