[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
FAST_IPSEC not sending ICMP frag needed? (was Re: FAST_IPSEC(?) drops packets?)
On 2/26/2011 6:36 AM, Matthias Drochner wrote:
Yes, I do see "datagrams that can't be fragmented" increase in "netstat
-pip". However, I don't see the router sending any ICMP fragmentation
needed packets back.
So is the CANTFRAG number counting in "netstat -pip"?
Shouldn't the encapsulation code send NEEDFRAG ICMPs
then? Do you observe any? Perhaps this part doesn't
work correctly in FAST_IPSEC...
BTW, changing net.inet.ipsec.dfbit to 0 does work around the problem
(but causes fragmentation).
Main Index |
Thread Index |