+ if (n->msg_type == IKEV2_NOTIFY_MSG_NAT_DETECTION_SOURCE_IP)
+ {
+ u8 *src_sha =
+ ikev2_compute_nat_sha1 (clib_net_to_host_u64 (ike->ispi), 0,
+ clib_net_to_host_u32 (sa->
+ iaddr.as_u32),
+ udp->src_port);
+ if (clib_memcmp (src_sha, n->data, vec_len (src_sha)))
+ {
+ sa->natt = 1;
+ ikev2_elog_uint (IKEV2_LOG_DEBUG, "ispi %lx initiator"
+ " behind NAT", sa->ispi);
+ }
+ vec_free (src_sha);
+ }
+ else if (n->msg_type ==
+ IKEV2_NOTIFY_MSG_NAT_DETECTION_DESTINATION_IP)
+ {
+ u8 *dst_sha =
+ ikev2_compute_nat_sha1 (clib_net_to_host_u64 (ike->ispi), 0,
+ clib_net_to_host_u32 (sa->
+ raddr.as_u32),
+ udp->dst_port);
+ if (clib_memcmp (dst_sha, n->data, vec_len (dst_sha)))
+ {
+ sa->natt = 1;
+ ikev2_elog_uint (IKEV2_LOG_DEBUG, "ispi %lx responder"
+ " (self) behind NAT", sa->ispi);
+ }
+ vec_free (dst_sha);
+ }