xnu-6153.61.1.tar.gz

[apple/xnu.git] / bsd / netkey / keydb.h

diff --git a/bsd/netkey/keydb.h b/bsd/netkey/keydb.h
index 19450e6bdeaaf685f8af19bd21594b438404a0a3..db7a04ef30eb3cc0ed24c795181662ad406f4ca6 100644 (file)
--- a/bsd/netkey/keydb.h
+++ b/bsd/netkey/keydb.h
@@ -70,6 +70,8 @@ struct secashead {
        struct route_in6 sa_route;              /* route cache */
 };
 
        struct route_in6 sa_route;              /* route cache */
 };
 

+#define MAX_REPLAY_WINDOWS 4
+

 /* Security Association */
 struct secasvar {
        LIST_ENTRY(secasvar) chain;
 /* Security Association */
 struct secasvar {
        LIST_ENTRY(secasvar) chain;


@@ -90,7 +92,8 @@ struct secasvar {
        void *sched;                    /* intermediate encryption key */
        size_t schedlen;
 
        void *sched;                    /* intermediate encryption key */
        size_t schedlen;
 

-       struct secreplay *replay;       /* replay prevention */
+       struct secreplay *replay[MAX_REPLAY_WINDOWS]; /* replay prevention */
+

        long created;                   /* for lifetime */
 
        struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
        long created;                   /* for lifetime */
 
        struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */


@@ -119,7 +122,7 @@ struct secreplay {
        u_int32_t count;
        u_int wsize;            /* window size, i.g. 4 bytes */
        u_int32_t seq;          /* used by sender */
        u_int32_t count;
        u_int wsize;            /* window size, i.g. 4 bytes */
        u_int32_t seq;          /* used by sender */

-       u_int32_t lastseq;      /* used by receiver */
+       u_int32_t lastseq;      /* used by sender/receiver */

        caddr_t bitmap;         /* used by receiver */
        int overflow;           /* overflow flag */
 };
        caddr_t bitmap;         /* used by receiver */
        int overflow;           /* overflow flag */
 };