[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: diffedge handling of fragments

To: Sumit Vakil <sumit@calynet.com>
Subject: Re: diffedge handling of fragments
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 06 Oct 1999 17:27:49 -0400
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 06 Oct 1999 12:09:38 PDT." <636C2D109E6CD3119C3600062905FE8F8D45@MAIL-CLUSTER.calynet.com>
Sender: owner-ipsec@lists.tislabs.com


>>>>> "Sumit" == Sumit Vakil <sumit@calynet.com> writes:

    Sumit> Michael, Section 4.4.2 of RFC 2401 also says that if the port
    Sumit> information is not available in a fragment it is to be discarded.
    Sumit> The exact text is as follows:

    Sumit> If the packet has been fragmented, then the port information may
    Sumit> not be available in the current fragment.  If so, discard the
    Sumit> fragment.  An ICMP PMTU should be sent for the first fragment,
    Sumit> which will have the port information.  [MAY be supported]

  Uh, I read this to be in the context of doing ICMP PMTU discovery for
the end hosts of the MTU of the tunnel. 

    Sumit> I'm not sure that sending a fragment over a host<->host SA would
    Sumit> always be the best course of action.  The host<->host SA might not
    Sumit> provide the required security for the fragment.

  Agreed.

] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

RE: diffedge handling of fragments

From: Sumit Vakil <sumit@calynet.com>

Prev by Date: RE: diffedge handling of fragments
Next by Date: RE: diffedge handling of fragments
Prev by thread: RE: diffedge handling of fragments
Next by thread: RE: diffedge handling of fragments
Index(es):
- Main
- Thread