Re: [Ipsec] STRAW POLL: Handling of fragments in RFC-2401bis(section 7)

[Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>]

On Mon, 24 May 2004 01:15:21 -0400
"Theodore Ts'o" <tytso@mit.edu> wrote:

> QUESTION 1:  Select one of the following
> 
>    ____ Both Methods #2 and Method #3 should be a MAY

I think both should be MAY, it's implementation to decide whether to
do these things or not. Especially method #3, which seems to be far
too hard to handle for small implementations.

BTW, is fragmented user traffic (i.e. forwarding packets that are
already fragmented, not the ones that are fragmented by IPsec tunnel
I/F MTU size) affected by this? or is it out of scope in this section?
How about fragmented user traffic that is too big for an outgoing
IPsec tunnel's MTU size?

> Another point which has been discussed is how difficult it is to
> implement stateful fragment inspection.  Tero has pointed out that his
> implementation has supported this for quite some time, and it isn't
> particularly difficult.

Just one clarification, could this implementation work out re-ordered/
non-ordered fragments OK?

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec