From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 10 Jun 2021 14:39:18 +0000 (+0200)
Subject: ike-mobike: Force MOBIKE update after NAT mappings changed
X-Git-Tag: 5.9.3dr4~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abe51389c5f74961a6284e3972b6ed2b12ecae5a;p=thirdparty%2Fstrongswan.git

ike-mobike: Force MOBIKE update after NAT mappings changed

The addresses observed by the client behind the NAT are exactly the same if
the NAT router gets restarted.

Fixes: 2b255f01afbc ("ike-mobike: Use ike_sa_t::update_hosts() to trigger events")
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index b9ba92cd89..283ffd082a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -499,6 +499,8 @@ METHOD(task_t, process_i, status_t,
 	}
 	else if (message->get_exchange_type(message) == INFORMATIONAL)
 	{
+		bool force = FALSE;
+
 		if (is_newer_update_queued(this))
 		{
 			return SUCCESS;
@@ -533,6 +535,7 @@ METHOD(task_t, process_i, status_t,
 			}
 			else if (this->natd->has_mapping_changed(this->natd))
 			{	/* force a check/update if mappings have changed during a DPD */
+				force = TRUE;
 				this->check = TRUE;
 				DBG1(DBG_IKE, "detected changes in NAT mappings, "
 					 "initiating MOBIKE update");
@@ -553,7 +556,7 @@ METHOD(task_t, process_i, status_t,
 			{
 				other_new = other;
 			}
-			if (me_new || other_new)
+			if (me_new || other_new || force)
 			{
 				this->ike_sa->update_hosts(this->ike_sa, me_new, other_new,
 										   UPDATE_HOSTS_FORCE_ALL);