Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
[strongswan.git] / src / libcharon / sa / ikev2 / tasks / ike_mobike.c
index 3777140..388b45c 100644 (file)
@@ -138,7 +138,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                                        this->ike_sa->clear_peer_addresses(this->ike_sa);
                                        first = FALSE;
                                        /* add the peer's current address to the list */
-                                       host = this->ike_sa->get_other_host(this->ike_sa);
+                                       host = message->get_source(message);
                                        this->ike_sa->add_peer_address(this->ike_sa,
                                                                                                   host->clone(host));
                                }
@@ -158,7 +158,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                        {
                                this->ike_sa->clear_peer_addresses(this->ike_sa);
                                /* add the peer's current address to the list */
-                               host = this->ike_sa->get_other_host(this->ike_sa);
+                               host = message->get_source(message);
                                this->ike_sa->add_peer_address(this->ike_sa, host->clone(host));
                                this->addresses_updated = TRUE;
                                break;
@@ -227,18 +227,20 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message)
 /**
  * build a cookie and add it to the message
  */
-static void build_cookie(private_ike_mobike_t *this, message_t *message)
+static bool build_cookie(private_ike_mobike_t *this, message_t *message)
 {
        rng_t *rng;
 
        chunk_free(&this->cookie2);
        rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-       if (rng)
+       if (!rng || !rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2))
        {
-               rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2);
-               rng->destroy(rng);
-               message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+               DESTROY_IF(rng);
+               return FALSE;
        }
+       message->add_notify(message, FALSE, COOKIE2, this->cookie2);
+       rng->destroy(rng);
+       return TRUE;
 }
 
 /**
@@ -269,15 +271,15 @@ static void update_children(private_ike_mobike_t *this)
 /**
  * Apply the port of the old host, if its ip equals the new, use port otherwise.
  */
-static void apply_port(host_t *host, host_t *old, u_int16_t port)
+static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
 {
        if (host->ip_equals(host, old))
        {
                port = old->get_port(old);
        }
-       else if (port == IKEV2_UDP_PORT)
+       else if (port == (local ? CHARON_UDP_PORT : IKEV2_UDP_PORT))
        {
-               port = IKEV2_NATT_PORT;
+               port = (local ? CHARON_NATT_PORT : IKEV2_NATT_PORT);
        }
        host->set_port(host, port);
 }
@@ -312,9 +314,9 @@ METHOD(ike_mobike_t, transmit, void,
                                continue;
                        }
                        /* reuse port for an active address, 4500 otherwise */
-                       apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg));
+                       apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE);
                        other = other->clone(other);
-                       apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg));
+                       apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg), FALSE);
                        DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
                        copy = packet->clone(packet);
                        copy->set_source(copy, me);
@@ -358,7 +360,10 @@ METHOD(task_t, build_i, status_t,
                {
                        message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES,
                                                                chunk_empty);
-                       build_cookie(this, message);
+                       if (!build_cookie(this, message))
+                       {
+                               return FAILED;
+                       }
                        update_children(this);
                }
                if (this->address && !this->check)