Do not send NAT_DETECTION when using IPv6 in IKE setup
This commit stops IkeSessionStateMachine from sending
NAT_DETECTION payload when using IPv6 in IKE setup, and
also terminates IKE Session when detecting IPv6 NAT during
MOBIKE.
Sending NAT_DETECTION when using IPv6 will allow the server
to enforce IPv6 NAT-T even if there is no IPv6 NAT and then
will cause the server to send UDP Encap ESP packet which can
not be handled by the Android platform.
With this commit, IKE is no longer sending NAT_DETECTION in
IKE INIT when using IPv6, thus IKE will not know if the server
supports NAT-T before it first uses/migrates to IPv4. Thus the
changes to MOBIKE process are:
- IKE will switch to use port 4500 only after it knows the server
supports NAT-T
- When migrating to IPv4, UPDATE_SA_ADDRESSES will always include
NAT_DETECTION payloads unless it is known that the server does
not support NAT-T
- When migrating to IPv6, UPDATE_SA_ADDRESSES will include
NAT_DETECTION payloads only if a NAT was detected with the old
addresses
Bug: 188570938
Bug: 191919565
Test: atest FrameworksIkeTests, CtsIkeTestCases, CtsVcnTestCases
Test: Manually verified migration from v4 to v6 and v6 to v4
Change-Id: I55effc4d4bc27135f66bf0d09bc103b3271e4874
3 files changed