Make the UDP ports charon listens for packets on (and uses as source ports) configurable.

diff --git a/configure.in b/configure.in
index c5fd1d3c68b2a9e5de6989e060fc9f86454b81af..0c288f82e4fe2bceda09900ce6b9ae0d1f1c6505 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -71,6 +71,29 @@ AC_ARG_WITH(
        [AC_SUBST(ipsecgroup, "root")]
 )
 
+AC_ARG_WITH(
+       [charon-udp-port],
+       AS_HELP_STRING([--with-charon-udp-port=port],[UDP port used by charon locally (default 500).]),
+       [AC_DEFINE_UNQUOTED(CHARON_UDP_PORT, [$withval], [UDP port used by charon locally])
+        AC_SUBST(charon_udp_port, [$withval])],
+       [AC_SUBST(charon_udp_port, 500)]
+)
+
+AC_ARG_WITH(
+       [charon-natt-port],
+       AS_HELP_STRING([--with-charon-natt-port=port],[UDP port used by charon locally in case a NAT is detected (must be different from charon-udp-port, default 4500)]),
+       [AC_DEFINE_UNQUOTED(CHARON_NATT_PORT, [$withval], [UDP post used by charon locally in case a NAT is detected])
+        AC_SUBST(charon_natt_port, [$withval])],
+       [AC_SUBST(charon_natt_port, 4500)]
+)
+
+AC_MSG_CHECKING([configured UDP ports ($charon_udp_port, $charon_natt_port)])
+if test x$charon_udp_port == x$charon_natt_port; then
+       AC_MSG_ERROR(the ports have to be different)
+else
+       AC_MSG_RESULT(ok)
+fi
+
 # convert script name to uppercase
 AC_SUBST(ipsec_script_upper, [`echo -n "$ipsec_script" | tr a-z A-Z`])
 

diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 86d293d972670e2c38888c3b57068972b3e841aa..affe281fa2aa46189d6f30cfebf309d781dc0445 100644 (file)
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -497,7 +497,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        /**
         * Set up configurations
         */
-       ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+       ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                        (char*)address, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create(priv->name, IKEV2, ike_cfg,

diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index f42a9f07820dc07c0228c3c156e4c43e230b2039..b67de77b85bfd5de6f0aec0e21576aadefab0d59 100644 (file)
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -178,15 +178,30 @@ typedef struct daemon_t daemon_t;
 #define DEFAULT_THREADS 16
 
 /**
- * UDP Port on which the daemon will listen for incoming traffic.
+ * Primary UDP port used by IKE.
  */
 #define IKEV2_UDP_PORT 500
 
 /**
- * UDP Port to which the daemon will float to if NAT is detected.
+ * UDP port defined for use in case a NAT is detected.
  */
 #define IKEV2_NATT_PORT 4500
 
+/**
+ * UDP port on which the daemon will listen for incoming traffic (also used as
+ * source port for outgoing traffic).
+ */
+#ifndef CHARON_UDP_PORT
+#define CHARON_UDP_PORT IKEV2_UDP_PORT
+#endif
+
+/**
+ * UDP port used by the daemon in case a NAT is detected.
+ */
+#ifndef CHARON_NATT_PORT
+#define CHARON_NATT_PORT IKEV2_NATT_PORT
+#endif
+
 /**
  * Main class of daemon, contains some globals.
  */

diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c
index 6ca7407cadd97ca77bebb07b6cc7445b170a666f..c5553f24f9b6d96a7009c536a51826034f93f338 100644 (file)
--- a/src/libcharon/plugins/android/android_service.c
+++ b/src/libcharon/plugins/android/android_service.c
@@ -264,7 +264,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                this->creds->set_username_password(this->creds, user, password);
        }
 
-       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                         hostname, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 

diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index d1edb3e553c5310d95ca29e24dc37216ac9fdd39..200733cac8045d4e6bc15f4b27e0278f0760e137 100644 (file)
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -203,7 +203,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        lib->credmgr->add_set(lib->credmgr, &this->creds.public);
 
