Date: Sun, 19 Jan 2020 14:12:23 +0700 From: Victor Sudakov <vas@sibptus.ru> To: Michael Sierchio <kudzu@tenebras.com> Cc: Eugene Grosbein <eugen@grosbein.net>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru>, Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200119071223.GA63055@admin.sibptus.ru> In-Reply-To: <20200119033645.GA54797@admin.sibptus.ru> References: <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> <d59805e9-3fd5-eb56-10db-26b532cb5e85@grosbein.net> <CAHu1Y71hGwPP48nYUYUpKQO3r%2B8HwEWq4uNGOi3Bup3PuC%2BYZA@mail.gmail.com> <20200119033645.GA54797@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: > Michael Sierchio wrote: > >=20 > > What is the result of > >=20 > > > sysctl net.enc >=20 > ot@fbsd-test1:~ # sysctl net.enc > net.enc.out.ipsec_bpf_mask: 3 > net.enc.out.ipsec_filter_mask: 0 > net.enc.in.ipsec_bpf_mask: 1 > net.enc.in.ipsec_filter_mask: 0 >=20 > >=20 > > ? This might be a clue about the packets, which you could be seeing tw= ice. > >=20 >=20 > An artifact of enc0, you think ? Are the above settings sending the > packets to if_enc twice? I just made a small experiment: sent 20 pings from 192.168.246.10 to 192.168.246.11, and I see that each echo reply is duplicated, so there are 60 packets totally in the traffic dump: 20 requests and 40 replies: http://admin.sibptus.ru/~vas/i1.pcap So this is most probably the artifact of if_enc. What is then the correct way to capture data with it? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --ibTvN161/egqYuK8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeJAFXAAoJEA2k8lmbXsY0GDAH/1bCdb6quw4mRu73ra67rmyZ zqTx4deZmO0PFpN497QfCVBlbKfr7Fi983/D43yryplrljNFt7OO0AuRu2zcnJrY sB+PpDgVz2dwmhg8+CXKRjL25ppAT7Er6hEk0Jf/f7AfxoWOxGMy/vL5y/yBLrsX gtqSFZE5UtnjQqKR2pRiubBEwczTpgW+ZQiHVtFQ1OBBGnuzqFaRoxmfsOeJnMT3 MHL7IepYsbi5+HRuNl5IOQUnY5aKRPX9YkhnTElYKUehO5XVaHxKKjgj8I9kbSrH 1iGgLWDGJdbuP6iiUJnYuzD47NvfjgGAKiz+wh/xTiKkVoRFHENsJjLhkpPsfZs= =HS2S -----END PGP SIGNATURE----- --ibTvN161/egqYuK8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200119071223.GA63055>