svn commit: r351935 - head/sys/netipsec
Fabien Thomas
fabient at FreeBSD.org
Fri Sep 6 14:30:24 UTC 2019
Author: fabient
Date: Fri Sep 6 14:30:23 2019
New Revision: 351935
URL: https://svnweb.freebsd.org/changeset/base/351935
Log:
Fix broken window replay check that will allow old packet to be accepted.
This was introduced in r309144.
Submitted by: Jean-Francois HREN <jean-francois.hren at stormshield.eu>
Approved by: ae@
MFC after: 3 days
Modified:
head/sys/netipsec/ipsec.c
Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c Fri Sep 6 14:25:41 2019 (r351934)
+++ head/sys/netipsec/ipsec.c Fri Sep 6 14:30:23 2019 (r351935)
@@ -1323,6 +1323,8 @@ ok:
__func__, replay->overflow,
ipsec_sa2str(sav, buf, sizeof(buf))));
}
+
+ replay->count++;
return (0);
}
More information about the svn-src-all
mailing list