From 33db7a200f6b4e8f587b40469d18ef25f951fa9d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 15 May 2025 09:20:52 +0200 Subject: [PATCH] kernel-ipsec: Add flag to disable sending fragments across AGGFRAG payloads We have to set this if the peer indicates that it doesn't support handling such fragments in the notify. --- src/libcharon/kernel/kernel_ipsec.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 6663d730b1..3ef5811d9d 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -113,6 +113,8 @@ struct kernel_ipsec_add_sa_t { bool copy_ecn; /** Whether to copy the DSCP header field to/from the outer header */ dscp_copy_t copy_dscp; + /** TRUE if the peer doesn't support receiving fragments in AGGFRAG pkts */ + bool iptfs_dont_frag; /** TRUE if initiator of the exchange creating the SA */ bool initiator; /** TRUE if this is an inbound SA */