From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 4 May 2017 09:29:50 +0000 (+0200)
Subject: ikev1: Send NAT-D payloads after HASH payloads in Aggressive Mode requests
X-Git-Tag: 5.5.3~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08b19dd02a4911c07a0c636726af05a5c537bc64;p=thirdparty%2Fstrongswan.git

ikev1: Send NAT-D payloads after HASH payloads in Aggressive Mode requests

Some implementations seem to have problems if the third AM message
contains NAT-D payloads before the HASH payload.

Fixes #2314.
---

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 50dab9e384..6d850aac05 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -554,10 +554,10 @@ static payload_order_t aggressive_i_order[] = {
 	{PLV1_CERTREQ,					0},
 	{PLV1_NOTIFY,					0},
 	{PLV1_VENDOR_ID,				0},
+	{PLV1_HASH,						0},
 	{PLV1_NAT_D,					0},
 	{PLV1_NAT_D_DRAFT_00_03,		0},
 	{PLV1_SIGNATURE,				0},
-	{PLV1_HASH,						0},
 	{PLV1_FRAGMENT,					0},
 };