Diffusion FreeBSD src repository f7ee28e75582

if_ovpn: notify userspace when we've used half of the sequence numbers
f7ee28e75582
Actions

Description

if_ovpn: notify userspace when we've used half of the sequence numbers

OpenVPN uses the sequence number (as well as a userspace supplied nonce)
to build the IV. This means we should avoid re-using sequence numbers.
However, userspace doesn't know how many packets we've sent (and thus
what sequence number we're up to).

Notify userspace when we've used half of the available sequence numbers
to tell it that it's time for a key renegotiaton.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39570

Details

Provenance

kp	Authored on May 8 2023, 2:41 PM

Differential Revision

D39570: if_ovpn: notify userspace when we've used half of the sequence numbers

Parents

rG9f60b8ce6085: arm64/disassem.c: Add detection of xzr and sp

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGf7ee28e75582: if_ovpn: notify userspace when we've used half of the sequence numbers (authored by kp).May 8 2023, 2:43 PM

kp added an edge: D39570: if_ovpn: notify userspace when we've used half of the sequence numbers.May 8 2023, 4:14 PM

Changes (2)

Path

Size

sys/

net/

if_ovpn.c

if_ovpn.h

rGf7ee28e75582

View Options

sys/net/if_ovpn.c