Linux counter_validate() RFC6479 replay detection modifies bitmap before authentication?

Leon Woestenberg leon at
Thu Apr 20 19:58:46 UTC 2023

Hello all,

I am trying to understand a few details in WireGuard protocol, looking
at the Linux kernel WireGuard implementation if I am unsure about the
description from the paper. One question I have:

Does counter_validate() in the receive path update the bitmap from the
Type 4 counter (their_counter) before the received Type 4 packet was



More information about the WireGuard mailing list