Use the vararg list constructor in quick mode task
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / quick_mode.c
index 34cf093..39fbd59 100644 (file)
@@ -258,10 +258,8 @@ static bool install(private_quick_mode_t *this)
 
        status_i = status_o = FAILED;
        encr_i = encr_r = integ_i = integ_r = chunk_empty;
-       tsi = linked_list_create();
-       tsr = linked_list_create();
-       tsi->insert_last(tsi, this->tsi->clone(this->tsi));
-       tsr->insert_last(tsr, this->tsr->clone(this->tsr));
+       tsi = linked_list_create_with_items(this->tsi->clone(this->tsi), NULL);
+       tsr = linked_list_create_with_items(this->tsr->clone(this->tsr), NULL);
        if (this->initiator)
        {
                charon->bus->narrow(charon->bus, this->child_sa,
@@ -566,6 +564,15 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
                tsr = traffic_selector_create_from_subnet(hsr->clone(hsr),
                                                        hsr->get_family(hsr) == AF_INET ? 32 : 128, 0, 0);
        }
+       if (!this->initiator && this->mode == MODE_TRANSPORT && this->udp &&
+          (!tsi->is_host(tsi, hsi) || !tsr->is_host(tsr, hsr)))
+       {       /* change TS in case of a NAT in transport mode */
+               DBG2(DBG_IKE, "changing received traffic selectors %R=== %R due to NAT",
+                        tsi, tsr);
+               tsi->set_address(tsi, hsi);
+               tsr->set_address(tsr, hsr);
+       }
+
        if (this->initiator)
        {
                /* check if peer selection valid */
@@ -773,10 +780,8 @@ METHOD(task_t, build_i, status_t,
                        {
                                this->tsr = select_ts(this, FALSE, NULL);
                        }
-                       tsi = linked_list_create();
-                       tsr = linked_list_create();
-                       tsi->insert_last(tsi, this->tsi);
-                       tsr->insert_last(tsr, this->tsr);
+                       tsi = linked_list_create_with_items(this->tsi, NULL);
+                       tsr = linked_list_create_with_items(this->tsr, NULL);
                        this->tsi = this->tsr = NULL;
                        charon->bus->narrow(charon->bus, this->child_sa,
                                                                NARROW_INITIATOR_PRE_AUTH, tsi, tsr);
@@ -887,15 +892,23 @@ METHOD(task_t, process_r, status_t,
                        u_int16_t group;
                        bool private;
 
+                       sa_payload = (sa_payload_t*)message->get_payload(message,
+                                                                                                       SECURITY_ASSOCIATION_V1);
+                       if (!sa_payload)
+                       {
+                               DBG1(DBG_IKE, "sa payload missing");
+                               return send_notify(this, INVALID_PAYLOAD_TYPE);
+                       }
+
+                       this->mode = sa_payload->get_encap_mode(sa_payload, &this->udp);
+
                        if (!get_ts(this, message))
                        {
                                return FAILED;
                        }
                        peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-                       tsi = linked_list_create();
-                       tsr = linked_list_create();
-                       tsi->insert_last(tsi, this->tsi);
-                       tsr->insert_last(tsr, this->tsr);
+                       tsi = linked_list_create_with_items(this->tsi, NULL);
+                       tsr = linked_list_create_with_items(this->tsr, NULL);
                        this->tsi = this->tsr = NULL;
                        this->config = peer_cfg->select_child_cfg(peer_cfg, tsr, tsi,
                                                                                get_dynamic_host(this->ike_sa, TRUE),
@@ -913,13 +926,6 @@ METHOD(task_t, process_r, status_t,
                                return send_notify(this, INVALID_ID_INFORMATION);
                        }
 
-                       sa_payload = (sa_payload_t*)message->get_payload(message,
-                                                                                                       SECURITY_ASSOCIATION_V1);
-                       if (!sa_payload)
-                       {
-                               DBG1(DBG_IKE, "sa payload missing");
-                               return send_notify(this, INVALID_PAYLOAD_TYPE);
-                       }
                        if (this->config->use_ipcomp(this->config))
                        {
                                if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY))
@@ -950,8 +956,6 @@ METHOD(task_t, process_r, status_t,
                                                                                                                   list, FALSE, private);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
 
-                       this->mode = sa_payload->get_encap_mode(sa_payload, &this->udp);
-
                        get_lifetimes(this);
                        apply_lifetimes(this, sa_payload);
 
@@ -992,10 +996,8 @@ METHOD(task_t, process_r, status_t,
                                                                        this->ike_sa->get_other_host(this->ike_sa),
                                                                        this->config, this->reqid, this->udp);
 
-                       tsi = linked_list_create();
-                       tsr = linked_list_create();
-                       tsi->insert_last(tsi, this->tsi);
-                       tsr->insert_last(tsr, this->tsr);
+                       tsi = linked_list_create_with_items(this->tsi, NULL);
+                       tsr = linked_list_create_with_items(this->tsr, NULL);
                        this->tsi = this->tsr = NULL;
                        charon->bus->narrow(charon->bus, this->child_sa,
                                                                NARROW_RESPONDER, tsr, tsi);