On 16.01.2020 17:24, Eugene Grosbein wrote: > 16.01.2020 20:39, Andrey V. Elsukov wrote: > >> I prepared the PoC patch that should fix the problem with TCP and >> transport mode IPsec. But I have not free time currently to properly >> test and debug it. It is only compile-tested. But If you want, you can >> try :) >> Currently only IPv4 support is implemented. >> >> https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff > > In fact, I've faced this problem long time ago too and I work around it with > different approaches > like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode > with gif(4) interface removing DF bit out of encapsulated packets. > > I was going to test your patch with my home router but the patch does not > apply to stable/11, at all. > Do you have time to adjust it to stable/11 ?
I tried apply the patch with `svn patch` and it applies cleanly. The only needed change is moving `#include ipsec_support.h` to the top of file. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
