summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks/isakmp_natd.c')
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_natd.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
index 5a779ff62..fc6ac0771 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
@@ -97,6 +97,20 @@ struct private_isakmp_natd_t {
};
/**
+ * Check if UDP encapsulation has to be forced either by config or required
+ * by the kernel interface
+ */
+static bool force_encap(ike_cfg_t *ike_cfg)
+{
+ if (!ike_cfg->force_encap(ike_cfg))
+ {
+ return hydra->kernel_interface->get_features(hydra->kernel_interface) &
+ KERNEL_REQUIRE_UDP_ENCAPSULATION;
+ }
+ return TRUE;
+}
+
+/**
* Get NAT-D payload type (RFC 3947 or RFC 3947 drafts).
*/
static payload_type_t get_nat_d_payload_type(ike_sa_t *ike_sa)
@@ -183,7 +197,7 @@ static hash_payload_t *build_natd_payload(private_isakmp_natd_t *this, bool src,
chunk_t hash;
config = this->ike_sa->get_ike_cfg(this->ike_sa);
- if (src && config->force_encap(config))
+ if (src && force_encap(config))
{
hash = generate_natd_hash_faked(this);
}
@@ -297,7 +311,7 @@ static void process_payloads(private_isakmp_natd_t *this, message_t *message)
!this->src_matched);
config = this->ike_sa->get_ike_cfg(this->ike_sa);
if (this->dst_matched && this->src_matched &&
- config->force_encap(config))
+ force_encap(config))
{
this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 09:36:49 +0000