doc/share/security/patches/SA-06:11/ipsec.patch

Index: sys/netipsec/xform_esp.c
===================================================================
RCS file: /usr/ncvs/src/sys/netipsec/xform_esp.c,v
retrieving revision 1.11
diff -u -r1.11 xform_esp.c
--- sys/netipsec/xform_esp.c	15 Mar 2006 21:11:11 -0000	1.11
+++ sys/netipsec/xform_esp.c	19 Mar 2006 17:20:07 -0000
@@ -555,6 +555,23 @@
 	 */
 	m->m_flags |= M_DECRYPTED;
 
+	/*
+	 * Update replay sequence number, if appropriate.
+	 */
+	if (sav->replay) {
+		u_int32_t seq;
+
+		m_copydata(m, skip + offsetof(struct newesp, esp_seq),
+			   sizeof (seq), (caddr_t) &seq);
+		if (ipsec_updatereplay(ntohl(seq), sav)) {
+			DPRINTF(("%s: packet replay check for %s\n", __func__,
+			    ipsec_logsastr(sav)));
+			espstat.esps_replay++;
+			error = ENOBUFS;
+			goto bad;
+		}
+	}
+
 	/* Determine the ESP header length */
 	if (sav->flags & SADB_X_EXT_OLD)
 		hlen = sizeof (struct esp) + sav->ivlen;