[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP must fragment and IPsec

In message <199706231533.KAA12274@gungnir.fnal.gov>Matt Crawford writes
>> >   One way might be to have an ICMP or TCP option that requests the
>> > other end to provide a response, giving the size of the largest
>> > fragment received. This would be enclosed in the SA that the TCP data
>> > is flowing in. This is in some sense a variation of the TCP MSS option.
>> What is this "other end"?
>> If talking to the other end of a TCP connection were enough, then the
>> MSS negotiation would be enough ...
>No, I think he meant for one end to tell the other what was the size
>of the largest IP packet-or-fragment it has actually received.  It
>can't rightly be a TCP option, because TCP wouldn't know this.  And
>besides, it becomes pretty hairy at any level when you try to find
>out what was the largest packet received "lately."  Ugh.

Then, too, wouldn't this would fail under IPv6, since only the
originating host can fragment packets?  If routers are just dropping
the packets (and sending ICMP messages) rather than fragmenting and
forwarding, the end system would never get any useful fragment sizes to
deal with.

Kevin Lahey