if_ovpn: ensure we never re-use sequence numbers
ClosedPublic
Actions

Authored by kp on May 20 2023, 6:38 PM.

Tags

None

Referenced Files

	F150410286: D40187.id122292.diff
	Wed, Apr 1, 12:03 AM

	Unknown Object (File)
	Wed, Mar 25, 1:06 AM

	Unknown Object (File)
	Mon, Mar 23, 12:20 AM

	Unknown Object (File)
	Wed, Mar 18, 10:50 AM

	Unknown Object (File)
	Wed, Mar 11, 5:26 PM

	Unknown Object (File)
	Wed, Mar 11, 10:15 AM

	Unknown Object (File)
	Feb 28 2026, 2:59 PM

	Unknown Object (File)
	Feb 9 2026, 11:26 AM

Subscribers

Details

Reviewers

None

Group Reviewers

pfsense
network

Commits

rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers

Summary

if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.May 20 2023, 6:38 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMay 20 2023, 6:38 PM

kp requested review of this revision.May 20 2023, 6:38 PM

Harbormaster completed remote builds in B51585: Diff 122172.May 20 2023, 6:38 PM

This revision was not accepted when it landed; it landed in state Needs Review.May 23 2023, 2:14 PM

Closed by commit rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers.

Revision Contents
Changeset List

Path

Size

sys/

net/

if_ovpn.c

22 lines

Diff 122292

View Options

if_ovpn: ensure we never re-use sequence numbersClosedPublicActions