IPSec transport mode, mtu, fragmentation...
Victor Sudakov
vas at sibptus.ru
Sun Jan 19 13:47:49 UTC 2020
Eugene Grosbein wrote:
> 19.01.2020 14:12, Victor Sudakov wrote:
>
> > So this is most probably the artifact of if_enc. What is then the
> > correct way to capture data with it?
>
> This is documented behaviour of enc(4), see its manual page for description
> of sysctl net.enc.{in|out}.ipsec_bpf_mask
This description does not make much sense to me, there is neigher "inner
header" nor "outer header" in transport mode.
By trial and error I've figured out that "net.enc.out.ipsec_bpf_mask=1"
is probably the answer. At least ICMP requests and replies are not
duplicated any more.
I still see lots of "dup ACKs" in Wireshark though.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200119/da5f7a8a/attachment.sig>
More information about the freebsd-net
mailing list