svn commit: r351935 - head/sys/netipsec

[Fabien Thomas]

Author: fabient
Date: Fri Sep  6 14:30:23 2019
New Revision: 351935
URL: https://svnweb.freebsd.org/changeset/base/351935

Log:
  Fix broken window replay check that will allow old packet to be accepted.
  This was introduced in r309144.
  
  Submitted by: Jean-Francois HREN <jean-francois.h...@stormshield.eu>
  Approved by:  ae@
  MFC after:    3 days

Modified:
  head/sys/netipsec/ipsec.c

Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c   Fri Sep  6 14:25:41 2019        (r351934)
+++ head/sys/netipsec/ipsec.c   Fri Sep  6 14:30:23 2019        (r351935)
@@ -1323,6 +1323,8 @@ ok:
                    __func__, replay->overflow,
                    ipsec_sa2str(sav, buf, sizeof(buf))));
        }
+
+       replay->count++;
        return (0);
 }
 
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"