linux/net/ipv6
Paul Moore afeb14b490 [XFRM]: RFC4303 compliant auditing
This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303.  This includes audit hooks for the following events:

 * Could not find a valid SA [sections 2.1, 3.4.2]
   . xfrm_audit_state_notfound()
   . xfrm_audit_state_notfound_simple()

 * Sequence number overflow [section 3.3.3]
   . xfrm_audit_state_replay_overflow()

 * Replayed packet [section 3.4.3]
   . xfrm_audit_state_replay()

 * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
   . xfrm_audit_state_icvfail()

While RFC4304 deals only with ESP most of the changes in this patch apply to
IPsec in general, i.e. both AH and ESP.  The one case, integrity check
failure, where ESP specific code had to be modified the same was done to the
AH code for the sake of consistency.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 15:00:01 -08:00
..
netfilter [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrconf.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
addrlabel.c [NET]: Make rtnetlink infrastructure network namespace aware (v3) 2008-01-28 14:54:25 -08:00
af_inet6.c [IPV6]: make the protocol initialization to return an error code 2008-01-28 14:57:13 -08:00
ah6.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
anycast.c [NET]: Make core networking code use seq_open_private 2007-10-10 16:55:33 -07:00
datagram.c [IPSEC]: Make callers of xfrm_lookup to use XFRM_LOOKUP_WAIT 2008-01-28 14:57:42 -08:00
esp6.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
exthdrs.c [IPV6]: make extended headers to return an error at initialization 2008-01-28 14:57:10 -08:00
fib6_rules.c [IPV6]: Make fib6_rules_init to return an error code. 2008-01-28 14:56:46 -08:00
icmp.c [IPSEC]: Do not let packets pass when ICMP flag is off 2008-01-28 14:57:43 -08:00
inet6_connection_sock.c [IPV6] __inet6_csk_dst_store(): fix check-after-use 2007-10-15 12:26:32 -07:00
inet6_hashtables.c [IPV6]: Mischecked tw match in __inet6_check_established. 2008-01-20 20:31:36 -08:00
ip6_fib.c [IPV6]: Always pass a valid nl_info to inet6_rt_notify. 2008-01-28 14:57:55 -08:00
ip6_flowlabel.c [IPV6]: make flowlabel to return an error 2008-01-28 14:57:10 -08:00
ip6_input.c [IPv6] RAW: Compact the API for the kernel 2008-01-28 14:54:29 -08:00
ip6_output.c [XFRM] IPv6: Fix dst/routing check at transformation. 2008-01-28 14:59:36 -08:00
ip6_tunnel.c [IPV6]: Add ip6_local_out 2008-01-28 14:53:47 -08:00
ipcomp6.c [IPSEC]: Forbid BEET + ipcomp for now 2008-01-28 14:53:43 -08:00
ipv6_sockglue.c [IPV6]: make the protocol initialization to return an error code 2008-01-28 14:57:13 -08:00
Kconfig [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
Makefile [IPV6]: Make the ipv6/sysctl_net_ipv6.c compilation cleaner 2008-01-28 14:56:29 -08:00
mcast.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
mip6.c [IPSEC]: Move state lock into x->type->input 2008-01-28 14:53:52 -08:00
ndisc.c [NET]: Make rtnetlink infrastructure network namespace aware (v3) 2008-01-28 14:54:25 -08:00
netfilter.c [NETFILTER]: constify nf_afinfo 2008-01-28 14:59:05 -08:00
proc.c [UDP]: Restore missing inDatagrams increments 2008-01-28 14:56:33 -08:00
protocol.c [IPV6]: Decentralize EXPORT_SYMBOLs. 2007-04-25 22:23:36 -07:00
raw.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
reassembly.c [IPV6]: make frag to return an error at initialization 2008-01-28 14:57:11 -08:00
route.c [IPV6]: Always pass a valid nl_info to inet6_rt_notify. 2008-01-28 14:57:55 -08:00
sit.c [IPV6] sit: Rebinding of SIT tunnels to other interfaces 2008-01-28 14:57:56 -08:00
sysctl_net_ipv6.c [IPV6]: Use sysctl paths to register ipv6 sysctl tables 2008-01-28 14:56:30 -08:00
tcp_ipv6.c [TCP]: Convert several length variable to unsigned. 2008-01-28 14:59:56 -08:00
tunnel6.c [IPV6]: Replace sk_buff ** with sk_buff * in input handlers 2007-10-15 12:50:28 -07:00
udp_impl.h [IPV6]: Replace sk_buff ** with sk_buff * in input handlers 2007-10-15 12:50:28 -07:00
udp.c [UDP]: Move udp_stats_in6 into net/ipv4/udp.c 2008-01-28 14:58:06 -08:00
udplite.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
xfrm6_input.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm6_mode_beet.c [IPSEC]: Separate inner/outer mode processing on input 2008-01-28 14:53:46 -08:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c [IPSEC]: Rename tunnel-mode functions to avoid collisions with tunnels 2008-01-28 14:59:18 -08:00
xfrm6_output.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
xfrm6_policy.c [XFRM] IPv6: Fix dst/routing check at transformation. 2008-01-28 14:59:36 -08:00
xfrm6_state.c [IPV6]: Make xfrm6_init to return an error code. 2008-01-28 14:56:45 -08:00
xfrm6_tunnel.c [IPSEC]: Get nexthdr from caller in xfrm6_rcv_spi 2007-10-17 21:29:25 -07:00