        /* create config and backend */
-       ike_cfg = ike_cfg_create(FALSE, FALSE, local, FALSE, IKEV2_UDP_PORT,
+       ike_cfg = ike_cfg_create(FALSE, FALSE, local, FALSE, CHARON_UDP_PORT,
                                                         remote, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,

diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index d041d4cdcffef4aa5d2af8aa28b876619ef22bd9..2e02fb57cc4a9deb68cc095cb81e0285dcb183cf 100644 (file)
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -257,7 +257,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
        else
        {
                ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                                                this->local, FALSE, IKEV2_UDP_PORT,
+                                                                this->local, FALSE, CHARON_UDP_PORT,
                                                                 this->remote, FALSE, IKEV2_UDP_PORT);
        }
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));

diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
index b5f50f1c6a24ed7b0bb68d2ecb1b46cb3c02c615..9f1f16956b646ccbbed89fd91eb84faa3693e50a 100644 (file)
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ b/src/libcharon/plugins/maemo/maemo_service.c
@@ -323,7 +323,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                                NULL);
        }
 
-       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                         hostname, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 

diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 15d4ffa3faac83730f2e311b2f6be24ee7f04f7a..6b28f751c6d20447099131ee7afa6d587a57f3aa 100644 (file)
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -119,7 +119,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                return NULL;
        }
        ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                                        "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                        "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                         address, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
@@ -396,7 +396,7 @@ medcli_config_t *medcli_config_create(database_t *db)
                .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
                .ike = ike_cfg_create(FALSE, FALSE,
-                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                         "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                          "0.0.0.0", FALSE, IKEV2_UDP_PORT),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));

diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index ef3b0449750c90ad95aeb04b3666e8834a405b0b..b19847b870e3b151c167f19eb25c86b3b9ba64c4 100644 (file)
--- a/src/libcharon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -141,7 +141,7 @@ medsrv_config_t *medsrv_config_create(database_t *db)
                .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
                .ike = ike_cfg_create(FALSE, FALSE,
-                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                         "0.0.0.0", FALSE, CHARON_UDP_PORT,
                                                          "0.0.0.0", FALSE, IKEV2_UDP_PORT),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));

diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index d1c5626b7b9ade74408ce87004a3f1f96cf3b5b4..0df040e8503845eaf474e10108865ef9882bbef4 100644 (file)
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -171,22 +171,22 @@ METHOD(socket_t, receiver, status_t,
 
        if (FD_ISSET(this->ipv4, &rfds))
        {
-               port = IKEV2_UDP_PORT;
+               port = CHARON_UDP_PORT;
                selected = this->ipv4;
        }
        if (FD_ISSET(this->ipv4_natt, &rfds))
        {
-               port = IKEV2_NATT_PORT;
+               port = CHARON_NATT_PORT;
                selected = this->ipv4_natt;
        }
        if (FD_ISSET(this->ipv6, &rfds))
        {
-               port = IKEV2_UDP_PORT;
+               port = CHARON_UDP_PORT;
                selected = this->ipv6;
        }
        if (FD_ISSET(this->ipv6_natt, &rfds))
        {
-               port = IKEV2_NATT_PORT;
+               port = CHARON_NATT_PORT;
                selected = this->ipv6_natt;
        }
        if (selected)
@@ -299,7 +299,7 @@ METHOD(socket_t, receiver, status_t,
                DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
                data_offset = 0;
                /* remove non esp marker */
-               if (dest->get_port(dest) == IKEV2_NATT_PORT)
+               if (dest->get_port(dest) == CHARON_NATT_PORT)
                {
                        data_offset += MARKER_LEN;
                }
@@ -339,7 +339,7 @@ METHOD(socket_t, sender, status_t,
        /* send data */
        sport = src->get_port(src);
        family = dst->get_family(dst);
-       if (sport == IKEV2_UDP_PORT)
+       if (sport == CHARON_UDP_PORT)
        {
                if (family == AF_INET)
                {
@@ -350,7 +350,7 @@ METHOD(socket_t, sender, status_t,
                        skt = this->ipv6;
                }
        }
-       else if (sport == IKEV2_NATT_PORT)
+       else if (sport == CHARON_NATT_PORT)
        {
                if (family == AF_INET)
                {
@@ -537,7 +537,7 @@ static int open_socket(private_socket_default_socket_t *this,
        {
                /* enable UDP decapsulation globally, only for one socket needed */
                int type = UDP_ENCAP_ESPINUDP;
-               if (family == AF_INET && port == IKEV2_NATT_PORT &&
+               if (family == AF_INET && port == CHARON_NATT_PORT &&
                        setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
                {
                        DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
@@ -590,7 +590,7 @@ socket_default_socket_t *socket_default_socket_create()
 
