svn commit: r352064 - stable/11/sys/netipsec
Fabien Thomas
fabient at FreeBSD.org
Mon Sep 9 14:56:07 UTC 2019
Author: fabient
Date: Mon Sep 9 14:56:06 2019
New Revision: 352064
URL: https://svnweb.freebsd.org/changeset/base/352064
Log:
MFC r351935:
Fix broken window replay check that will allow old packet to be accepted.
This was introduced in r309144.
Submitted by: Jean-Francois HREN <jean-francois.hren at stormshield.eu>
Approved by: ae@
Modified:
stable/11/sys/netipsec/ipsec.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netipsec/ipsec.c
==============================================================================
--- stable/11/sys/netipsec/ipsec.c Mon Sep 9 14:51:25 2019 (r352063)
+++ stable/11/sys/netipsec/ipsec.c Mon Sep 9 14:56:06 2019 (r352064)
@@ -1309,6 +1309,8 @@ ok:
__func__, replay->overflow,
ipsec_sa2str(sav, buf, sizeof(buf))));
}
+
+ replay->count++;
return (0);
}
More information about the svn-src-stable
mailing list