[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: diffedge handling of fragments
>>>>> "Sumit" == Sumit Vakil <sumit@calynet.com> writes:
Sumit> Michael, Section 4.4.2 of RFC 2401 also says that if the port
Sumit> information is not available in a fragment it is to be discarded.
Sumit> The exact text is as follows:
Sumit> If the packet has been fragmented, then the port information may
Sumit> not be available in the current fragment. If so, discard the
Sumit> fragment. An ICMP PMTU should be sent for the first fragment,
Sumit> which will have the port information. [MAY be supported]
Uh, I read this to be in the context of doing ICMP PMTU discovery for
the end hosts of the MTU of the tunnel.
Sumit> I'm not sure that sending a fragment over a host<->host SA would
Sumit> always be the best course of action. The host<->host SA might not
Sumit> provide the required security for the fragment.
Agreed.
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
References: