Date: Mon, 23 Dec 2019 19:12:23 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, Victor Sudakov <vas@sibptus.ru>, freebsd-net@freebsd.org Cc: Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> In-Reply-To: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
23.12.2019 19:00, Andrey V. Elsukov wrote: > I think the silence from ping is due to IPsec works asynchronously. > I.e. when application sends data to the stack, it receives good feedback > and thinks that data was send successful then it waits for reply. > But IPsec consumes the data and then encrypted data will be send from > crypto thread via callback. And now they can not be fragmented due to > IP_DF bit, but there are no app waiting for this error code. > > Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE > notify when EMSGSIZE is returned from ip_output(). At least for TCP. What is "an application" in this case? Userland app dealing with sockets? Another part of the kernel? Some system daemon similar to natd?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1c58795b-4f9f-1921-9057-500aef442ae2>