fix missed validity check

Cargo.lock

@@ -622,7 +622,7 @@ dependencies = [
 
 [[package]]
 name = "dnapi-rs"
-version = "0.1.5"
+version = "0.1.6"
 dependencies = [
  "base64 0.21.0",
  "base64-serde",

dnapi-rs/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dnapi-rs"
-version = "0.1.5"
+version = "0.1.6"
 edition = "2021"
 description = "A rust client for the Defined Networking API"
 license = "AGPL-3.0-or-later"

dnapi-rs/src/client_blocking.rs

@@ -159,6 +159,11 @@ impl Client {
             return Err("nonce mismatch between request and response".into())
         }
 
+        if result.counter <= creds.counter {
+            error!("counter in request {} should be less than counter in response {}", creds.counter, result.counter);
+            return Err("received older config than what we already had".into())
+        }
+
         let trusted_keys = ed25519_public_keys_from_pem(&result.trusted_keys)?;
 
         let new_creds = Credentials {

tfclient/Cargo.toml

@@ -24,7 +24,7 @@ base64 = "0.21.0"
 chrono = "0.4.24"
 ipnet = "2.7.1"
 base64-serde = "0.7.0"
-dnapi-rs = { version = "0.1.5", path = "../dnapi-rs" }
+dnapi-rs = { version = "0.1.6", path = "../dnapi-rs" }
 
 [build-dependencies]
 serde = { version = "1.0.157", features = ["derive"] }