kernel-pfkey: Support connection specific replay window sizes up to 32 packets

author: Martin Willi <martin@revosec.ch> 2014-06-16 17:33:45 +0200
committer: Martin Willi <martin@revosec.ch> 2014-06-17 16:41:30 +0200
commit: 823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7 (patch)
tree: c21a5d33d295502e28739317aaaac8a4600226bb /src/libhydra/plugins/kernel_pfkey
parent: 44098fbaca53048623f753a04a2f863f1fe26d76 (diff)
download: strongswan-823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7.tar.bz2
strongswan-823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 40e182390..9bddb13a1 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1677,7 +1677,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	}
 	else
 	{
-		sa->sadb_sa_replay = 32;
+		sa->sadb_sa_replay = min(replay_window, 32);
 		sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
 		sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
 	}
author	Martin Willi <martin@revosec.ch>	2014-06-16 17:33:45 +0200
committer	Martin Willi <martin@revosec.ch>	2014-06-17 16:41:30 +0200
commit	823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7 (patch)
tree	c21a5d33d295502e28739317aaaac8a4600226bb /src/libhydra/plugins/kernel_pfkey
parent	44098fbaca53048623f753a04a2f863f1fe26d76 (diff)
download	strongswan-823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7.tar.bz2 strongswan-823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7.tar.xz