diff options
| author | Martin Willi <martin@revosec.ch> | 2012-01-09 18:12:17 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:34 +0100 |
| commit | c40963b457f27464bc88390c7e6419d461264b47 (patch) | |
| tree | 0205757947b8dc0fd7c3a6393cf858d5a2a8bf53 /src | |
| parent | e129168ba6299c8d2384381f4c06b99ded548030 (diff) | |
| download | strongswan-c40963b457f27464bc88390c7e6419d461264b47.tar.bz2 strongswan-c40963b457f27464bc88390c7e6419d461264b47.tar.xz | |
Enforce encapsulation mode of configuration, in case initiator proposes both
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index fb7e1a0ff..dedeab189 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -765,7 +765,6 @@ METHOD(task_t, process_r, status_t, get_lifetimes(this); apply_lifetimes(this, sa_payload); - this->mode = sa_payload->get_encap_mode(sa_payload, &udp); if (!this->proposal) { @@ -799,6 +798,7 @@ METHOD(task_t, process_r, status_t, check_for_rekeyed_child(this); + udp = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY); this->child_sa = child_sa_create( this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), @@ -846,6 +846,7 @@ METHOD(task_t, build_r, status_t, this->proposal->set_spi(this->proposal, this->spi_r); udp = this->child_sa->has_encap(this->child_sa); + this->mode = this->config->get_mode(this->config); if (udp && this->mode == MODE_TRANSPORT) { /* TODO-IKEv1: disable NAT-T for TRANSPORT mode by default? */ |