ikev2: Negotiate support for IKEv2 fragmentation
authorTobias Brunner <tobias@strongswan.org>
Fri, 6 Jun 2014 14:19:55 +0000 (16:19 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 10 Oct 2014 07:31:16 +0000 (09:31 +0200)
src/libcharon/sa/ike_sa.h
src/libcharon/sa/ikev2/tasks/ike_init.c

index 7926301..f04fab0 100644 (file)
@@ -128,7 +128,7 @@ enum ike_extension_t {
        EXT_NATT_DRAFT_02_03 = (1<<10),
 
        /**
-        * peer support proprietary IKE fragmentation
+        * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation
         */
        EXT_IKE_FRAGMENTATION = (1<<11),
 };
index e3c18ea..71c5f22 100644 (file)
@@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
                message->add_payload(message, (payload_t*)ke_payload);
                message->add_payload(message, (payload_t*)nonce_payload);
        }
+
+       /* negotiate fragmentation if we are not rekeying */
+       if (!this->old_sa &&
+                this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+       {
+               if (this->initiator ||
+                       this->ike_sa->supports_extension(this->ike_sa,
+                                                                                        EXT_IKE_FRAGMENTATION))
+               {
+                       message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
+                                                               chunk_empty);
+               }
+       }
 }
 
 /**
@@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                this->other_nonce = nonce_payload->get_nonce(nonce_payload);
                                break;
                        }
+                       case PLV2_NOTIFY:
+                       {
+                               notify_payload_t *notify = (notify_payload_t*)payload;
+
+                               if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED)
+                               {
+                                       this->ike_sa->enable_extension(this->ike_sa,
+                                                                                                  EXT_IKE_FRAGMENTATION);
+                               }
+                       }
                        default:
                                break;
                }