Eugene Grosbein wrote:
> 19.01.2020 14:12, Victor Sudakov wrote:
>
> > So this is most probably the artifact of if_enc. What is then the
> > correct way to capture data with it?
>
> This is documented behaviour of enc(4), see its manual page for description
> of sysctl net.enc.{in|out}.ipsec_bpf_maskThis description does not make much sense to me, there is neigher "inner header" nor "outer header" in transport mode. By trial and error I've figured out that "net.enc.out.ipsec_bpf_mask=1" is probably the answer. At least ICMP requests and replies are not duplicated any more. I still see lots of "dup ACKs" in Wireshark though. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
