xfrm: Fix ESN sequence number handling for IPsec GSO packets.
[ Upstream commitpull/10/headb8b549eec8
] When IPsec offloading was introduced, we accidentally incremented the sequence number counter on the xfrm_state by one packet too much in the ESN case. This leads to a sequence number gap of one packet after each GSO packet. Fix this by setting the sequence number to the correct value. Fixes:d7dbefc45c
("xfrm: Add xfrm_replay_overflow functions for offloading") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
parent
30310d4077
commit
5877f41cf8
|
@ -658,7 +658,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
|
||||||
} else {
|
} else {
|
||||||
XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
|
XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
|
||||||
XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
|
XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
|
||||||
xo->seq.low = oseq = oseq + 1;
|
xo->seq.low = oseq + 1;
|
||||||
xo->seq.hi = oseq_hi;
|
xo->seq.hi = oseq_hi;
|
||||||
oseq += skb_shinfo(skb)->gso_segs;
|
oseq += skb_shinfo(skb)->gso_segs;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue