After installing pfil 2.1.6/ip_fil 4.1.8 on Solaris 9/sparc Sun Fire V100 acting
as a firewall, I'm seeing IPsec packets that travel thru the box that
were fragmented not being reconstructed by the IPsec endpoint, suggesting
some corruption.
host1 host2
| |
| |
ipsec gw ---- firewalls routers and internet ---- ipf box --- ipsec gw
The IPsec mtu is set at 1476 on each gw, and the following doesn't
work from host1.
host1$ ping -s host2 1400
but this does work
host1$ ping -s host2 1200
Outside of IPsec there is no problem getting large packets thru the ipf box,
although I haven't determine their integrity 100%.
(the ping test is just to demonstrate the problem; the initial problem
was TCP sessions hanging if they tried sending large blocks of data)
Prior, I was using pfil 2.1.4/ip_fil 4.1.3 and didn't see this problem at all.
Ian D
---
gcc 3.3.3
$ isainfo -vk
64-bit sparcv9 kernel modules
$ ipf -V
ipf: IP Filter: v4.1.8 (592)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x187
