Date: Thu, 18 Oct 2001 21:27:07 +0900 From: Shoichi Sakane <sakane@kame.net> To: tariq_rashid@lineone.net Cc: freebsd-security@freebsd.org Subject: Re: MTU and KAME ipsec Message-ID: <20011018212707A.sakane@kame.net> In-Reply-To: Your message of "Thu, 18 Oct 2001 19:36:37 %2B0900" <20011018193637H.sakane@kame.net> References: <20011018193637H.sakane@kame.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. > > the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows > 09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] > 09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] > 09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] in the case of ip forwarding, the fragment takes place after aplying esp to the packet. so this fragment is correct. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018212707A.sakane>