Diffusion FreeBSD src repository 81877287a99e

if_ovpn: ensure we never re-use sequence numbers
81877287a99e
Actions

Description

if_ovpn: ensure we never re-use sequence numbers

if_ovpn already notified userpsace when there was a risk of sequence
number re-use, but it trusted userspace to actually rotate the key.

Convert the internal sequence number counter to 64 bits so we can detect
overflows and then refuse to send packets.

Event: BSDCan 2023
Reviewed by: Leon Dang <ldang@netgate.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40187

Details

Provenance

kp	Authored on May 20 2023, 5:43 PM

Differential Revision

D40187: if_ovpn: ensure we never re-use sequence numbers

Parents

rGc4a32455d9cb: pf: remove the use of caddr_t

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG81877287a99e: if_ovpn: ensure we never re-use sequence numbers (authored by kp).May 23 2023, 2:11 PM

kp added an edge: D40187: if_ovpn: ensure we never re-use sequence numbers.May 23 2023, 2:14 PM

Changes (1)

Path

Size

sys/

net/

if_ovpn.c

rG81877287a99e

View Options