From: Martin Willi <martin@revosec.ch>
Date: Thu, 20 Jun 2013 14:14:52 +0000 (+0200)
Subject: trap-manager: Install trap with SA protocol of the first configured proposal
X-Git-Tag: 5.1.1rc1~48^2~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d569e07fdcae5a084be86c8592dee2076a3ffba;p=thirdparty%2Fstrongswan.git

trap-manager: Install trap with SA protocol of the first configured proposal
---

diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 0d5c10d592..5a4c06c2de 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -102,6 +102,9 @@ METHOD(trap_manager_t, install, u_int32_t,
 	linked_list_t *my_ts, *other_ts, *list;
 	enumerator_t *enumerator;
 	status_t status;
+	linked_list_t *proposals;
+	proposal_t *proposal;
+	protocol_id_t proto = PROTO_ESP;
 
 	/* try to resolve addresses */
 	ike_cfg = peer->get_ike_cfg(peer);
@@ -160,10 +163,15 @@ METHOD(trap_manager_t, install, u_int32_t,
 	other_ts = child->get_traffic_selectors(child, FALSE, NULL, list);
 	list->destroy_offset(list, offsetof(host_t, destroy));
 
-	/* while we don't know the finally negotiated protocol (ESP|AH), we
-	 * could iterate all proposals for a best guess (TODO). But as we
-	 * support ESP only for now, we set it here. */
-	child_sa->set_protocol(child_sa, PROTO_ESP);
+	/* We don't know the finally negotiated protocol (ESP|AH), we install
+	 * the SA with the protocol of the first proposal */
+	proposals = child->get_proposals(child, TRUE);
+	if (proposals->get_first(proposals, (void**)&proposal) == SUCCESS)
+	{
+		proto = proposal->get_protocol(proposal);
+	}
+	proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
+	child_sa->set_protocol(child_sa, proto);
 	child_sa->set_mode(child_sa, child->get_mode(child));
 	status = child_sa->add_policies(child_sa, my_ts, other_ts);
 	my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));