From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 20 Sep 2013 12:05:53 +0000 (+0200)
Subject: ikev2: Force an update of the host addresses on the first response
X-Git-Tag: 5.1.1dr4~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=561f94ae580093544b5294e0307a290524fc90df;p=thirdparty%2Fstrongswan.git

ikev2: Force an update of the host addresses on the first response

This is especially useful on Android where we are able to send messages
even if we don't know the correct local address (this is possible
because we don't set source addresses in outbound messages).  This way
we may learn the correct local address if it e.g. changed right before
reestablishing an SA.

Updating the local address later is tricky without MOBIKE as the
responder might not update the associated IPsec SAs properly.
---

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index a6af744fc9..5e0a271b2a 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1145,14 +1145,9 @@ METHOD(task_manager_t, process_message, status_t,
 					return FAILED;
 				}
 			}
-			if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
-				this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
-				msg->get_exchange_type(msg) != IKE_SA_INIT)
-			{	/* only do host updates based on verified messages */
-				if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
-				{	/* with MOBIKE, we do no implicit updates */
-					this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
-				}
+			if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
+			{	/* with MOBIKE, we do no implicit updates */
+				this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
 			}
 			charon->bus->message(charon->bus, msg, TRUE, TRUE);
 			if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
@@ -1198,10 +1193,13 @@ METHOD(task_manager_t, process_message, status_t,
 			if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
 				this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
 				msg->get_exchange_type(msg) != IKE_SA_INIT)
-			{	/* only do host updates based on verified messages */
+			{	/* only do updates based on verified messages (or inital ones) */
 				if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
-				{	/* with MOBIKE, we do no implicit updates */
-					this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
+				{	/* with MOBIKE, we do no implicit updates.  we force an
+					 * update of the local address on IKE_SA_INIT, but never
+					 * for the remote address */
+					this->ike_sa->update_hosts(this->ike_sa, me, NULL, mid == 0);
+					this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE);
 				}
 			}
 			charon->bus->message(charon->bus, msg, TRUE, TRUE);