IPSec transport mode, mtu, fragmentation...
Victor Sudakov
vas at sibptus.ru
Wed Dec 25 16:49:37 UTC 2019
Eugene Grosbein wrote:
>
> I think we could just clear DF bit off encapsulated transport mode packets unconditionally,
> please take a look at last chunk of sample patch in the PR 242744:
> https://bz-attachments.freebsd.org/attachment.cgi?id=210122
>
> Sample patch creates another sysctl but we should do it unconditionally, don't we?
The more I think of it, the more I feel that the idea of removing the DF
flag from ESP packets is incorrect. Because in IPv6, there is no flag to
remove. If an IPv6 packet was not fragmented by the originator, there is
nothing to be done in transit.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191225/1dfeb2d0/attachment.sig>
More information about the freebsd-net
mailing list