version 1.20, 2006/02/25 02:28:58 |
version 1.21, 2006/04/11 20:21:28 |
Line 104 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 104 __KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#ifdef IPSEC_DEBUG |
#ifdef IPSEC_DEBUG |
int ipsec_debug = 1; |
int ipsec_debug = 1; |
|
|
|
/* |
|
* When set to 1, IPsec will send packets with the same sequence number. |
|
* This allows to verify if the other side has proper replay attacks detection. |
|
*/ |
|
int ipsec_replay = 0; |
|
|
|
/* |
|
* When set 1, IPsec will send packets with corrupted HMAC. |
|
* This allows to verify if the other side properly detects modified packets. |
|
*/ |
|
int ipsec_integrity = 0; |
#else |
#else |
int ipsec_debug = 0; |
int ipsec_debug = 0; |
#endif |
#endif |
Line 172 SYSCTL_INT(_net_inet_ipsec, OID_AUTO, |
|
Line 184 SYSCTL_INT(_net_inet_ipsec, OID_AUTO, |
|
crypto_support, CTLFLAG_RW, &crypto_support,0, ""); |
crypto_support, CTLFLAG_RW, &crypto_support,0, ""); |
SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, |
SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, |
ipsecstats, CTLFLAG_RD, &newipsecstat, newipsecstat, ""); |
ipsecstats, CTLFLAG_RD, &newipsecstat, newipsecstat, ""); |
|
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay, CTLFLAG_RW, &ipsec_replay, 0, |
|
"Emulate replay attack"); |
|
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity, CTLFLAG_RW, |
|
&ipsec_integrity, 0, "Emulate man-in-the-middle attack"); |
#endif /* __FreeBSD__ */ |
#endif /* __FreeBSD__ */ |
|
|
#ifdef INET6 |
#ifdef INET6 |