if_ovpn: ensure we never re-use sequence numbers
ClosedPublic
Actions

Authored by kp on May 20 2023, 6:38 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Apr 19, 6:00 AM

	Unknown Object (File)
	Tue, Apr 9, 10:15 PM

	Unknown Object (File)
	Tue, Apr 9, 2:49 PM

	Unknown Object (File)
	Tue, Apr 9, 1:19 PM

	Unknown Object (File)
	Feb 18 2024, 8:28 AM

	Unknown Object (File)
	Dec 22 2023, 10:48 PM

	Unknown Object (File)
	Dec 13 2023, 3:41 AM

	Unknown Object (File)
	Dec 11 2023, 12:39 AM

Subscribers

Details

Reviewers

None

Group Reviewers

pfsense
network

Commits

rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers

Summary

if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 51585
Build 48476: arc lint + arc unit

Event Timeline

kp created this revision.May 20 2023, 6:38 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMay 20 2023, 6:38 PM

kp requested review of this revision.May 20 2023, 6:38 PM

Harbormaster completed remote builds in B51585: Diff 122172.May 20 2023, 6:38 PM

This revision was not accepted when it landed; it landed in state Needs Review.May 23 2023, 2:14 PM

Closed by commit rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers.

Revision Contents
Changeset List

Path

Size

sys/

net/

if_ovpn.c

22 lines

Diff 122172

View Options

if_ovpn: ensure we never re-use sequence numbersClosedPublicActions