mirror of
https://github.com/torvalds/linux.git
synced 2024-11-10 14:11:52 +00:00
xfrm: Fix ESN sequence number handling for IPsec GSO packets.
When IPsec offloading was introduced, we accidentally incremented
the sequence number counter on the xfrm_state by one packet
too much in the ESN case. This leads to a sequence number gap of
one packet after each GSO packet. Fix this by setting the sequence
number to the correct value.
Fixes: d7dbefc45c
("xfrm: Add xfrm_replay_overflow functions for offloading")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
013cb81e89
commit
b8b549eec8
@ -660,7 +660,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
|
||||
} else {
|
||||
XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
|
||||
XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
|
||||
xo->seq.low = oseq = oseq + 1;
|
||||
xo->seq.low = oseq + 1;
|
||||
xo->seq.hi = oseq_hi;
|
||||
oseq += skb_shinfo(skb)->gso_segs;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user