Page MenuHomeFreeBSD

if_ovpn: ensure we never re-use sequence numbers

Authored by kp on Sat, May 20, 6:38 PM.



if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

rG FreeBSD src repository
Lint Not Applicable
Tests Not Applicable

Event Timeline

kp requested review of this revision.Sat, May 20, 6:38 PM
This revision was not accepted when it landed; it landed in state Needs Review.Tue, May 23, 2:14 PM
This revision was automatically updated to reflect the committed changes.