diff options
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks/isakmp_natd.c')
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index 5a779ff62..fc6ac0771 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -97,6 +97,20 @@ struct private_isakmp_natd_t { }; /** + * Check if UDP encapsulation has to be forced either by config or required + * by the kernel interface + */ +static bool force_encap(ike_cfg_t *ike_cfg) +{ + if (!ike_cfg->force_encap(ike_cfg)) + { + return hydra->kernel_interface->get_features(hydra->kernel_interface) & + KERNEL_REQUIRE_UDP_ENCAPSULATION; + } + return TRUE; +} + +/** * Get NAT-D payload type (RFC 3947 or RFC 3947 drafts). */ static payload_type_t get_nat_d_payload_type(ike_sa_t *ike_sa) @@ -183,7 +197,7 @@ static hash_payload_t *build_natd_payload(private_isakmp_natd_t *this, bool src, chunk_t hash; config = this->ike_sa->get_ike_cfg(this->ike_sa); - if (src && config->force_encap(config)) + if (src && force_encap(config)) { hash = generate_natd_hash_faked(this); } @@ -297,7 +311,7 @@ static void process_payloads(private_isakmp_natd_t *this, message_t *message) !this->src_matched); config = this->ike_sa->get_ike_cfg(this->ike_sa); if (this->dst_matched && this->src_matched && - config->force_encap(config)) + force_encap(config)) { this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE); } |