23.12.2019 16:44, Andrey V. Elsukov wrote: > On 23.12.2019 12:39, Andrey V. Elsukov wrote: >> On 20.12.2019 19:22, Victor Sudakov wrote: >>>> What's the root of the problem? ESP packets cannot get fragmented or >>>> what? >>> >>> Wireshark has shown that the "Don't Fragment" flag is set on all ESP >>> (protocol 50) packets. Who does this, why, and how can I switch it off >>> globally? >> >> Hi, >> >> I think this DF flag is originally from TCP packet. >> ESP xform for transport mode just replaces protocol in IP header and >> adds some info to the end of a packet. > > This is controlled by net.inet.tcp.path_mtu_discovery variable. > TCP won't set IP_DF flag if you disable this feature.
Disabling PMTUD globally results in small outgoing TCP packets for all connections, encrypted or not. Performance may degrade. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
