[Glibc-bsd-commits] r1441 - trunk/kfreebsd-5/debian/patches
Aurelien Jarno
aurel32 at costa.debian.org
Tue Apr 11 19:06:06 UTC 2006
Author: aurel32
Date: 2006-04-11 19:06:06 +0000 (Tue, 11 Apr 2006)
New Revision: 1441
Added:
trunk/kfreebsd-5/debian/patches/000_ipsec.diff
Log:
And add the patch...
Added: trunk/kfreebsd-5/debian/patches/000_ipsec.diff
===================================================================
--- trunk/kfreebsd-5/debian/patches/000_ipsec.diff 2006-04-11 18:59:14 UTC (rev 1440)
+++ trunk/kfreebsd-5/debian/patches/000_ipsec.diff 2006-04-11 19:06:06 UTC (rev 1441)
@@ -0,0 +1,31 @@
+Index: sys/netipsec/xform_esp.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/netipsec/xform_esp.c,v
+retrieving revision 1.11
+diff -u -r1.11 xform_esp.c
+--- sys/netipsec/xform_esp.c 15 Mar 2006 21:11:11 -0000 1.11
++++ sys/netipsec/xform_esp.c 19 Mar 2006 17:20:07 -0000
+@@ -555,6 +555,23 @@
+ */
+ m->m_flags |= M_DECRYPTED;
+
++ /*
++ * Update replay sequence number, if appropriate.
++ */
++ if (sav->replay) {
++ u_int32_t seq;
++
++ m_copydata(m, skip + offsetof(struct newesp, esp_seq),
++ sizeof (seq), (caddr_t) &seq);
++ if (ipsec_updatereplay(ntohl(seq), sav)) {
++ DPRINTF(("%s: packet replay check for %s\n", __func__,
++ ipsec_logsastr(sav)));
++ espstat.esps_replay++;
++ error = ENOBUFS;
++ goto bad;
++ }
++ }
++
+ /* Determine the ESP header length */
+ if (sav->flags & SADB_X_EXT_OLD)
+ hlen = sizeof (struct esp) + sav->ivlen;
More information about the Glibc-bsd-commits
mailing list