ikev2: Only add NAT-D notifies to DPDs as initiator

If a responder is natted it will usually be a static NAT (unless it's a mediated connection) in which case adding these notifies makes not much sense (if the initiator's NAT mapping had changed the responder wouldn't be able to reach it anyway). It's also problematic as some clients refuse to respond to DPDs if they contain such notifies. Fixes #2126.
2016-09-30 10:24:54 +02:00 · 2016-09-30 10:24:54 +02:00 · 33241871a8
parent 9a7049635e
commit 33241871a8
1 changed files with 15 additions and 8 deletions
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@ -1827,15 +1827,22 @@ METHOD(task_manager_t, queue_dpd, void,
 	if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
 		this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
 	{
-		/* use mobike enabled DPD to detect NAT mapping changes */
-		mobike = ike_mobike_create(this->ike_sa, TRUE);
-		mobike->dpd(mobike);
-		queue_task(this, &mobike->task);
-	}
-	else
-	{
-		queue_task(this, (task_t*)ike_dpd_create(TRUE));
+#ifdef ME
+		peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+		if (cfg->get_peer_id(cfg) ||
+			this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#else
+		if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#endif
+		{
+			/* use mobike enabled DPD to detect NAT mapping changes */
+			mobike = ike_mobike_create(this->ike_sa, TRUE);
+			mobike->dpd(mobike);
+			queue_task(this, &mobike->task);
+			return;
+		}
 	}
+	queue_task(this, (task_t*)ike_dpd_create(TRUE));
 }

 METHOD(task_manager_t, adopt_tasks, void,