[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Path MTU Discovery
>
>> Another point is that fragmentation checking should be done before any
>> IPsec handling takes place (easier and faster).
>
>WRONG FOR OUTBOUND PACKETS!!! This is in clear violation of RFC 1825. Lemme
>quote:
>
>>> 3.1 AUTHENTICATION HEADER
>
><SNIP!>
>
>>> Fragmentation occurs after the Authentication Header processing for
>>> outbound packets and prior to Authentication Header processing for
>>> inbound packets. The receiver verifies the correctness of the
>
>There actually isn't text in the ESP section, but I'll bet small sums that
>either Ran A. or Steve K. will back me up on this one.
>
>If you meant inbound packets, my bad.
>
>on the inbound side, what does this mean: "fragmentation occurs prior to AH
>processing"
>does this mean reassembly occurs prior to AH processing ?
Follow-Ups: