svn commit: r352062 - stable/12/sys/netipsec

Mon Sep 9 14:41:40 UTC 2019

Author: fabient
Date: Mon Sep  9 14:41:39 2019
New Revision: 352062
URL: https://svnweb.freebsd.org/changeset/base/352062

Log:
  MFC r351935:
  Fix broken window replay check that will allow old packet to be accepted.
  This was introduced in r309144.
  
  Submitted by:	Jean-Francois HREN <jean-francois.hren at stormshield.eu>
  Approved by:	ae@

Modified:
  stable/12/sys/netipsec/ipsec.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netipsec/ipsec.c
==============================================================================

--- stable/12/sys/netipsec/ipsec.c	Mon Sep  9 14:16:57 2019	(r352061)
+++ stable/12/sys/netipsec/ipsec.c	Mon Sep  9 14:41:39 2019	(r352062)
@@ -1323,6 +1323,8 @@ ok:
 		    __func__, replay->overflow,
 		    ipsec_sa2str(sav, buf, sizeof(buf))));
 	}
+
+	replay->count++;
 	return (0);
 }
 
