Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Oct 2003 12:40:04 +0100
From:      Eric Masson <e-masson@kisoft-services.com>
To:        Michael Sierchio <kudzu@tenebras.com>
Cc:        Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject:   Re: ipsec tunnels & packet length issues
Message-ID:  <86n0bllhez.fsf@t39bsdems.interne.kisoft-services.com>
In-Reply-To: <3F9950F6.6000208@tenebras.com> (Michael Sierchio's message of "Fri, 24 Oct 2003 09:19:02 -0700")
References:  <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com> <3F9950F6.6000208@tenebras.com>

next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Michael" == Michael Sierchio <kudzu@tenebras.com> writes:

 Michael> You should allow for an IP header with options and the ESP
 Michael> header, which is smaller than 1450. For SKIP I use 1366 as the
 Michael> advertised MTU, and for IPsec usually 1436, unless I need to
 Michael> accomodate ESP and AH, in which case it's smaller.

Ok, that's fine.

 Michael> It's a known feature of any sort of IP encapsulation.

I understand.

I'm no kernel hacker at all, I was just thinking about the ability for
the tunnel endpoint to send back an icmp packet type 3 code 4 when the
packet is too long to be encapsulated.

Is this plain dumb or does it present any interest ?

Regards

Eric Masson

-- 
 comment fait on pour craker un logiciel car j'ai le logiciel et le
 crack, et quand je lance le crack ca m'ouvre une session dos et c'est
 tous, y'a t'il quelque chose à écrire dans cette session sous dos ?
 -+- FV in : Guide du Neuneu Usenet : Aidez-moi ou je cracke -+-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86n0bllhez.fsf>