xfrm: Fix ESN sequence number handling for IPsec GSO packets.
When IPsec offloading was introduced, we accidentally incremented
the sequence number counter on the xfrm_state by one packet
too much in the ESN case. This leads to a sequence number gap of
one packet after each GSO packet. Fix this by setting the sequence
number to the correct value.
Fixes: d7dbefc45c ("xfrm: Add xfrm_replay_overflow functions for offloading")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Steffen Klassert
Родитель
013cb81e89
Коммит
b8b549eec8
|
|
@ -660,7 +660,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
|
|||
} else {
|
||||
XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
|
||||
XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
|
||||
xo->seq.low = oseq = oseq + 1;
|
||||
xo->seq.low = oseq + 1;
|
||||
xo->seq.hi = oseq_hi;
|
||||
oseq += skb_shinfo(skb)->gso_segs;
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче