[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ICMP messages and per-port selectors
-----BEGIN PGP SIGNED MESSAGE-----
Along time ago, I wrote a number of drafts about ICMP messages:
PMTU messages:
draft-richardson-ipsec-pmtu-discovery.txt
http://www.sandelman.ca/SSW/ietf/draft-richardson-ipsec-pmtu-discovery-00.txt
more recent ideas (discussed with the re-chartered PMTUD group already):
draft-richardson-ipsec-fragment-00.txt
http://www.sandelman.ca/SSW/ietf/ipsec/fragment/draft-richardson-ipsec-fragment-00.txt
on other ICMP messages:
http://www.sandelman.ca/SSW/ietf/ipsec-icmp-handle-v4-01.txt
and http://www.sandelman.ca/SSW/ietf/ipsec-icmp-options-01.txt
Tero Kivinen asked me to repost references to them.
The essential premise of the later documents it that an ICMP message
such as a port-unreachable should be examined - the "quoted" IP packet
examined, reversed (src<->dst address/ports) and an SA found for it.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQDuWE4qHRg3pndX9AQGMVQP/VRjfaQ8gcD6AK2i6mE4qpGOaKremU9Sv
RwPboX3wg+iZUSnHn8OrAX7XzTbfajIeRukcGeylGpDppxJACAJFoJnAWJH/IMCE
5Zw3YrZfcW8FZpGB42LUMzoWRk8AykI3vmkzG3kanihchRLpVtuae4VjvBJBlHU8
jwYLF/yTrco=
=kOlX
-----END PGP SIGNATURE-----