23.12.2019 19:00, Andrey V. Elsukov wrote: > I think the silence from ping is due to IPsec works asynchronously. > I.e. when application sends data to the stack, it receives good feedback > and thinks that data was send successful then it waits for reply. > But IPsec consumes the data and then encrypted data will be send from > crypto thread via callback. And now they can not be fragmented due to > IP_DF bit, but there are no app waiting for this error code. > > Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE > notify when EMSGSIZE is returned from ip_output(). At least for TCP.
What is "an application" in this case? Userland app dealing with sockets? Another part of the kernel? Some system daemon similar to natd? _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
