[Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Dec 22 23:04:11 UTC 2019


--- Comment #18 from dewayne at heuristicsystems.com.au ---
(In reply to Eugene Grosbein from comment #16)
I thought that there was a convention regarding sysctl naming format.  Should 
net.inet.ipsec.trans.cleardf be net.inet.ipsec.trans_cleardf, or are there
plans for the trans sub-branch?

As it might help people coming into ipsec in the future. Is it possible to have
a crisp (clear) description that distinguishes 
net.inet.ipsec.trans.cleardf: "Clear do not fragment bit for outgoing transport
mode packets."
net.inet.ipsec.dfbit=Do not fragment bit on encap.

net.inet.ipsec.dfbit="Do not fragment bit on tunnel encap."

(I'd personally prefer net.inet.ipsec.tunnel_cleardf, and obsolete, in the
future,  ipsec.dfbit as it doesn't do as currently stated. Perhaps worth

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-net mailing list