ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ike: Float to port 4500 if either port is 500 

If the responder is behind a NAT that remaps the response from the
statically forwarded port 500 to a new external port (as Azure seems to be
doing) we should still switch to port 4500 if we used port 500 so far as
it would not have been possible to send any messages to it if it wasn't
really port 500 (we only add a non-ESP marker if neither port is 500).
This commit is contained in:
Tobias Brunner 2018-03-29 11:23:15 +02:00
parent ce0a770c74
commit 85bfab621d
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libcharon/sa/ike_sa.c
View File

@ -1053,17 +1053,19 @@ METHOD(ike_sa_t, has_mapping_changed, bool,
METHOD(ike_sa_t, float_ports, void,
private_ike_sa_t *this)
{
/* do not switch if we have a custom port from MOBIKE/NAT */
/* even if the remote port is not 500 (e.g. because the response was natted)
* we switch the remote port if we used port 500 */
if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT ||
this->my_host->get_port(this->my_host) == IKEV2_UDP_PORT)
{
this->other_host->set_port(this->other_host, IKEV2_NATT_PORT);
}
if (this->my_host->get_port(this->my_host) ==
charon->socket->get_port(charon->socket, FALSE))
{
this->my_host->set_port(this->my_host,
charon->socket->get_port(charon->socket, TRUE));
}
if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT)
{
this->other_host->set_port(this->other_host, IKEV2_NATT_PORT);
}
}
METHOD(ike_sa_t, update_hosts, void,