Force UDP-Encap by faking NAT situation under IPv4 network
This commit updates the IKE library to always to force UDP-Encap when
using IPv4 network. It makes the IKE library more spec compliant and
resolves the issue of dropping non-UDP-encap packets.
According to the IKE spec RFC 7296 Section 2.23:
1) When both IKE endpoints support NAT-T, both of them MUST be able to
receive both UDP-encapsulated ESP and non-UDP-encapsulated ESP packets
2) An IKE endpoint side can decide whether or not to use UDP
encapsulation for ESP.
Currently, the IKE library does not support building one SA for both UDP
Encap and non-UDP-encap Encap packets because of kernel restrictions.
Thus when both sides support NAT-T, IKE will risk dropping ESP packets.
This commit resolves this risk by faking a NAT to ensure the server only
sends one type of packet: the UDP-encapsulated packets.
Bug: 202096754
Test: atest FrameworksIkeTests (new tests), CtsIkeTestCases
Change-Id: If98b6e9af6863077c94a50f8098b3fee22cf781d
2 files changed
