diff --git a/README.md b/README.md
index 22a6e53..2411d2a 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ RHEL systems.
 | **Copy Fail 1** (CVE-2026-31431) | `socket_bind` | AF_ALG AEAD socket binds | All (EL8, EL9, EL10) |
 | **Copy Fail 2** / Dirty Frag ESP | `socket_sendmsg` | `MSG_SPLICE_PAGES` on UDP sockets | All (EL8, EL9, EL10) |
 | **Dirty Frag** (rxkad path) | `socket_create` | AF_RXRPC socket creation | All (EL8, EL9, EL10) |
+| **Fragnesia** (ESPinTCP path) | `socket_bind` | AF_ALG AEAD socket binds | ?? |
 
 ### What's unaffected
 
@@ -117,6 +118,9 @@ page-cache contents in-place via AF_RXRPC sockets. We block AF_RXRPC
 socket creation entirely. AFS/rxrpc is unused on nearly all production
 RHEL systems (it is not even shipped in the RHEL 8 kernel).
 
+**Fragnesia** uses the ESPinTCP code, see
+https://lwn.net/ml/all/8733zvfucm.fsf%40gentoo.org/
+
 ## Removal
 
 ```bash
diff --git a/block_copyfail.bpf.c b/block_copyfail.bpf.c
index 4d95497..cc4d115 100644
--- a/block_copyfail.bpf.c
+++ b/block_copyfail.bpf.c
@@ -60,8 +60,10 @@ struct sockaddr;
 
 #define AF_INET   2
 #define AF_INET6 10
+#define SOCK_STREAM 1
 #define SOCK_DGRAM 2
 #define IPPROTO_UDP 17
+#define IPPROTO_TCP 6
 #define SOL_UDP     17
 #define UDP_ENCAP  100
 #define MSG_SPLICE_PAGES 0x08000000
@@ -177,7 +179,8 @@ int BPF_PROG(block_copyfail2, struct socket *sock,
 	if (!(BPF_CORE_READ(msg, msg_flags) & MSG_SPLICE_PAGES))
 		return 0;
 
-	if (BPF_CORE_READ(sock, type) != SOCK_DGRAM)
+	if (BPF_CORE_READ(sock, type) != SOCK_DGRAM &&
+		BPF_CORE_READ(sock, type) != SOCK_STREAM)
 		return 0;
 
 	sk = BPF_CORE_READ(sock, sk);
@@ -188,7 +191,8 @@ int BPF_PROG(block_copyfail2, struct socket *sock,
 	    BPF_CORE_READ(sk, __sk_common.skc_family) != AF_INET6)
 		return 0;
 
-	if (BPF_CORE_READ(sk, sk_protocol) != IPPROTO_UDP)
+	if (BPF_CORE_READ(sk, sk_protocol) != IPPROTO_UDP &&
+			BPF_CORE_READ(sk, sk_protocol) != IPPROTO_TCP)
 		return 0;
 
 	emit_block_event(BLOCK_HOOK_CF2);
diff --git a/block_copyfail.c b/block_copyfail.c
index 5bfb192..a7d11b3 100644
--- a/block_copyfail.c
+++ b/block_copyfail.c
@@ -36,7 +36,7 @@ static const char *hook_name(__u32 hook)
 {
 	switch (hook) {
 	case BLOCK_HOOK_CF1:   return "AF_ALG-AEAD";
-	case BLOCK_HOOK_CF2:   return "ESP-UDP-splice";
+	case BLOCK_HOOK_CF2:   return "ESP-encap-splice";
 	case BLOCK_HOOK_DF:    return "AF_RXRPC";
 	case BLOCK_HOOK_ENCAP: return "UDP_ENCAP";
 	default:               return "unknown";