Date: Fri, 07 Sep 2007 18:23:10 +0800 From: blue <susan.lan@zyxel.com.tw> To: freebsd-net@freebsd.org Subject: ICMP error notification with IPsec in ip6_forward() Message-ID: <46E1268E.5030500@zyxel.com.tw>
next in thread | raw e-mail | index | archive | help
Dear all: Recently I am tracing the codes of ip6_forward(), which is defined in ip6_forward.c. My referenced version is FreeBSD Release 6.1. I have the following questions about IPsec operations: (1) lines 489-512 are about the transmission of ICMP Packet Too Big message. Is it necessary here since tunneled packets are already sent out at this point? (2) The location of the packet size examination is not proper. If the packet matches SP, then it will be tunneled without sending out ICMP packet too big error message to the source. (3) Is there any RFC about ICMP notification and IPsec? I am not sure what kind of ICMP error messages should be sent out from the security gateway. For example, is ICMP destination unreachable necessary if the inner destination is unreachable? Or ICMP Redirect packet necessary if the inner destination needs to be redirected? Thanks. Best regards, Yi-Wen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46E1268E.5030500>