K 10
svn:author
V 3
pjd
K 8
svn:date
V 27
2006-04-09T19:11:45.000000Z
K 7
svn:log
V 485
Introduce two new sysctls:

net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
	the same sequence number. This allows to verify if the other side
	has proper replay attacks detection.

net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
	corrupted HMAC. This allows to verify if the other side properly
	detects modified packets.

I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).

END