IPSec transport mode, mtu, fragmentation...
Victor Sudakov
vas at sibptus.ru
Thu Jan 16 16:07:48 UTC 2020
Eugene Grosbein wrote:
>
> > What beats me is that I cannot reproduce this problem in bhyve. In this
> > packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a
> > 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve
> > host), and I see no fragments, and the largets packet is 1466 bytes, and
> > the scp never stalls nor fails.
> >
> > Why is it NOT broken this time?
> >
> > Both hosts are 12.1-RELEASE-p1.
>
> I could not reproduce the problem with unpatched recent stable/11, either :-)
Is there a way to view the MSS in the TCP segments before encryption or
after decryption? I want to compare them in situations with IPSec
enabled and disabled.
I've never been able to see anything in "tcpdump -i enc0", probably it
cannot do transport mode IPSec because the man page talks about "outer
and inner header."
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200116/72702a8f/attachment.sig>
More information about the freebsd-net
mailing list