From owner-freebsd-net@freebsd.org  Wed Dec 25 16:49:36 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id F2C401E087D
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Wed, 25 Dec 2019 16:49:36 +0000 (UTC) (envelope-from vas@sibptus.ru)
Received: from admin.sibptus.ru (admin.sibptus.ru
 [IPv6:2001:19f0:5001:21dc::10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 47jfFW5Ldgz44DZ
 for <freebsd-net@freebsd.org>; Wed, 25 Dec 2019 16:49:35 +0000 (UTC)
 (envelope-from vas@sibptus.ru)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; 
 s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date;
 bh=SGMLReBsoV01VdekeNCPGFIkMFy8RQKBhyYxdSKrTcg=; b=UDVazIrSrW2rE3w+Xni7xi7RUt
 CNMhgYrbRz1DTg5JSrrPC94olNse9cnkLJsvHaywIG2diMFlVUkQQuTC9dxO+ra/wgUHfaNKAgiux
 gDFkZGAt7B/0CpIpY+LqSPdWRV7iZByx+2A1Dz95BDsvP2qmeKU/UGCMxqYfGDAodyeg=;
Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD))
 (envelope-from <vas@sibptus.ru>) id 1ik9qm-00032o-Hw
 for freebsd-net@freebsd.org; Wed, 25 Dec 2019 23:49:32 +0700
Date: Wed, 25 Dec 2019 23:49:32 +0700
From: Victor Sudakov <vas@sibptus.ru>
To: freebsd-net@freebsd.org
Subject: Re: IPSec transport mode, mtu, fragmentation...
Message-ID: <20191225164932.GA11670@admin.sibptus.ru>
References: <20191220152314.GA55278@admin.sibptus.ru>
 <f38d1f3c-dc47-0776-29f9-2151b05e09b0@tuxpowered.net>
 <20191220160357.GB56081@admin.sibptus.ru>
 <20191220162233.GA56815@admin.sibptus.ru>
 <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru>
 <20191223100655.GA41651@admin.sibptus.ru>
 <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru>
 <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
In-Reply-To: <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net>
X-PGP-Key: http://admin.sibptus.ru/~vas/
X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9  3532 0DA4 F259 9B5E C634
X-Rspamd-Queue-Id: 47jfFW5Ldgz44DZ
X-Spamd-Bar: --------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=sibptus.ru header.s=20181118 header.b=UDVazIrS;
 dmarc=pass (policy=none) header.from=sibptus.ru;
 spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates
 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru
X-Spamd-Result: default: False [-8.34 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-3.24)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn:
 20473(-1.32), country: US(-0.05)]; 
 DKIM_TRACE(0.00)[sibptus.ru:+];
 DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none];
 SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2019 16:49:37 -0000


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Eugene Grosbein wrote:
>=20
> I think we could just clear DF bit off encapsulated transport mode packet=
s unconditionally,
> please take a look at last chunk of sample patch in the PR 242744:
> https://bz-attachments.freebsd.org/attachment.cgi?id=3D210122
>=20
> Sample patch creates another sysctl but we should do it unconditionally, =
don't we?

The more I think of it, the more I feel that the idea of removing the DF
flag from ESP packets is incorrect. Because in IPv6, there is no flag to
remove. If an IPv6 packet was not fragmented by the originator, there is
nothing to be done in transit.

--=20
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJeA5McAAoJEA2k8lmbXsY0TU0IAJvLjZX5Fa79Un5XRRj2X1wu
kqW5RFg05I94sskURZtMpJUcFP46jkV4v5JBIR5NvEl8Bz3ILd9lgz+Tw1JZjCEx
Oo7IZnv9pFsRsmPDaKFqTwPpb8OCzU7olW4ypSFQ1Gr0/nD/9lGfrhxl91R42WPK
YJNS7G8cdBA0CY8SX+ysI9k1kIZjO2BvncGLbs8wklVXiWOnQpaZ1pFbj4f6Liae
DkiQRR/nDSKXoCobe3X+13QxVaFRCeoyVUbPtE/VQKqWlLc2eSll/6Jjno6tZZWI
vh4lFAiSOfGKzB4UpRtAm6bBLPIhpuTOmqldFqcix+YgRSzmbgTgSMuyWe+WPOs=
=RsQB
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--