diff options
| author |   Leon Romanovsky <leonro@nvidia.com> | 2025-05-13 13:56:22 +0300 |
|---|---|---|
| committer |   Steffen Klassert <steffen.klassert@secunet.com> | 2025-05-15 09:56:19 +0200 |
| commit | e86212b6b13a20c5ad404c5597933f57fd0f1519 (patch) | |
| tree | 2d032fcea7de17507663de3e274027ebcb832d44 /scripts/gdb/linux/utils.py | |
| parent | Merge branch 'Update offload configuration with SA' (diff) | |
| download | wireguard-linux-e86212b6b13a20c5ad404c5597933f57fd0f1519.tar.xz wireguard-linux-e86212b6b13a20c5ad404c5597933f57fd0f1519.zip | |
xfrm: validate assignment of maximal possible SEQ number
Users can set any seq/seq_hi/oseq/oseq_hi values. The XFRM core code
doesn't prevent from them to set even 0xFFFFFFFF, however this value
will cause for traffic drop.
Is is happening because SEQ numbers here mean that packet with such
number was processed and next number should be sent on the wire. In this
case, the next number will be 0, and it means overflow which causes to
(expected) packet drops.
While it can be considered as misconfiguration and handled by XFRM
datapath in the same manner as any other SEQ number, let's add
validation to easy for packet offloads implementations which need to
configure HW with next SEQ to send and not with current SEQ like it is
done in core code.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'scripts/gdb/linux/utils.py')
0 files changed, 0 insertions, 0 deletions