_("Discarding ancient ESP packet with seq %u (expected %" PRIu64 ")\n"),
seq, esp->seq);
return -EINVAL;
+ } else if (seq == esp->seq - 1) {
+ /* This is a repeat of the latest packet we already received. */
+ replayed:
+ vpn_progress(vpninfo, PRG_DEBUG,
+ _("Discarding replayed ESP packet with seq %u\n"),
+ seq);
+ return -EINVAL;
} else if (seq < esp->seq) {
/* Within the backlog window, so we remember whether we've seen it or not. */
uint64_t mask = 1ULL << (esp->seq - seq - 2);
- if (!(esp->seq_backlog & mask)) {
- vpn_progress(vpninfo, PRG_DEBUG,
- _("Discarding replayed ESP packet with seq %u\n"),
- seq);
- return -EINVAL;
- }
+ if (!(esp->seq_backlog & mask))
+ goto replayed;
esp->seq_backlog &= ~mask;
vpn_progress(vpninfo, PRG_TRACE,
!verify_packet_seqno(NULL, &esptest, 0) ||
verify_packet_seqno(NULL, &esptest, 64) ||
verify_packet_seqno(NULL, &esptest, 65) ||
+ !verify_packet_seqno(NULL, &esptest, 65) ||
verify_packet_seqno(NULL, &esptest, 66) ||
verify_packet_seqno(NULL, &esptest, 67) ||
verify_packet_seqno(NULL, &esptest, 68) ||
+ !verify_packet_seqno(NULL, &esptest, 68) ||
!verify_packet_seqno(NULL, &esptest, 2) ||
!verify_packet_seqno(NULL, &esptest, 3) ||
verify_packet_seqno(NULL, &esptest, 4) ||
projects / users / dwmw2 / openconnect.git / commitdiff