IPSec transport mode, mtu, fragmentation...
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Jan 16 14:33:20 UTC 2020
On 16.01.2020 17:24, Eugene Grosbein wrote:
> 16.01.2020 20:39, Andrey V. Elsukov wrote:
>
>> I prepared the PoC patch that should fix the problem with TCP and
>> transport mode IPsec. But I have not free time currently to properly
>> test and debug it. It is only compile-tested. But If you want, you can
>> try :)
>> Currently only IPv4 support is implemented.
>>
>> https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff
>
> In fact, I've faced this problem long time ago too and I work around it with different approaches
> like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode
> with gif(4) interface removing DF bit out of encapsulated packets.
>
> I was going to test your patch with my home router but the patch does not apply to stable/11, at all.
> Do you have time to adjust it to stable/11 ?
I tried apply the patch with `svn patch` and it applies cleanly. The
only needed change is moving `#include ipsec_support.h` to the top of
file.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200116/ed0f25c9/attachment.sig>
More information about the freebsd-net
mailing list