[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP must fragment and IPsec

To: Matt Crawford <crawdad@fnal.gov>
Subject: Re: ICMP must fragment and IPsec
From: "Kevin M. Lahey" <kml@nas.nasa.gov>
Date: Mon, 23 Jun 1997 10:26:29 -0700
cc: vjs@mica.denver.sgi.com (Vernon Schryver), tcp-impl@cthulhu.engr.sgi.com, ipsec@tis.com
In-reply-to: Your message of "Mon, 23 Jun 1997 10:33:25 CDT." <199706231533.KAA12274@gungnir.fnal.gov>
Sender: owner-ipsec@ex.tis.com

In message <199706231533.KAA12274@gungnir.fnal.gov>Matt Crawford writes
>> >   One way might be to have an ICMP or TCP option that requests the
>> > other end to provide a response, giving the size of the largest
>> > fragment received. This would be enclosed in the SA that the TCP data
>> > is flowing in. This is in some sense a variation of the TCP MSS option.
>> 
>> What is this "other end"?
>> If talking to the other end of a TCP connection were enough, then the
>> MSS negotiation would be enough ...
>
>No, I think he meant for one end to tell the other what was the size
>of the largest IP packet-or-fragment it has actually received.  It
>can't rightly be a TCP option, because TCP wouldn't know this.  And
>besides, it becomes pretty hairy at any level when you try to find
>out what was the largest packet received "lately."  Ugh.

Then, too, wouldn't this would fail under IPv6, since only the
originating host can fragment packets?  If routers are just dropping
the packets (and sending ICMP messages) rather than fragmenting and
forwarding, the end system would never get any useful fragment sizes to
deal with.

Kevin Lahey 
kml@nas.nasa.gov

References:

Re: ICMP must fragment and IPsec

From: Matt Crawford <crawdad@fnal.gov>

Prev by Date: Re: ICMP must fragment and IPsec
Next by Date: Re: Time value and 56-bit DES [Re: CAST5-128 was: A little socialengineering]
Prev by thread: Re: ICMP must fragment and IPsec
Next by thread: Re: ICMP must fragment and IPsec
Index(es):
- Main
- Thread