From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Jul 2012 09:13:43 +0000 (+0200)
Subject: Simplify NAT-D payload creation if UDP encapsulation is forced
X-Git-Tag: 5.0.1~395
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=893c3a4ead7e3fcf523b6ab83a4dd61fa7b54c9f;p=thirdparty%2Fstrongswan.git

Simplify NAT-D payload creation if UDP encapsulation is forced

We don't need any address lookups in that case as the content of the
payload is generated randomly anyway.
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index 3de0ab1b41..44a2be10b4 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -306,8 +306,8 @@ METHOD(task_t, build_i, status_t,
 	 * 3. Include all possbile addresses
 	 */
 	host = message->get_source(message);
-	if (!host->is_anyaddr(host))
-	{	/* 1. */
+	if (!host->is_anyaddr(host) || ike_cfg->force_encap(ike_cfg))
+	{	/* 1. or if we force UDP encap, as it doesn't matter if it's %any */
 		notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 		message->add_payload(message, (payload_t*)notify);
 	}