> I'm wondering if we should make this the default. I'm seeing no breakage
> as a result of using it, and it fixes things with some annoying network
> configurations.
The option does add overhead though because it will fragment messages even
if the MTU is big enough. As a result it will add some
I'm wondering if we should make this the default. I'm seeing no breakage
as a result of using it, and it fixes things with some annoying network
configurations.
Index: iked.conf.5
===
RCS file: /cvs/src/sbin/iked/iked.conf.5,v
Hey,
I updated the diff to work with the recent fixes.
Currently next_pl is checked to be the encrypted payload after the IKE_SA_INIT
exchange, this also whitelists the new encrypted fragment payload.
Also ikev2_send_encrypted_fragments() now uses the new sa_msgid_current
instead of sa_msgid just
Tim Stewart writes:
> On 3/30/19 3:11 PM, Tobias Heider wrote:
>> Hi Stuart,
>>
>> I'm glad to see people are using this.
>> There's some smaller fixes that I haven't sent to the list yet, so
>> probably I'll send an updated diff on monday.
>
> I plan to start using this patch this week, likely
Another update which fixes a problem with loosing the
sa_frag state when rekeying the IKE SA, fixes some formatting and
adresses some complaints about the msg_retransmit and msg_dispose API.
Index: sbin/iked//config.c
===
RCS file:
Here's the update.
What changed:
- fixed cleanup of fragments in SA
- fixed retransmission of fragmented messages
- adjusted copyright headers
- Added some comments
I also included Stuart's manpage parts as well as some line breaks.
We've been testing this version and haven't found anything off
On 3/30/19 3:11 PM, Tobias Heider wrote:
Hi Stuart,
I'm glad to see people are using this.
There's some smaller fixes that I haven't sent to the list yet, so
probably I'll send an updated diff on monday.
I plan to start using this patch this week, likely as soon as you send
the updated diff.
Hi Stuart,
I'm glad to see people are using this.
There's some smaller fixes that I haven't sent to the list yet, so
probably I'll send an updated diff on monday.
Regards,
Tobias
On 3/30/19 6:43 PM, Stuart Henderson wrote:
> This diff hasn't gone anywhere recently - I've been using it since
>
This diff hasn't gone anywhere recently - I've been using it since
Tobias posted it with no problems. Any comments on whether it should
go in, and if so, before/after 6.5? The feature is disabled by default.
Index: config.c
===
RCS
On Wed, Feb 27, 2019 at 01:01:37PM +, Stuart Henderson wrote:
> A couple of nits - manpage part is missing, I propose this:
>
> Index: iked.conf.5
> ===
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.53
>
On Wed, Feb 27, 2019 at 01:01:37PM +, Stuart Henderson wrote:
> On 2019/02/26 16:34, Tobias Heider wrote:
> > Hi,
> >
> > this diff adds support for IKEv2 Message Fragmentation as defined in
> > RFC 7383 (https://tools.ietf.org/html/rfc7383) to iked(8).
>
> Thank you, I know there are quite
On 2019/02/26 16:34, Tobias Heider wrote:
> Hi,
>
> this diff adds support for IKEv2 Message Fragmentation as defined in
> RFC 7383 (https://tools.ietf.org/html/rfc7383) to iked(8).
Thank you, I know there are quite a few additions in the genua tree and
splitting them out is not easy. I'm
Hi,
this diff adds support for IKEv2 Message Fragmentation as defined in
RFC 7383 (https://tools.ietf.org/html/rfc7383) to iked(8).
Tobias
Index: regress/sbin/iked/parser/common.c
===
RCS file:
13 matches
Mail list logo