xfrm: Fix ESN sequence number handling for IPsec GSO packets.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When IPsec offloading was introduced, we accidentally incremented
the sequence number counter on the xfrm_state by one packet
too much in the ESN case. This leads to a sequence number gap of
one packet after each GSO packet. Fix this by setting the sequence
number to the correct value.

Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Steffen Klassert 8 years ago b8b549ee 013cb81e

+1 -1

1 changed file

expand all

net

xfrm

xfrm_replay.c

+1 -1

net/xfrm/xfrm_replay.c

··· 660 660 } else { 661 661 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1; 662 662 XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi; 663 - xo->seq.low = oseq = oseq + 1; 663 + xo->seq.low = oseq + 1; 664 664 xo->seq.hi = oseq_hi; 665 665 oseq += skb_shinfo(skb)->gso_segs; 666 666 }