[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using por numbers in selectors
For gateways, yes. If you've negotiated port/protocol granulatity for
an IPSec SA and a packet gets fragmented prior to being IPSec protected
then the other end will have to queue up enough of the decapsulated
fragments to get the port/protocol and decide whether to forward it on to
the ultimate end-system.
Dan.
On Wed, 23 Jun 1999 11:32:41 EDT you wrote
> Isn't there an issue with port number policy lookups and fragmented packets?
>
> Victor
>
Follow-Ups:
References: