ikev2: Negotiate support for IKEv2 fragmentation

2 files changed, 24 insertions, 1 deletions

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 7926301a7..f04fab009 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -128,7 +128,7 @@ enum ike_extension_t {
 	EXT_NATT_DRAFT_02_03 = (1<<10),
 
 	/**
-	 * peer support proprietary IKE fragmentation
+	 * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation
 	 */
 	EXT_IKE_FRAGMENTATION = (1<<11),
 };
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index e3c18ea0f..71c5f22fa 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
 		message->add_payload(message, (payload_t*)ke_payload);
 		message->add_payload(message, (payload_t*)nonce_payload);
 	}
+
+	/* negotiate fragmentation if we are not rekeying */
+	if (!this->old_sa &&
+		 this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+	{
+		if (this->initiator ||
+			this->ike_sa->supports_extension(this->ike_sa,
+											 EXT_IKE_FRAGMENTATION))
+		{
+			message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
+								chunk_empty);
+		}
+	}
 }
 
 /**
@@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 				this->other_nonce = nonce_payload->get_nonce(nonce_payload);
 				break;
 			}
+			case PLV2_NOTIFY:
+			{
+				notify_payload_t *notify = (notify_payload_t*)payload;
+
+				if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED)
+				{
+					this->ike_sa->enable_extension(this->ike_sa,
+												   EXT_IKE_FRAGMENTATION);
+				}
+			}
 			default:
 				break;
 		}