[strongSwan] Fragmentation before encryption
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 17 15:01:29 CEST 2017
On 17.05.2017 03:35, Marie Luo wrote:
> But it doesn't appear to have any effects on the way strongSwan fragments and encrypts large packets, the large packets are always encrypted before fragmention.
It has nothing to do with strongSwan, only with the kernel.
The kernel does not do fragmentation before encryption with XFRM. I don't know about pfkey, but because it's the same code and pfkey is just another API to XFRM,
it will probably behave the same.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users