From: Martin Willi <martin@revosec.ch>
Date: Mon, 16 Jun 2014 15:33:45 +0000 (+0200)
Subject: kernel-pfkey: Support connection specific replay window sizes up to 32 packets
X-Git-Tag: 5.2.0rc1~49^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=823ce4a37fa6ddf9083bb3942173e8ddd04ed7f7;p=thirdparty%2Fstrongswan.git

kernel-pfkey: Support connection specific replay window sizes up to 32 packets
---

diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 40e1823902..9bddb13a12 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1677,7 +1677,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	}
 	else
 	{
-		sa->sadb_sa_replay = 32;
+		sa->sadb_sa_replay = min(replay_window, 32);
 		sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
 		sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
 	}