Page MenuHomeFreeBSD

if_ovpn: ensure we never re-use sequence numbers
ClosedPublic

Authored by kp on May 20 2023, 6:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jul 13, 2:28 AM
Unknown Object (File)
Mon, Jun 22, 12:43 AM
Unknown Object (File)
Sat, Jun 20, 6:32 AM
Unknown Object (File)
Fri, Jun 19, 12:47 PM
Unknown Object (File)
Jun 3 2026, 1:24 PM
Unknown Object (File)
May 14 2026, 2:55 PM
Unknown Object (File)
May 11 2026, 4:41 AM
Unknown Object (File)
May 11 2026, 4:41 AM

Details

Summary

if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp requested review of this revision.May 20 2023, 6:38 PM
This revision was not accepted when it landed; it landed in state Needs Review.May 23 2023, 2:14 PM
This revision was automatically updated to reflect the committed changes.