From 823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 16 Jun 2014 17:33:45 +0200 Subject: kernel-pfkey: Support connection specific replay window sizes up to 32 packets --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 40e182390..9bddb13a1 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1677,7 +1677,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } else { - sa->sadb_sa_replay = 32; + sa->sadb_sa_replay = min(replay_window, 32); sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); } -- cgit v1.2.3