Don't include acquiring packet traffic selectors in IKEv1
authorMartin Willi <martin@revosec.ch>
Thu, 26 Jul 2012 13:45:49 +0000 (15:45 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 26 Jul 2012 13:45:49 +0000 (15:45 +0200)
As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.

Fixes #207.

src/libcharon/sa/trap_manager.c

index e03e306..b3d9e15 100644 (file)
@@ -290,6 +290,11 @@ METHOD(trap_manager_t, acquire, void,
                {
                        ike_sa->set_peer_cfg(ike_sa, peer);
                }
+               if (ike_sa->get_version(ike_sa) == IKEV1)
+               {       /* in IKEv1, don't prepend the acquiring packet TS, as we only
+                        * have a single TS that we can establish in a Quick Mode. */
+                       src = dst = NULL;
+               }
                if (ike_sa->initiate(ike_sa, child, reqid, src, dst) != DESTROY_ME)
                {
                        /* make sure the entry is still there */