aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-09-30 10:24:54 +0200
committerTobias Brunner <tobias@strongswan.org>2016-10-04 12:16:05 +0200
commit33241871a82a0c374128373e47380be60f0431fa (patch)
tree4607abffd95a42dca1759c4201ffdfebd11ea8c4 /src/libcharon
parent9a7049635ecc35ddce73e3ad0ede16b0ea2f271e (diff)
downloadstrongswan-33241871a82a0c374128373e47380be60f0431fa.tar.bz2
strongswan-33241871a82a0c374128373e47380be60f0431fa.tar.xz
ikev2: Only add NAT-D notifies to DPDs as initiator
If a responder is natted it will usually be a static NAT (unless it's a mediated connection) in which case adding these notifies makes not much sense (if the initiator's NAT mapping had changed the responder wouldn't be able to reach it anyway). It's also problematic as some clients refuse to respond to DPDs if they contain such notifies. Fixes #2126.
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 41a4e1b75..ab0a2a231 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1827,15 +1827,22 @@ METHOD(task_manager_t, queue_dpd, void,
if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
{
- /* use mobike enabled DPD to detect NAT mapping changes */
- mobike = ike_mobike_create(this->ike_sa, TRUE);
- mobike->dpd(mobike);
- queue_task(this, &mobike->task);
- }
- else
- {
- queue_task(this, (task_t*)ike_dpd_create(TRUE));
+#ifdef ME
+ peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (cfg->get_peer_id(cfg) ||
+ this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#else
+ if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#endif
+ {
+ /* use mobike enabled DPD to detect NAT mapping changes */
+ mobike = ike_mobike_create(this->ike_sa, TRUE);
+ mobike->dpd(mobike);
+ queue_task(this, &mobike->task);
+ return;
+ }
}
+ queue_task(this, (task_t*)ike_dpd_create(TRUE));
}
METHOD(task_manager_t, adopt_tasks, void,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 02:24:09 +0000