aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/tasks/quick_mode.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/tasks/quick_mode.c')
-rw-r--r--src/libcharon/sa/tasks/quick_mode.c25
1 files changed, 9 insertions, 16 deletions
diff --git a/src/libcharon/sa/tasks/quick_mode.c b/src/libcharon/sa/tasks/quick_mode.c
index 10e0c224c..cfbfb1386 100644
--- a/src/libcharon/sa/tasks/quick_mode.c
+++ b/src/libcharon/sa/tasks/quick_mode.c
@@ -487,12 +487,12 @@ METHOD(task_t, build_i, status_t,
linked_list_t *list;
proposal_t *proposal;
ipsec_mode_t mode;
- bool udp = FALSE;
+ bool udp = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY);
this->child_sa = child_sa_create(
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa),
- this->config, 0, FALSE);
+ this->config, 0, udp);
list = this->config->get_proposals(this->config, TRUE);
@@ -510,14 +510,10 @@ METHOD(task_t, build_i, status_t,
enumerator->destroy(enumerator);
mode = this->config->get_mode(this->config);
- if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY))
+ if (udp && mode == MODE_TRANSPORT)
{
- udp = TRUE;
/* TODO-IKEv1: disable NAT-T for TRANSPORT mode by default? */
- if (mode == MODE_TRANSPORT)
- {
- add_nat_oa_payloads(this, message);
- }
+ add_nat_oa_payloads(this, message);
}
get_lifetimes(this);
@@ -575,6 +571,7 @@ METHOD(task_t, process_r, status_t,
linked_list_t *tsi, *tsr, *list;
peer_cfg_t *peer_cfg;
host_t *me, *other;
+ bool udp = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY);
if (!get_ts(this, message))
{
@@ -636,7 +633,7 @@ METHOD(task_t, process_r, status_t,
this->child_sa = child_sa_create(
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa),
- this->config, 0, FALSE);
+ this->config, 0, udp);
return NEED_MORE;
}
case QM_NEGOTIATED:
@@ -674,7 +671,7 @@ METHOD(task_t, build_r, status_t,
{
sa_payload_t *sa_payload;
ipsec_mode_t mode;
- bool udp = FALSE;
+ bool udp = this->child_sa->has_encap(this->child_sa);
this->spi_r = this->child_sa->alloc_spi(this->child_sa, PROTO_ESP);
if (!this->spi_r)
@@ -685,14 +682,10 @@ METHOD(task_t, build_r, status_t,
this->proposal->set_spi(this->proposal, this->spi_r);
mode = this->config->get_mode(this->config);
- if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY))
+ if (udp && mode == MODE_TRANSPORT)
{
- udp = TRUE;
/* TODO-IKEv1: disable NAT-T for TRANSPORT mode by default? */
- if (mode == MODE_TRANSPORT)
- {
- add_nat_oa_payloads(this, message);
- }
+ add_nat_oa_payloads(this, message);
}
sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 14:55:18 +0000