From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 15 May 2025 07:20:52 +0000 (+0200)
Subject: kernel-ipsec: Add flag to disable sending fragments across AGGFRAG payloads
X-Git-Tag: 6.0.2dr1~4^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=33db7a200f6b4e8f587b40469d18ef25f951fa9d;p=thirdparty%2Fstrongswan.git

kernel-ipsec: Add flag to disable sending fragments across AGGFRAG payloads

We have to set this if the peer indicates that it doesn't support
handling such fragments in the notify.
---

diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 6663d730b1..3ef5811d9d 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -113,6 +113,8 @@ struct kernel_ipsec_add_sa_t {
 	bool copy_ecn;
 	/** Whether to copy the DSCP header field to/from the outer header */
 	dscp_copy_t copy_dscp;
+	/** TRUE if the peer doesn't support receiving fragments in AGGFRAG pkts */
+	bool iptfs_dont_frag;
 	/** TRUE if initiator of the exchange creating the SA */
 	bool initiator;
 	/** TRUE if this is an inbound SA */