Fabien Thomas <fabi...@freebsd.org> writes: > Author: fabient > Date: Fri Nov 25 14:44:49 2016 > New Revision: 309144 > URL: https://svnweb.freebsd.org/changeset/base/309144 > > Log: > IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. > > Since the previous algorithm, based on bit shifting, does not scale > with large replay windows, the algorithm used here is based on > RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting. > The replay window will be fast to be updated, but will cost as many bits > in RAM as its size. > > The previous implementation did not provide a lock on the replay window, > which may lead to replay issues.
This broke the build here: In file included from /usr/src/sys/netipsec/key_debug.c:54: In file included from /usr/src/sys/netipsec/ipsec.h:46: In file included from /usr/src/sys/netipsec/keydb.h:38: /usr/src/sys/sys/mutex.h:367:2: error: LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h> #error LOCK_DEBUG not defined, include <sys/lock.h> before <sys/mutex.h> _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
