Date: Sat, 18 Jan 2020 15:34:58 -0800 From: Julian Elischer <julian@freebsd.org> To: Eugene Grosbein <eugen@grosbein.net>, Victor Sudakov <vas@sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" <bu7cher@yandex.ru>, Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <c7f5828b-3678-b432-47a8-75afada5bd9e@freebsd.org> In-Reply-To: <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <f9b7357e-ced1-4ce5-40d5-8e3dcad42442@yandex.ru> <d263a709-63cf-7da5-1747-8a6791f6503f@grosbein.net> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/17/20 1:51 AM, Eugene Grosbein wrote: > 17.01.2020 16:36, Victor Sudakov пишет: > >> Back to the point. I've figured out that both encrypted (in transport >> mode) and unencrypted TCP segments have the same MSS=1460. Then I'm >> completely at a loss how the encrypted packets avoid being fragmented. >> TCP has no way to know in advance that encryption overhead will be >> added. Using multiple routing tables we could add a mechanism to the ipsec code so that encapsulated sessions are referred to one routing table and that the "envelope" routes are referencing another (specified in ipsec setup) routing table. The two routing tables would have different MTUs. This mechanism/framework would also be useful for other tunneling protocols in general. > If outgoing route (f.e. default route) has lower MTU, kernel should respond with EMSGSIZE > to TCP's attempt to send oversized packet when PMTUD is enabled. > > If PMTUD discovers that path mtu is low, it should store this information in the hostcache > (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same goal. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c7f5828b-3678-b432-47a8-75afada5bd9e>