Sergey Matveev wrote:
> *** Victor Sudakov [2020-01-19 15:07]:
> >Probably this transformation should not cause any increase in payload
> >size because AFAIK a symmetric cipher does not increase the message
> >size (i.e. the encrypted message is not bigger than the cleartext).
>
> Wrong in nearly
To view an individual PR, use:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and ob
Eugene Grosbein wrote:
> 19.01.2020 14:12, Victor Sudakov wrote:
>
> > So this is most probably the artifact of if_enc. What is then the
> > correct way to capture data with it?
>
> This is documented behaviour of enc(4), see its manual page for description
> of sysctl net.enc.{in|out}.ipsec_bpf_
19.01.2020 14:12, Victor Sudakov wrote:
> So this is most probably the artifact of if_enc. What is then the
> correct way to capture data with it?
This is documented behaviour of enc(4), see its manual page for description
of sysctl net.enc.{in|out}.ipsec_bpf_mask
___
*** Victor Sudakov [2020-01-19 15:07]:
>Probably this transformation should not cause any increase in payload
>size because AFAIK a symmetric cipher does not increase the message
>size (i.e. the encrypted message is not bigger than the cleartext).
Wrong in nearly all cases.
1) If you use *stream*
Victor Sudakov wrote:
> Julian Elischer wrote:
> > >
> > > > Back to the point. I've figured out that both encrypted (in transport
> > > > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm
> > > > completely at a loss how the encrypted packets avoid being fragmented.
> > > > TCP
