Enabling this might conflict with plugins that later need access to e.g. the
used certificates.
.TP
+.BR charon.fragment_size " [512]"
+Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
+fragmentation extension.
+.TP
.BR charon.half_open_timeout " [30]"
Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
.TP
/*
- * Copyright (C) 2007-2012 Tobias Brunner
+ * Copyright (C) 2007-2013 Tobias Brunner
* Copyright (C) 2007-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
*/
size_t max_packet;
+ /**
+ * Maximum length of a single fragment (when sending)
+ */
+ size_t size;
+
/**
* The exchange type we use for fragments. Always the initial type even
* for fragmented quick mode or transaction messages (i.e. either
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
fragmentation = ike_cfg->fragmentation(ike_cfg);
data = packet->get_data(packet);
- if (data.len > MAX_FRAGMENT_SIZE && (fragmentation == FRAGMENTATION_FORCE ||
+ if (data.len > this->frag.size && (fragmentation == FRAGMENTATION_FORCE ||
(this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) &&
fragmentation == FRAGMENTATION_YES)))
{
/* reduce size due to non-ESP marker */
nat = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY);
- frag_size = MAX_FRAGMENT_SIZE - (nat ? 4 : 0);
+ frag_size = this->frag.size - (nat ? 4 : 0);
src = packet->get_source(packet);
dst = packet->get_destination(packet);
.exchange = ID_PROT,
.max_packet = lib->settings->get_int(lib->settings,
"%s.max_packet", MAX_PACKET, charon->name),
+ .size = lib->settings->get_int(lib->settings,
+ "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name),
},
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),