2 files changed, 20 insertions, 1 deletions

diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c
index 75635d2e3..b62185f8c 100644
--- a/src/libcharon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -121,6 +122,7 @@ METHOD(sender_t, send_, void,
 static job_requeue_t send_packets(private_sender_t * this)
 {
 	packet_t *packet;
+	host_t *src, *dst;
 	bool oldstate;
 
 	this->mutex->lock(this->mutex);
@@ -139,6 +141,23 @@ static job_requeue_t send_packets(private_sender_t * this)
 	this->sent->signal(this->sent);
 	this->mutex->unlock(this->mutex);
 
+	/* if neither source nor destination port is 500 we add a Non-ESP marker */
+	dst = packet->get_destination(packet);
+	src = packet->get_source(packet);
+	if (dst->get_port(dst) != IKEV2_UDP_PORT &&
+		src->get_port(src) != IKEV2_UDP_PORT)
+	{
+		chunk_t marker = chunk_from_chars(0x00, 0x00, 0x00, 0x00), data;
+
+		data = packet->get_data(packet);
+		/* NAT keepalives have no marker prepended */
+		if (data.len != 1 || data.ptr[0] != 0xFF)
+		{
+			data = chunk_cat("cm", marker, data);
+			packet->set_data(packet, data);
+		}
+	}
+
 	charon->socket->send(charon->socket, packet);
 	packet->destroy(packet);
 	return JOB_REQUEUE_DIRECT;
diff --git a/src/libcharon/network/sender.h b/src/libcharon/network/sender.h
index 6ee070435..d8ff8c892 100644
--- a/src/libcharon/network/sender.h
+++ b/src/libcharon/network/sender.h
@@ -28,7 +28,7 @@ typedef struct sender_t sender_t;
 #include <network/packet.h>
 
 /**
- * Thread responsible for sending packets over the socket.
+ * Callback job responsible for sending IKE packets over the socket.
  */
 struct sender_t {