aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/tools/perf/scripts/python/export-to-postgresql.py
diff options
context:
space:
mode:
authorAntonio Quartulli <antonio@openvpn.net>2025-04-15 13:17:37 +0200
committerPaolo Abeni <pabeni@redhat.com>2025-04-17 12:30:03 +0200
commit89d3c0e4612afa1c6429ed68d298e35592fbe208 (patch)
tree2ac3e9e54daac4358e1c2fa97724cf522149ef8e /tools/perf/scripts/python/export-to-postgresql.py
parentovpn: implement key add/get/del/swap via netlink (diff)
downloadwireguard-linux-89d3c0e4612afa1c6429ed68d298e35592fbe208.tar.xz
wireguard-linux-89d3c0e4612afa1c6429ed68d298e35592fbe208.zip
ovpn: kill key and notify userspace in case of IV exhaustion
IV wrap-around is cryptographically dangerous for a number of ciphers, therefore kill the key and inform userspace (via netlink) should the IV space go exhausted. Userspace has two ways of deciding when the key has to be renewed before exhausting the IV space: 1) time based approach: after X seconds/minutes userspace generates a new key and sends it to the kernel. This is based on guestimate and normally default timer value works well. 2) packet count based approach: after X packets/bytes userspace generates a new key and sends it to the kernel. Userspace keeps track of the amount of traffic by periodically polling GET_PEER and fetching the VPN/LINK stats. Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Link: https://patch.msgid.link/20250415-b4-ovpn-v26-20-577f6097b964@openvpn.net Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions