Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Jan 2020 20:47:39 +0700
From:      Victor Sudakov <vas@sibptus.ru>
To:        Eugene Grosbein <eugen@grosbein.net>
Cc:        Michael Sierchio <kudzu@tenebras.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru>, Michael Tuexen <tuexen@freebsd.org>
Subject:   Re: IPSec transport mode, mtu, fragmentation...
Message-ID:  <20200119134739.GA76629@admin.sibptus.ru>
In-Reply-To: <e86093db-1777-125d-cb6f-ca27a2730fab@grosbein.net>
References:  <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> <d59805e9-3fd5-eb56-10db-26b532cb5e85@grosbein.net> <CAHu1Y71hGwPP48nYUYUpKQO3r%2B8HwEWq4uNGOi3Bup3PuC%2BYZA@mail.gmail.com> <20200119033645.GA54797@admin.sibptus.ru> <20200119071223.GA63055@admin.sibptus.ru> <e86093db-1777-125d-cb6f-ca27a2730fab@grosbein.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Eugene Grosbein wrote:
> 19.01.2020 14:12, Victor Sudakov wrote:
>=20
> > So this is most probably the artifact of if_enc. What is then the
> > correct way to capture data with it?
>=20
> This is documented behaviour of enc(4), see its manual page for descripti=
on
> of sysctl net.enc.{in|out}.ipsec_bpf_mask

This description does not make much sense to me, there is neigher "inner
header" nor "outer header" in transport mode.

By trial and error I've figured out that "net.enc.out.ipsec_bpf_mask=3D1"
is probably the answer. At least ICMP requests and replies are not
duplicated any more.

I still see lots of "dup ACKs" in Wireshark though.

--=20
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJeJF37AAoJEA2k8lmbXsY0A2kH/RS91zTrADYvr1P58WPn7JfL
vt7Mu6BDAeTIn/Knz4QaWvkdFK4UDv02SOsMQGurKUba4OXd8bjLxEDMRJAy6dZ2
JicdGANQHHWdsDLm/3+hE1tjZiAznoRsXymCbRS/DA6slWbJIrknSY8rsniNDw9V
1f+/peROgdg8v6EjqVvGttNgX1xsaNw3N2GoY5RAJS77SsGDzoJmbneKImXlaW9g
/43G0QB4xkwFrUR8upsEeh9X58CjWuYk8k5iOZ/NYkRl1zKolIGF3UP3VsE9HTHH
S3WtPKI55VtLWVqMdHMINZ9dlkBhpZTHJuPr3v5lszkma6sVt39fgh2kpNOf3yw=
=3cf1
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200119134739.GA76629>