Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
ipsec: fix esp trace seq number overflow
[vpp.git] / src / vnet / ipsec / ipsec_tun_in.c
diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index 04f7a92..d88cc08 100644 (file)
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -376,7 +376,9 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
              else
                clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
              tr->is_ip6 = is_ip6;
-             tr->seq = clib_host_to_net_u32 (esp0->seq);
+             tr->seq =
+               len0 >=
+               sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
            }
        }
 
Vector Packet Processing