From e8229ad558efcb7b07c6ef0f77269120d49500f9 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 5 Aug 2013 15:41:45 +0200
Subject: iv_gen: Provide external sequence number (IKE, ESP)

This prevents duplicate sequential IVs in case of a HA failover.
---
 src/libipsec/esp_packet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/libipsec/esp_packet.c')

diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index 1b8625ca7..db5ef3685 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -319,7 +319,7 @@ METHOD(esp_packet_t, encrypt, status_t,
 	writer->write_uint32(writer, next_seqno);
 
 	iv = writer->skip(writer, iv.len);
-	if (!iv_gen->get_iv(iv_gen, iv.len, iv.ptr))
+	if (!iv_gen->get_iv(iv_gen, next_seqno, iv.len, iv.ptr))
 	{
 		DBG1(DBG_ESP, "ESP encryption failed: could not generate IV");
 		writer->destroy(writer);
-- 
cgit v1.2.3