Page MenuHomeFreeBSD
Differential D40187

if_ovpn: ensure we never re-use sequence numbers
ClosedPublic
Actions

Authored by kp on May 20 2023, 6:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, May 4, 6:11 AM
Unknown Object (File)
Fri, Apr 19, 6:00 AM
Unknown Object (File)
Apr 9 2024, 10:15 PM
Unknown Object (File)
Apr 9 2024, 2:49 PM
Unknown Object (File)
Apr 9 2024, 1:19 PM
Unknown Object (File)
Feb 18 2024, 8:28 AM
Unknown Object (File)
Dec 22 2023, 10:48 PM
Unknown Object (File)
Dec 13 2023, 3:41 AM
View All 22 Files
Subscribers
ae
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
pfsense
network
Commits
rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers
Summary

if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.May 20 2023, 6:38 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMay 20 2023, 6:38 PM
kp requested review of this revision.May 20 2023, 6:38 PM
Harbormaster completed remote builds in B51585: Diff 122172.May 20 2023, 6:38 PM
This revision was not accepted when it landed; it landed in state Needs Review.May 23 2023, 2:14 PM
Closed by commit rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers.

Revision Contents
Changeset List

PathSize
sys/
net/
22 lines

Diff 122292

View Options

sys/net/if_ovpn.c

Loading...