From owner-freebsd-net@FreeBSD.ORG  Fri Sep  7 10:23:07 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 84F0516A41A
	for <freebsd-net@freebsd.org>; Fri,  7 Sep 2007 10:23:07 +0000 (UTC)
	(envelope-from Susan.Lan@zyxel.com.tw)
Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66])
	by mx1.freebsd.org (Postfix) with ESMTP id 304C513C4CC
	for <freebsd-net@freebsd.org>; Fri,  7 Sep 2007 10:23:06 +0000 (UTC)
	(envelope-from Susan.Lan@zyxel.com.tw)
Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw
	with Microsoft SMTPSVC(6.0.3790.1830); 
	Fri, 7 Sep 2007 18:22:56 +0800
Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with
	Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 18:22:56 +0800
Received: from [172.23.17.9] ([172.23.17.9]) by zytwfe01.ZyXEL.com with
	Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 18:22:55 +0800
Message-ID: <46E1268E.5030500@zyxel.com.tw>
Date: Fri, 07 Sep 2007 18:23:10 +0800
From: blue <susan.lan@zyxel.com.tw>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 07 Sep 2007 10:22:55.0600 (UTC)
	FILETIME=[0E23B700:01C7F139]
Subject: ICMP error notification with IPsec in ip6_forward()
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Sep 2007 10:23:07 -0000

Dear all:

Recently I am tracing the codes of ip6_forward(), which is defined in 
ip6_forward.c. My referenced version is FreeBSD Release 6.1. I have the 
following questions about IPsec operations:

(1) lines 489-512 are about the transmission of ICMP Packet Too Big 
message. Is it necessary here since tunneled packets are already sent 
out at this point?
(2) The location of the packet size examination is not proper. If the 
packet matches SP, then it will be tunneled without sending out ICMP 
packet too big error message to the source.
(3) