[PATCH] Save latest ESP sequence number even if replay protection isn't in use
David Woodhouse
dwmw2 at infradead.org
Tue Feb 27 01:08:42 PST 2018
On Mon, 2018-01-08 at 08:51 -0800, Daniel Lenski wrote:
> Perhaps the correct solution here is to turn replay protection on as a
> warning but not a fatal error, as you suggest.
I've done that, which keeps things relatively simple and also means
that we base 'old_esp_maxseq' on the received packet with the highest
seqno, not just the most recently received packet.
I added a changelog entry while I was at it :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180227/d73a55e2/attachment.bin>
More information about the openconnect-devel
mailing list