Date: Sun, 19 Jan 2020 20:47:39 +0700 From: Victor Sudakov <vas@sibptus.ru> To: Eugene Grosbein <eugen@grosbein.net> Cc: Michael Sierchio <kudzu@tenebras.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru>, Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200119134739.GA76629@admin.sibptus.ru> In-Reply-To: <e86093db-1777-125d-cb6f-ca27a2730fab@grosbein.net> References: <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> <d59805e9-3fd5-eb56-10db-26b532cb5e85@grosbein.net> <CAHu1Y71hGwPP48nYUYUpKQO3r%2B8HwEWq4uNGOi3Bup3PuC%2BYZA@mail.gmail.com> <20200119033645.GA54797@admin.sibptus.ru> <20200119071223.GA63055@admin.sibptus.ru> <e86093db-1777-125d-cb6f-ca27a2730fab@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: > 19.01.2020 14:12, Victor Sudakov wrote: >=20 > > So this is most probably the artifact of if_enc. What is then the > > correct way to capture data with it? >=20 > This is documented behaviour of enc(4), see its manual page for descripti= on > of sysctl net.enc.{in|out}.ipsec_bpf_mask This description does not make much sense to me, there is neigher "inner header" nor "outer header" in transport mode. By trial and error I've figured out that "net.enc.out.ipsec_bpf_mask=3D1" is probably the answer. At least ICMP requests and replies are not duplicated any more. I still see lots of "dup ACKs" in Wireshark though. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeJF37AAoJEA2k8lmbXsY0A2kH/RS91zTrADYvr1P58WPn7JfL vt7Mu6BDAeTIn/Knz4QaWvkdFK4UDv02SOsMQGurKUba4OXd8bjLxEDMRJAy6dZ2 JicdGANQHHWdsDLm/3+hE1tjZiAznoRsXymCbRS/DA6slWbJIrknSY8rsniNDw9V 1f+/peROgdg8v6EjqVvGttNgX1xsaNw3N2GoY5RAJS77SsGDzoJmbneKImXlaW9g /43G0QB4xkwFrUR8upsEeh9X58CjWuYk8k5iOZ/NYkRl1zKolIGF3UP3VsE9HTHH S3WtPKI55VtLWVqMdHMINZ9dlkBhpZTHJuPr3v5lszkma6sVt39fgh2kpNOf3yw= =3cf1 -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200119134739.GA76629>