ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

kernel-netlink: Don't set replay window for outbound SAs 

It's not necessary and might waste memory.  However, if ESN is used we set
the window to 1 as the kernel rejects the attribute otherwise.
This commit is contained in:
Tobias Brunner 2016-06-17 14:56:37 +02:00
parent 21aa924233
commit 4082821964
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
View File

@ -1587,6 +1587,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if (id->proto != IPPROTO_COMP)
{
/* generally, we don't need a replay window for outbound SAs, however,
* when using ESN the kernel rejects the attribute if it is 0 */
if (!data->inbound && data->replay_window)
{
data->replay_window = data->esn ? 1 : 0;
}
if (data->replay_window != 0 && (data->esn || data->replay_window > 32))
{
/* for ESN or larger replay windows we need the new