lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 30 Jan 2014 13:25:10 +0100 (CET)
From:	"Simon Schneider" <>
Subject: IPv4 / IPv6 over IPv4 IPsec tunnel: setting the DF bit

for the scenarios
- IPv4 over IPv4 IPsec tunnel
- IPv6 over IPv4 IPsec tunnel

I wonder how the DF bit of the outer (encrypted) packet is set.

There are generally three options:
- DF bit always 0
- DF bit always 1
- DF bit copied from inner packet

(the last case is obviously not applicable for the IPv6 case, as the IPv6 header does not have a DF bit).

How is this done in Linux?

When investigating, I stumbled over defines named TNL_F_DF_INHERIT / TNL_F_DF_DEFAULT.

Are these still supported?

Is it possible to configure the behavior at runtime or just at compile time?

I would appreciate very much if someone could give an overview on this!

best regards, Simon

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists