diff options
author | Christian Langrock <christian.langrock@secunet.com> | 2022-10-17 08:34:47 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2022-10-19 09:00:53 +0200 |
commit | 4b549ccce941798703f159b227aa28c716aa78fa (patch) | |
tree | 3fa86e1058150975d089ffa94dfe041fede45d0a /net/ipv4/esp4_offload.c | |
parent | xfrm: lwtunnel: squelch kernel warning in case XFRM encap type is not available (diff) | |
download | linux-4b549ccce941798703f159b227aa28c716aa78fa.tar.xz linux-4b549ccce941798703f159b227aa28c716aa78fa.zip |
xfrm: replay: Fix ESN wrap around for GSO
When using GSO it can happen that the wrong seq_hi is used for the last
packets before the wrap around. This can lead to double usage of a
sequence number. To avoid this, we should serialize this last GSO
packet.
Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Christian Langrock <christian.langrock@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4/esp4_offload.c')
-rw-r--r-- | net/ipv4/esp4_offload.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c index 170152772d33..3969fa805679 100644 --- a/net/ipv4/esp4_offload.c +++ b/net/ipv4/esp4_offload.c @@ -314,6 +314,9 @@ static int esp_xmit(struct xfrm_state *x, struct sk_buff *skb, netdev_features_ xo->seq.low += skb_shinfo(skb)->gso_segs; } + if (xo->seq.low < seq) + xo->seq.hi++; + esp.seqno = cpu_to_be64(seq + ((u64)xo->seq.hi << 32)); ip_hdr(skb)->tot_len = htons(skb->len); |