Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/xform_ah.c
Show First 20 Lines • Show All 920 Lines • ▼ Show 20 Lines | #endif /* INET6 */ | ||||
/* Zeroize padding */ | /* Zeroize padding */ | ||||
m_copyback(m, skip + rplen + authsize, ahsize - (rplen + authsize), | m_copyback(m, skip + rplen + authsize, ahsize - (rplen + authsize), | ||||
ipseczeroes); | ipseczeroes); | ||||
/* Insert packet replay counter, as requested. */ | /* Insert packet replay counter, as requested. */ | ||||
SECASVAR_LOCK(sav); | SECASVAR_LOCK(sav); | ||||
if (sav->replay) { | if (sav->replay) { | ||||
if (sav->replay->count == ~0 && | if ((sav->replay->count == ~0 || | ||||
(!(sav->flags & SADB_X_SAFLAGS_ESN) && | |||||
((uint32_t)sav->replay->count) == ~0)) && | |||||
(sav->flags & SADB_X_EXT_CYCSEQ) == 0) { | (sav->flags & SADB_X_EXT_CYCSEQ) == 0) { | ||||
SECASVAR_UNLOCK(sav); | SECASVAR_UNLOCK(sav); | ||||
DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n", | DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n", | ||||
__func__, ipsec_address(&sav->sah->saidx.dst, buf, | __func__, ipsec_address(&sav->sah->saidx.dst, buf, | ||||
sizeof(buf)), (u_long) ntohl(sav->spi))); | sizeof(buf)), (u_long) ntohl(sav->spi))); | ||||
AHSTAT_INC(ahs_wrap); | AHSTAT_INC(ahs_wrap); | ||||
error = EACCES; | error = EACCES; | ||||
goto bad; | goto bad; | ||||
▲ Show 20 Lines • Show All 209 Lines • Show Last 20 Lines |