summaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorYossef Efraim <yossefe@mellanox.com>2017-11-28 11:49:28 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-03-19 08:42:50 +0100
commitab3db1af421005b9a33888ebe2b69cce81179b91 (patch)
tree572845932c0a42e75880f5c14389e4278531fed5 /net/xfrm
parent5aac93adff9caa5920af52ea1db2a5dc2c1badd9 (diff)
downloadlinux-stable-ab3db1af421005b9a33888ebe2b69cce81179b91.tar.gz
linux-stable-ab3db1af421005b9a33888ebe2b69cce81179b91.tar.bz2
linux-stable-ab3db1af421005b9a33888ebe2b69cce81179b91.zip
xfrm: Fix xfrm_replay_overflow_offload_esn
[ Upstream commit 0ba23a211360af7b6658e4fcfc571970bbbacc55 ] In case of wrap around, replay_esn->oseq_hi is not updated before it is tested for it's actual value, leading function to fail with overflow indication and packets being dropped. This patch updates replay_esn->oseq_hi in the right place. Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading") Signed-off-by: Yossef Efraim <yossefe@mellanox.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_replay.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 8b23c5bcf8e8..02501817227b 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -666,7 +666,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
if (unlikely(oseq < replay_esn->oseq)) {
XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
xo->seq.hi = oseq_hi;
-
+ replay_esn->oseq_hi = oseq_hi;
if (replay_esn->oseq_hi == 0) {
replay_esn->oseq--;
replay_esn->oseq_hi--;
@@ -678,7 +678,6 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
}
replay_esn->oseq = oseq;
- replay_esn->oseq_hi = oseq_hi;
if (xfrm_aevent_is_on(net))
x->repl->notify(x, XFRM_REPLAY_UPDATE);