aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index eca0bc132..710107889 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1740,7 +1740,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
#ifdef __linux__
sa->sadb_sa_replay = min(data->replay_window, 32);
#else
- sa->sadb_sa_replay = (data->replay_window + 7) / 8;
+ sa->sadb_sa_replay = min((data->replay_window + 7) / 8, UINT8_MAX);
#endif
}
sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg);
@@ -1749,6 +1749,19 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
PFKEY_EXT_ADD(msg, sa);
+#ifdef SADB_X_EXT_SA_REPLAY
+ if (data->inbound)
+ {
+ struct sadb_x_sa_replay *replay;
+
+ replay = (struct sadb_x_sa_replay*)PFKEY_EXT_ADD_NEXT(msg);
+ replay->sadb_x_replay_exttype = SADB_X_EXT_SA_REPLAY;
+ replay->sadb_x_replay_len = PFKEY_LEN(sizeof(struct sadb_x_sa_replay));
+ replay->sadb_x_replay_replay = min(data->replay_window, UINT32_MAX-32);
+ PFKEY_EXT_ADD(msg, replay);
+ }
+#endif
+
sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange));
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 14:42:58 +0000