 #ifdef __APPLE__
        {
-               int natt_port = IKEV2_NATT_PORT;
+               int natt_port = CHARON_NATT_PORT;
                if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
                                                 sizeof(natt_port)) != 0)
                {
@@ -600,28 +600,28 @@ socket_default_socket_t *socket_default_socket_create()
        }
 #endif
 
-       this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
+       this->ipv4 = open_socket(this, AF_INET, CHARON_UDP_PORT);
        if (this->ipv4 == 0)
        {
                DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled");
        }
        else
        {
-               this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT);
+               this->ipv4_natt = open_socket(this, AF_INET, CHARON_NATT_PORT);
                if (this->ipv4_natt == 0)
                {
                        DBG1(DBG_NET, "could not open IPv4 NAT-T socket");
                }
        }
 
-       this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT);
+       this->ipv6 = open_socket(this, AF_INET6, CHARON_UDP_PORT);
        if (this->ipv6 == 0)
        {
                DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled");
        }
        else
        {
-               this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT);
+               this->ipv6_natt = open_socket(this, AF_INET6, CHARON_NATT_PORT);
                if (this->ipv6_natt == 0)
                {
                        DBG1(DBG_NET, "could not open IPv6 NAT-T socket");

diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
index 6557fc12f8700217a13315f6388235171e6163b5..539411379de6e6a3fc8d327304a28a80030b086c 100644 (file)
--- a/src/libcharon/plugins/socket_raw/socket_raw_socket.c
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
@@ -204,7 +204,7 @@ METHOD(socket_t, receiver, status_t,
                DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
                data_offset = IP_LEN + UDP_LEN;
                /* remove non esp marker */
-               if (dest->get_port(dest) == IKEV2_NATT_PORT)
+               if (dest->get_port(dest) == CHARON_NATT_PORT)
                {
                        data_offset += MARKER_LEN;
                }
@@ -291,7 +291,7 @@ METHOD(socket_t, receiver, status_t,
                DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
                data_offset = UDP_LEN;
                /* remove non esp marker */
-               if (dest->get_port(dest) == IKEV2_NATT_PORT)
+               if (dest->get_port(dest) == CHARON_NATT_PORT)
                {
                        data_offset += MARKER_LEN;
                }
@@ -332,7 +332,7 @@ METHOD(socket_t, sender, status_t,
        /* send data */
        sport = src->get_port(src);
        family = dst->get_family(dst);
-       if (sport == IKEV2_UDP_PORT)
+       if (sport == CHARON_UDP_PORT)
        {
                if (family == AF_INET)
                {
@@ -343,7 +343,7 @@ METHOD(socket_t, sender, status_t,
                        skt = this->send6;
                }
        }
-       else if (sport == IKEV2_NATT_PORT)
+       else if (sport == CHARON_NATT_PORT)
        {
                if (family == AF_INET)
                {
@@ -541,8 +541,8 @@ static int open_recv_socket(private_socket_raw_socket_t *this, int family)
        {
                /* Destination Port must be either port or natt_port */
                BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2),
-               BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IKEV2_UDP_PORT, 1, 0),
-               BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IKEV2_NATT_PORT, 6, 14),
+               BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_UDP_PORT, 1, 0),
+               BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_NATT_PORT, 6, 14),
                /* port */
                        /* IKE version must be 2.x */
                        BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET),
@@ -667,7 +667,7 @@ socket_raw_socket_t *socket_raw_socket_create()
        }
        else
        {
-               this->send4 = open_send_socket(this, AF_INET, IKEV2_UDP_PORT);
+               this->send4 = open_send_socket(this, AF_INET, CHARON_UDP_PORT);
                if (this->send4 == 0)
                {
                        DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
@@ -675,7 +675,7 @@ socket_raw_socket_t *socket_raw_socket_create()
                }
                else
                {
-                       this->send4_natt = open_send_socket(this, AF_INET, IKEV2_NATT_PORT);
+                       this->send4_natt = open_send_socket(this, AF_INET, CHARON_NATT_PORT);
                        if (this->send4_natt == 0)
                        {
                                DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
@@ -690,7 +690,7 @@ socket_raw_socket_t *socket_raw_socket_create()
        }
        else
        {
-               this->send6 = open_send_socket(this, AF_INET6, IKEV2_UDP_PORT);
+               this->send6 = open_send_socket(this, AF_INET6, CHARON_UDP_PORT);
                if (this->send6 == 0)
                {
                        DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
@@ -698,7 +698,7 @@ socket_raw_socket_t *socket_raw_socket_create()
                }
                else
                {
-                       this->send6_natt = open_send_socket(this, AF_INET6, IKEV2_NATT_PORT);
+                       this->send6_natt = open_send_socket(this, AF_INET6, CHARON_NATT_PORT);
                        if (this->send6_natt == 0)
                        {
                                DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");

diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index dd9a0b09d85e6b535c0a26aacff836dc7077cb01..28b493e7a016e28cdfa64658da037a50a6403950 100644 (file)
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -259,7 +259,7 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
                ike_cfg_t *ike_cfg;
 
                ike_cfg = ike_cfg_create(certreq, force_encap,
-                                                                local, FALSE, IKEV2_UDP_PORT,
+                                                                local, FALSE, CHARON_UDP_PORT,
                                                                 remote, FALSE, IKEV2_UDP_PORT);
                add_ike_proposals(this, ike_cfg, id);
                return ike_cfg;

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index c884da05dc077f6333038c34026ac547fcc7ab21..83f04bd382b41b01b0f5be5c99ace9e0b2b885ed 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -188,6 +188,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
        ike_cfg_t *ike_cfg;
        char *interface;
        host_t *host;
+       u_int16_t ikeport;
 
        host = host_create_from_dns(msg->add_conn.other.address, 0, 0);
        if (host)
@@ -224,11 +225,13 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
                        }
                }
        }
+       ikeport = msg->add_conn.me.ikeport;
+       ikeport = (ikeport == IKEV2_UDP_PORT) ? CHARON_UDP_PORT : ikeport;
        ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
                                                         msg->add_conn.force_encap,
                                                         msg->add_conn.me.address,
                                                         msg->add_conn.me.allow_any,
-                                                        msg->add_conn.me.ikeport,
+                                                        ikeport,
                                                         msg->add_conn.other.address,
                                                         msg->add_conn.other.allow_any,
                                                         msg->add_conn.other.ikeport);

diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index 9b0fd73adbc6369682949eade04e576a7694ba8b..9dc0cfcde508e93462835034075ee828dec39d71 100644 (file)
--- a/src/libcharon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -169,7 +169,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
        {
                DESTROY_IF(this->peer_cfg);
                ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                                                local_addr, FALSE, IKEV2_UDP_PORT,
+                                                                local_addr, FALSE, CHARON_UDP_PORT,
                                                                 remote_addr, FALSE, IKEV2_UDP_PORT);
                ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
                this->peer_cfg = peer_cfg_create(
@@ -267,7 +267,7 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool,
        {
                DESTROY_IF(this->ike_cfg);
                this->ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                                                          local_addr, FALSE, IKEV2_UDP_PORT,
+                                                                          local_addr, FALSE, CHARON_UDP_PORT,
                                                                           remote_addr, FALSE, IKEV2_UDP_PORT);
                this->ike_cfg->add_proposal(this->ike_cfg,
                                                                        create_proposal(ike_proposal, PROTO_IKE));

diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 45bac7cf845d3249e872f2bf0b38f895567633e1..6e5b4af0ddfee209dcc029ddef83da88b7213fcc 100644 (file)
--- a/src/libcharon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
@@ -97,7 +97,7 @@ METHOD(job_t, execute, job_requeue_t,
                ike_sa->set_kmaddress(ike_sa, this->local, this->remote);
 
                host = this->local->clone(this->local);
-               host->set_port(host, IKEV2_UDP_PORT);
+               host->set_port(host, CHARON_UDP_PORT);
                ike_sa->set_my_host(ike_sa, host);
 
                host = this->remote->clone(this->remote);

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0a7c52a748dd6a21a0f844c743225988fd7e78d9..5182da5aa6c6c778a8fa9ed34e2cf6cd65b1c357 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -845,9 +845,9 @@ METHOD(ike_sa_t, float_ports, void,
           private_ike_sa_t *this)
 {
        /* do not switch if we have a custom port from MOBIKE/NAT */
-       if (this->my_host->get_port(this->my_host) == IKEV2_UDP_PORT)
+       if (this->my_host->get_port(this->my_host) == CHARON_UDP_PORT)
        {
-               this->my_host->set_port(this->my_host, IKEV2_NATT_PORT);
+               this->my_host->set_port(this->my_host, CHARON_NATT_PORT);
        }
        if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT)
        {
@@ -1054,7 +1054,7 @@ static void resolve_hosts(private_ike_sa_t *this)
        if (this->local_host)
        {
                host = this->local_host->clone(this->local_host);
-               host->set_port(host, IKEV2_UDP_PORT);
+               host->set_port(host, CHARON_UDP_PORT);
        }
        else
        {
@@ -2239,7 +2239,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
        }
 
        this->task_manager = task_manager_create(&this->public);
-       this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);
+       this->my_host->set_port(this->my_host, CHARON_UDP_PORT);
 
        if (!this->task_manager || !this->keymat)
        {

diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c
index 8228d016af14620aed6eb5070d8ef2250df600c3..eee716c85a833c4c8c8311ad604b7739f33d6e3f 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/informational.c
+++ b/src/libcharon/sa/ikev1/tasks/informational.c
@@ -116,7 +116,7 @@ METHOD(task_t, process_r, status_t,
                                                         notify_type_names, type, redirect);
                                                /* Cisco boxes reject the first message from 4500 */
                                                me = this->ike_sa->get_my_host(this->ike_sa);
-                                               me->set_port(me, IKEV2_UDP_PORT);
+                                               me->set_port(me, CHARON_UDP_PORT);
                                                this->ike_sa->set_other_host(this->ike_sa, redirect);
                                                this->ike_sa->reauth(this->ike_sa);
                                                enumerator->destroy(enumerator);

diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 90c38666b2734b8b92513d4bae62d4d524a9429c..388b45c6899a8f8c42d592f4ef3853008d6f43cf 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -271,15 +271,15 @@ static void update_children(private_ike_mobike_t *this)
 /**
  * Apply the port of the old host, if its ip equals the new, use port otherwise.
  */
-static void apply_port(host_t *host, host_t *old, u_int16_t port)
+static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
 {
        if (host->ip_equals(host, old))
        {
                port = old->get_port(old);
        }
-       else if (port == IKEV2_UDP_PORT)
+       else if (port == (local ? CHARON_UDP_PORT : IKEV2_UDP_PORT))
        {
-               port = IKEV2_NATT_PORT;
+               port = (local ? CHARON_NATT_PORT : IKEV2_NATT_PORT);
        }
        host->set_port(host, port);
 }
@@ -314,9 +314,9 @@ METHOD(ike_mobike_t, transmit, void,
                                continue;
                        }
                        /* reuse port for an active address, 4500 otherwise */
-                       apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg));
+                       apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE);
                        other = other->clone(other);
-                       apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg));
+                       apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg), FALSE);
                        DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
                        copy = packet->clone(packet);
                        copy->set_source(copy, me);