diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-12-24 12:28:01 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-12-24 13:00:01 +0100 |
| commit | 97973f860924e4472be9c842c34843cd95680642 (patch) | |
| tree | c38e905182a7b5979fdb7848f3cf35635006544e /src/libcharon/config | |
| parent | e645c15b9c918303134b1be63d67dacf51e1945b (diff) | |
| download | strongswan-97973f860924e4472be9c842c34843cd95680642.tar.bz2 strongswan-97973f860924e4472be9c842c34843cd95680642.tar.xz | |
Use a connection specific option to en-/disable IKEv1 fragmentation
Diffstat (limited to 'src/libcharon/config')
| -rw-r--r-- | src/libcharon/config/ike_cfg.c | 17 | ||||
| -rw-r--r-- | src/libcharon/config/ike_cfg.h | 13 |
2 files changed, 27 insertions, 3 deletions
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 1006fc295..e87b47e69 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -90,6 +90,11 @@ struct private_ike_cfg_t { bool force_encap; /** + * use IKEv1 fragmentation + */ + bool fragmentation; + + /** * List of proposals to use */ linked_list_t *proposals; @@ -113,6 +118,12 @@ METHOD(ike_cfg_t, force_encap_, bool, return this->force_encap; } +METHOD(ike_cfg_t, fragmentation, bool, + private_ike_cfg_t *this) +{ + return this->fragmentation; +} + METHOD(ike_cfg_t, get_my_addr, char*, private_ike_cfg_t *this, bool *allow_any) { @@ -268,6 +279,7 @@ METHOD(ike_cfg_t, equals, bool, this->version == other->version && this->certreq == other->certreq && this->force_encap == other->force_encap && + this->fragmentation == other->fragmentation && streq(this->me, other->me) && streq(this->other, other->other) && this->my_port == other->my_port && @@ -299,7 +311,8 @@ METHOD(ike_cfg_t, destroy, void, */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, - char *other, bool other_allow_any, u_int16_t other_port) + char *other, bool other_allow_any, u_int16_t other_port, + bool fragmentation) { private_ike_cfg_t *this; @@ -308,6 +321,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, .get_version = _get_version, .send_certreq = _send_certreq, .force_encap = _force_encap_, + .fragmentation = _fragmentation, .get_my_addr = _get_my_addr, .get_other_addr = _get_other_addr, .get_my_port = _get_my_port, @@ -324,6 +338,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, .version = version, .certreq = certreq, .force_encap = force_encap, + .fragmentation = fragmentation, .me = strdup(me), .other = strdup(other), .my_allow_any = my_allow_any, diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index fa2aaa325..0c4484252 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -134,11 +134,18 @@ struct ike_cfg_t { /** * Enforce UDP encapsulation by faking NATD notifies? * - * @return TRUE to enfoce UDP encapsulation + * @return TRUE to enforce UDP encapsulation */ bool (*force_encap) (ike_cfg_t *this); /** + * Use proprietary IKEv1 fragmentation + * + * @return TRUE to use fragmentation + */ + bool (*fragmentation) (ike_cfg_t *this); + + /** * Get the DH group to use for IKE_SA setup. * * @return dh group to use for initialization @@ -183,10 +190,12 @@ struct ike_cfg_t { * @param other address/DNS name of remote peer * @param other_allow_any allow override of remote address by any address * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating + * @param fragmentation use IKEv1 fragmentation * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, - char *other, bool other_allow_any, u_int16_t other_port); + char *other, bool other_allow_any, u_int16_t other_port, + bool fragmentation); #endif /** IKE_CFG_H_ @}*/ |