Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 21 Dec 2019 08:51:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic
Message-ID:  <bug-242744-7501-r8dffeV4vu@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-242744-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-242744-7501@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744

--- Comment #6 from Eugene Grosbein <eugen@freebsd.org> ---
OTOH, RFC 2401 Appendix B https://tools.ietf.org/html/rfc2401#page-1-48 sta=
tes
that packets generated by IPSec transport mode must be allowed to fragment =
over
the path and this is incompatible with current behaviour keeping DF=3D1 for=
 TCP
and may be an error in our IPSEC stack. Adding ae@ to CC: list.

Andrey, what is your opinion on the problem? Should we clear DF bit
unconditionally for outgoing IPv4 IPSec transport mode packets?

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-242744-7501-r8dffeV4vu>