kernel-pfkey: Support connection specific replay window sizes up to 32 packets
authorMartin Willi <martin@revosec.ch>
Mon, 16 Jun 2014 15:33:45 +0000 (17:33 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 17 Jun 2014 14:41:30 +0000 (16:41 +0200)
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 40e1823..9bddb13 100644 (file)
@@ -1677,7 +1677,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        }
        else
        {
-               sa->sadb_sa_replay = 32;
+               sa->sadb_sa_replay = min(replay_window, 32);
                sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
                sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
        }