Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch')
-rw-r--r--sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch b/sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch
new file mode 100644
index 000000000000..73dbb8f7b829
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/SA-06-11-ipsec.patch
@@ -0,0 +1,31 @@
+Index: sys/netipsec/xform_esp.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/netipsec/xform_esp.c,v
+retrieving revision 1.11
+diff -u -r1.11 xform_esp.c
+--- sys/netipsec/xform_esp.c 15 Mar 2006 21:11:11 -0000 1.11
++++ sys/netipsec/xform_esp.c 19 Mar 2006 17:20:07 -0000
+@@ -555,6 +555,23 @@
+ */
+ m->m_flags |= M_DECRYPTED;
+
++ /*
++ * Update replay sequence number, if appropriate.
++ */
++ if (sav->replay) {
++ u_int32_t seq;
++
++ m_copydata(m, skip + offsetof(struct newesp, esp_seq),
++ sizeof (seq), (caddr_t) &seq);
++ if (ipsec_updatereplay(ntohl(seq), sav)) {
++ DPRINTF(("%s: packet replay check for %s\n", __func__,
++ ipsec_logsastr(sav)));
++ espstat.esps_replay++;
++ error = ENOBUFS;
++ goto bad;
++ }
++ }
++
+ /* Determine the ESP header length */
+ if (sav->flags & SADB_X_EXT_OLD)
+ hlen = sizeof (struct esp) + sav->ivlen;