Author: fabient
Date: Mon Sep  9 14:56:06 2019
New Revision: 352064
URL: https://svnweb.freebsd.org/changeset/base/352064

Log:
  MFC r351935:
  Fix broken window replay check that will allow old packet to be accepted.
  This was introduced in r309144.
  
  Submitted by: Jean-Francois HREN <jean-francois.h...@stormshield.eu>
  Approved by:  ae@

Modified:
  stable/11/sys/netipsec/ipsec.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netipsec/ipsec.c
==============================================================================
--- stable/11/sys/netipsec/ipsec.c      Mon Sep  9 14:51:25 2019        
(r352063)
+++ stable/11/sys/netipsec/ipsec.c      Mon Sep  9 14:56:06 2019        
(r352064)
@@ -1309,6 +1309,8 @@ ok:
                    __func__, replay->overflow,
                    ipsec_sa2str(sav, buf, sizeof(buf))));
        }
+
+       replay->count++;
        return (0);
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to