[Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Dec 22 23:04:11 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #18 from dewayne at heuristicsystems.com.au ---
(In reply to Eugene Grosbein from comment #16)
I thought that there was a convention regarding sysctl naming format. Should
net.inet.ipsec.trans.cleardf be net.inet.ipsec.trans_cleardf, or are there
plans for the trans sub-branch?
As it might help people coming into ipsec in the future. Is it possible to have
a crisp (clear) description that distinguishes
net.inet.ipsec.trans.cleardf: "Clear do not fragment bit for outgoing transport
mode packets."
and
net.inet.ipsec.dfbit=Do not fragment bit on encap.
Suggestion
net.inet.ipsec.dfbit="Do not fragment bit on tunnel encap."
^
(I'd personally prefer net.inet.ipsec.tunnel_cleardf, and obsolete, in the
future, ipsec.dfbit as it doesn't do as currently stated. Perhaps worth
consideration?)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list