Date: Tue, 28 Oct 2003 12:40:04 +0100 From: Eric Masson <e-masson@kisoft-services.com> To: Michael Sierchio <kudzu@tenebras.com> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: ipsec tunnels & packet length issues Message-ID: <86n0bllhez.fsf@t39bsdems.interne.kisoft-services.com> In-Reply-To: <3F9950F6.6000208@tenebras.com> (Michael Sierchio's message of "Fri, 24 Oct 2003 09:19:02 -0700") References: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com> <3F9950F6.6000208@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Michael" == Michael Sierchio <kudzu@tenebras.com> writes: Michael> You should allow for an IP header with options and the ESP Michael> header, which is smaller than 1450. For SKIP I use 1366 as the Michael> advertised MTU, and for IPsec usually 1436, unless I need to Michael> accomodate ESP and AH, in which case it's smaller. Ok, that's fine. Michael> It's a known feature of any sort of IP encapsulation. I understand. I'm no kernel hacker at all, I was just thinking about the ability for the tunnel endpoint to send back an icmp packet type 3 code 4 when the packet is too long to be encapsulated. Is this plain dumb or does it present any interest ? Regards Eric Masson -- comment fait on pour craker un logiciel car j'ai le logiciel et le crack, et quand je lance le crack ca m'ouvre une session dos et c'est tous, y'a t'il quelque chose à écrire dans cette session sous dos ? -+- FV in : Guide du Neuneu Usenet : Aidez-moi ou je cracke -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86n0bllhez.fsf>