ikev2: Negotiate support for IKEv2 fragmentation

2025-10-06 00:00:47 -04:00 · 2014-06-06 16:19:55 +02:00 · 2014-06-06 16:19:55 +02:00 · 34dc37f3cb
commit 34dc37f3cb
parent 7223b642a7
2 changed files with 24 additions and 1 deletions
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@ -128,7 +128,7 @@ enum ike_extension_t {
 	EXT_NATT_DRAFT_02_03 = (1<<10),

 	/**
-	 * peer support proprietary IKE fragmentation
+	 * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation
 	 */
 	EXT_IKE_FRAGMENTATION = (1<<11),
 };
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
 		message->add_payload(message, (payload_t*)ke_payload);
 		message->add_payload(message, (payload_t*)nonce_payload);
 	}
+
+	/* negotiate fragmentation if we are not rekeying */
+	if (!this->old_sa &&
+		 this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+	{
+		if (this->initiator ||
+			this->ike_sa->supports_extension(this->ike_sa,
+											 EXT_IKE_FRAGMENTATION))
+		{
+			message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
+								chunk_empty);
+		}
+	}
 }

 /**
@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 				this->other_nonce = nonce_payload->get_nonce(nonce_payload);
 				break;
 			}
+			case PLV2_NOTIFY:
+			{
+				notify_payload_t *notify = (notify_payload_t*)payload;
+
+				if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED)
+				{
+					this->ike_sa->enable_extension(this->ike_sa,
+												   EXT_IKE_FRAGMENTATION);
+				}
+			}
 			default:
 				break;
 		}