Date: Fri, 17 Jan 2020 16:51:13 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Victor Sudakov <vas@sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" <bu7cher@yandex.ru>, Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> In-Reply-To: <20200117093645.GA51899@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <f9b7357e-ced1-4ce5-40d5-8e3dcad42442@yandex.ru> <d263a709-63cf-7da5-1747-8a6791f6503f@grosbein.net> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
17.01.2020 16:36, Victor Sudakov пишет: > Back to the point. I've figured out that both encrypted (in transport > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm > completely at a loss how the encrypted packets avoid being fragmented. > TCP has no way to know in advance that encryption overhead will be > added. If outgoing route (f.e. default route) has lower MTU, kernel should respond with EMSGSIZE to TCP's attempt to send oversized packet when PMTUD is enabled. If PMTUD discovers that path mtu is low, it should store this information in the hostcache (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same goal.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70b0b855-189b-03c2-0712-fc1e35640702>