aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec
diff options
context:
space:
mode:
authorFabien Thomas <fabient@FreeBSD.org>2019-09-06 14:30:23 +0000
committerFabien Thomas <fabient@FreeBSD.org>2019-09-06 14:30:23 +0000
commitd5f39c34a64b8d2ffc17e218c89e0fb52e624097 (patch)
tree4be37914dc7d728694e1332cb139368511adbd93 /sys/netipsec
parente57b2d0e51265f7f1603077e0ca5af6c8e450751 (diff)
downloadsrc-d5f39c34a64b8d2ffc17e218c89e0fb52e624097.tar.gz
src-d5f39c34a64b8d2ffc17e218c89e0fb52e624097.zip
Fix broken window replay check that will allow old packet to be accepted.
This was introduced in r309144. Submitted by: Jean-Francois HREN <jean-francois.hren@stormshield.eu> Approved by: ae@ MFC after: 3 days
Notes
Notes: svn path=/head/; revision=351935
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/ipsec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 245feb1bdca9..7b7f4d05ea4e 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -1323,6 +1323,8 @@ ok:
__func__, replay->overflow,
ipsec_sa2str(sav, buf, sizeof(buf))));
}
+
+ replay->count++;
return (0);
}