sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-09 00:00:53 -04:00
Code Issues Projects Releases Wiki Activity

kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windows

Browse Source 
Trying to disable replay windows using the ESN attribute fails with EINVAL.
Use non-ESN legacy format to disable replay windows, even if ESN has been
negotiated over IKE.
This commit is contained in:
Martin Willi 2014-06-18 14:57:21 +02:00
parent d345f0b75d
commit 8b9b11919d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
View File

@ -1460,7 +1460,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if (protocol != IPPROTO_COMP) if (protocol != IPPROTO_COMP)
{ {
if (esn || replay_window > 32) if (replay_window != 0 && (esn || replay_window > 32))
{ {
/* for ESN or larger replay windows we need the new /* for ESN or larger replay windows we need the new
* XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */ * XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */