ICMP messages and per-port selectors

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


Along time ago, I wrote a number of drafts about ICMP messages:

PMTU messages:
      draft-richardson-ipsec-pmtu-discovery.txt
      http://www.sandelman.ca/SSW/ietf/draft-richardson-ipsec-pmtu-discovery-00.txt

more recent ideas (discussed with the re-chartered PMTUD group already):
      draft-richardson-ipsec-fragment-00.txt
      http://www.sandelman.ca/SSW/ietf/ipsec/fragment/draft-richardson-ipsec-fragment-00.txt
      
on other ICMP messages:
      http://www.sandelman.ca/SSW/ietf/ipsec-icmp-handle-v4-01.txt
and   http://www.sandelman.ca/SSW/ietf/ipsec-icmp-options-01.txt

Tero Kivinen asked me to repost references to them. 

The essential premise of the later documents it that an ICMP message 
such as a port-unreachable should be examined - the "quoted" IP packet 
examined, reversed (src<->dst address/ports) and an SA found for it.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQDuWE4qHRg3pndX9AQGMVQP/VRjfaQ8gcD6AK2i6mE4qpGOaKremU9Sv
RwPboX3wg+iZUSnHn8OrAX7XzTbfajIeRukcGeylGpDppxJACAJFoJnAWJH/IMCE
5Zw3YrZfcW8FZpGB42LUMzoWRk8AykI3vmkzG3kanihchRLpVtuae4VjvBJBlHU8
jwYLF/yTrco=
=kOlX
-----END PGP SIGNATURE-----