Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2001 10:40:08 +0100
From:      tariq_rashid@lineone.net
To:        Shoichi Sakane <sakane@kame.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: MTU and KAME ipsec
Message-ID:  <E15u9eq-0008By-00@mk-smarthost-2.mail.uk.worldonline.com>
next in thread | raw e-mail | index | archive | help 

regarding kame ipsec and MTU ... 

>From: Shoichi Sakane <sakane@kame.net>

>it doesn't do special things.  it's not different from
>when the kernel sends the normal packet.
>in ipsec case, it just takes ipsec headers length from interface's mtu.

sakane, thanks for your response.

the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. 

the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows 

i'm new to this so do help me out here!

thanks

tariq

---

09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] 
09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] 
09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] 
09:31:38.577280 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x8f)
09:31:38.579618 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa0) (frag 9264:1456@0+) [tos 0x8] 
09:31:38.579708 192.168.1.2 > 192.168.1.1: (frag 9264:84@1456) [tos 0x8] 
09:31:38.580940 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa1) (frag 9266:1456@0+) [tos 0x8] 
09:31:38.581037 192.168.1.2 > 192.168.1.1: (frag 9266:84@1456) [tos 0x8] 
09:31:38.582266 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa2) (frag 9268:1456@0+) [tos 0x8] 
09:31:38.582364 192.168.1.2 > 192.168.1.1: (frag 9268:84@1456) [tos 0x8] 
09:31:38.583021 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x90)
09:31:38.583156 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x91)
09:31:38.584578 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x92)
09:31:38.584722 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x93)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15u9eq-0008By-00>