]> err.no Git - linux-2.6/commit
[IPSEC]: Reject packets within replay window but outside the bit mask
authorHerbert Xu <herbert@gondor.apana.org.au>
Thu, 5 Apr 2007 07:07:39 +0000 (00:07 -0700)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Apr 2007 07:07:39 +0000 (00:07 -0700)
commit4c4d51a7316b164ba08af61aa0c124a88bc60450
tree432e2d46513ddb61b0da9da14410b6888c947b70
parent60e5c166413f17d5ef00b4c1f398dbd44291309a
[IPSEC]: Reject packets within replay window but outside the bit mask

Up until this point we've accepted replay window settings greater than
32 but our bit mask can only accomodate 32 packets.  Thus any packet
with a sequence number within the window but outside the bit mask would
be accepted.

This patch causes those packets to be rejected instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_state.c