diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-12-20 12:16:08 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-12-24 12:29:27 +0100 |
| commit | 667720c8010214c46f0b84d2d197662667fcdbf1 (patch) | |
| tree | c4988414cc0d898faecb56c5ee786779efb2d669 /src | |
| parent | fe26ddada93a5f55971caa6c1e63e9503f414172 (diff) | |
| download | strongswan-667720c8010214c46f0b84d2d197662667fcdbf1.tar.bz2 strongswan-667720c8010214c46f0b84d2d197662667fcdbf1.tar.xz | |
Detect a peer's support for IKE fragmentation
Fragments are accepted even if this vendor ID is not seen.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ike_sa.h | 5 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 7c6a9a5d9..37a20e7f3 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -126,6 +126,11 @@ enum ike_extension_t { * draft-ietf-ipsec-nat-t-ike-02 .. -03 */ EXT_NATT_DRAFT_02_03 = (1<<10), + + /** + * peer support proprietary IKE fragmentation + */ + EXT_IKE_FRAGMENTATION = (1<<11), }; /** diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 2fd43ba8c..c62c277c8 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -99,6 +99,10 @@ static struct { { "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16, "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"}, + /* Proprietary IKE fragmentation extension (0x800000 is added by racoon) */ + { "FRAGMENTATION", EXT_IKE_FRAGMENTATION, FALSE, 20, + "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00"}, + }, vendor_natt_ids[] = { /* NAT-Traversal VIDs ordered by preference */ |