-/* $OpenBSD: iked.h,v 1.202 2021/12/09 13:36:59 tobhe Exp $ */
+/* $OpenBSD: iked.h,v 1.203 2021/12/09 13:49:45 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
ssize_t ikev2_nat_detection(struct iked *, struct iked_message *,
void *, size_t, unsigned int, int);
void ikev2_enable_natt(struct iked *, struct iked_sa *,
- struct iked_message *);
+ struct iked_message *, int);
int ikev2_send_informational(struct iked *, struct iked_message *);
int ikev2_send_ike_e(struct iked *, struct iked_sa *, struct ibuf *,
uint8_t, uint8_t, int);
-/* $OpenBSD: ikev2.c,v 1.343 2021/12/09 13:36:59 tobhe Exp $ */
+/* $OpenBSD: ikev2.c,v 1.344 2021/12/09 13:49:45 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
return;
if (msg->msg_nat_detected && sa->sa_natt == 0)
- ikev2_enable_natt(env, sa, msg);
+ ikev2_enable_natt(env, sa, msg, 1);
switch (hdr->ike_exchange) {
case IKEV2_EXCHANGE_IKE_SA_INIT:
void
ikev2_enable_natt(struct iked *env, struct iked_sa *sa,
- struct iked_message *msg)
+ struct iked_message *msg, int udpencap)
{
struct iked_socket *sock;
in_port_t port;
msg->msg_fd = sa->sa_fd = sock->sock_fd;
msg->msg_sock = sock;
sa->sa_natt = 1;
- sa->sa_udpencap = 1;
+ if (udpencap)
+ sa->sa_udpencap = 1;
log_debug("%s: detected NAT, enabling UDP encapsulation,"
" updated SA to peer %s local %s", __func__,
log_debug("%s: mobike enabled", __func__);
sa->sa_mobike = 1;
/* enforce natt */
- sa->sa_natt = 1;
+ if (sa->sa_natt == 0 && sa->sa_udpencap == 0)
+ ikev2_enable_natt(env, sa, msg, 0);
}
if ((msg->msg_flags & IKED_MSG_FLAGS_NO_ADDITIONAL_SAS)
projects / openbsd / commitdiff