else
{
host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg),
- 0, IKEV2_UDP_PORT);
+ 0, this->ike_cfg->get_other_port(this->ike_cfg));
}
if (host)
{
family = this->other_host->get_family(this->other_host);
}
host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg),
- family, IKEV2_UDP_PORT);
+ family, this->ike_cfg->get_my_port(this->ike_cfg));
if (host && host->is_anyaddr(host) &&
!this->other_host->is_anyaddr(this->other_host))
charon->kernel_interface, this->other_host, NULL);
if (host)
{
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg));
}
else
{ /* fallback to address family specific %any(6), if configured */
host = host_create_from_dns(
- this->ike_cfg->get_my_addr(this->ike_cfg),
- 0, IKEV2_UDP_PORT);
+ this->ike_cfg->get_my_addr(this->ike_cfg),
+ 0, this->ike_cfg->get_my_port(this->ike_cfg));
}
}
}
}
/**
+ * Apply port of old address if it equals new, port otherwise
+ */
+static void apply_port(private_ike_mobike_t *this, host_t *host, host_t *old,
+ u_int16_t port)
+{
+ if (host->ip_equals(host, old))
+ {
+ host->set_port(host, old->get_port(old));
+ }
+ else
+ {
+ if (port == IKEV2_UDP_PORT)
+ {
+ host->set_port(host, IKEV2_NATT_PORT);
+ }
+ else
+ {
+ host->set_port(host, port);
+ }
+ }
+}
+
+/**
* Implementation of ike_mobike_t.transmit
*/
static void transmit(private_ike_mobike_t *this, packet_t *packet)
{
host_t *me, *other, *me_old, *other_old;
iterator_t *iterator;
+ ike_cfg_t *ike_cfg;
packet_t *copy;
if (!this->check)
me_old = this->ike_sa->get_my_host(this->ike_sa);
other_old = this->ike_sa->get_other_host(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
me = charon->kernel_interface->get_source_addr(
charon->kernel_interface, other_old, NULL);
if (me)
{
- me->set_port(me, me->ip_equals(me, me_old) ?
- me_old->get_port(me_old) : IKEV2_NATT_PORT);
+ apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
copy = packet->clone(packet);
copy->set_source(copy, me);
continue;
}
/* reuse port for an active address, 4500 otherwise */
- me->set_port(me, me->ip_equals(me, me_old) ?
- me_old->get_port(me_old) : IKEV2_NATT_PORT);
+ apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
other = other->clone(other);
- other->set_port(other, other->ip_equals(other, other_old) ?
- other_old->get_port(other_old) : IKEV2_NATT_PORT);
+ apply_port(this, other, other_old, ike_cfg->get_other_port(ike_cfg));
DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
copy = packet->clone(packet);
copy->set_source(copy, me);
{
notify_payload_t *notify;
enumerator_t *enumerator;
+ ike_cfg_t *ike_cfg;
host_t *host;
if (this->hasher == NULL)
return NEED_MORE;
}
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
/* destination is always set */
host = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
this->ike_sa->get_other_host(this->ike_sa), NULL);
if (host)
{ /* 2. */
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
message->add_payload(message, (payload_t*)notify);
host->destroy(host);
{
/* apply port 500 to host, but work on a copy */
host = host->clone(host);
- host->set_port(host, IKEV2_UDP_PORT);
+ host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
host->destroy(host);
message->add_payload(message, (payload_t*)notify);
/* try to resolve addresses */
ike_cfg = peer->get_ike_cfg(peer);
other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg),
- 0, IKEV2_UDP_PORT);
+ 0, ike_cfg->get_other_port(ike_cfg));
if (!other)
{
DBG1(DBG_CFG, "installing trap failed, remote address unknown");
return 0;
}
me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg),
- other->get_family(other), IKEV2_UDP_PORT);
+ other->get_family(other), ike_cfg->get_my_port(ike_cfg));
if (!me || me->is_anyaddr(me))
{
DESTROY_IF(me);
other->destroy(other);
return 0;
}
- me->set_port(me, IKEV2_UDP_PORT);
+ me->set_port(me, ike_cfg->get_my_port(ike_cfg));
}
/* create and route CHILD_SA */
projects / strongswan.git / commitdiff