kernel-pfkey: Support connection specific replay window sizes up to 32 packets

author Martin Willi <martin@revosec.ch>

Mon, 16 Jun 2014 15:33:45 +0000 (17:33 +0200)

committer Martin Willi <martin@revosec.ch>

Tue, 17 Jun 2014 14:41:30 +0000 (16:41 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 16 Jun 2014 15:33:45 +0000 (17:33 +0200)
committer Martin Willi <martin@revosec.ch>
Tue, 17 Jun 2014 14:41:30 +0000 (16:41 +0200)
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 40e1823..9bddb13 100644 (file)
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1677,7 +1677,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
         }
         else
         {
-               sa->sadb_sa_replay = 32;
+               sa->sadb_sa_replay = min(replay_window, 32);
                 sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
                 sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
         }
author	Martin Willi <martin@revosec.ch>
	Mon, 16 Jun 2014 15:33:45 +0000 (17:33 +0200)
committer	Martin Willi <martin@revosec.ch>
	Tue, 17 Jun 2014 14:41:30 +0000 (16:41 +0200)