[strongSwan] XFRM fragmentation before encapsulation

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Sat Oct 19 23:42:10 CEST 2019

Hello list,

Does the kernel support IP fragmentation before encapsulation in any way? Even with XFRM interfaces or VTIs?
I looked at the XFRM code but did not find any code that deals with fragmenting any packets. If the packet is too large,
it is just discarded with an error. If the MTU of the network path is large enough and the packet is pre fragmented by
having an XFRM interface with a sufficiently low MTU, then do fragments get encapsulated?

Any enlightement would be very appreciated!

Kind regards


Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191019/950fabb0/attachment.sig>

More information about the Users mailing list