[strongSwan] XFRM fragmentation before encapsulation
noel.kuntze+strongswan-users-ml at thermi.consulting
Sat Oct 19 23:42:10 CEST 2019
Does the kernel support IP fragmentation before encapsulation in any way? Even with XFRM interfaces or VTIs?
I looked at the XFRM code but did not find any code that deals with fragmenting any packets. If the packet is too large,
it is just discarded with an error. If the MTU of the network path is large enough and the packet is pre fragmented by
having an XFRM interface with a sufficiently low MTU, then do fragments get encapsulated?
Any enlightement would be very appreciated!
IT security consultant
GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users