[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP must fragment and IPsec

To: vjs@mica.denver.sgi.com (Vernon Schryver)
Subject: Re: ICMP must fragment and IPsec
From: Matt Crawford <crawdad@fnal.gov>
Date: Mon, 23 Jun 1997 10:33:25 -0500
Cc: tcp-impl@relay.engr.sgi.com, ipsec@tis.com
In-reply-to: "22 Jun 1997 17:33:49 MDT."<"199706222333.RAA23828"@mica.denver.sgi.com>
Sender: owner-ipsec@ex.tis.com

> >   One way might be to have an ICMP or TCP option that requests the
> > other end to provide a response, giving the size of the largest
> > fragment received. This would be enclosed in the SA that the TCP data
> > is flowing in. This is in some sense a variation of the TCP MSS option.
> 
> What is this "other end"?
> If talking to the other end of a TCP connection were enough, then the
> MSS negotiation would be enough ...

No, I think he meant for one end to tell the other what was the size
of the largest IP packet-or-fragment it has actually received.  It
can't rightly be a TCP option, because TCP wouldn't know this.  And
besides, it becomes pretty hairy at any level when you try to find
out what was the largest packet received "lately."  Ugh.

				Matt Crawford

Follow-Ups:

Re: ICMP must fragment and IPsec

From: "Kevin M. Lahey" <kml@nas.nasa.gov>

Prev by Date: request for time at IPsec session in Munich
Next by Date: How to negotiate key length with ISAKMP?
Prev by thread: Re: ICMP must fragment and IPsec
Next by thread: Re: ICMP must fragment and IPsec
Index(es):
- Main
- Thread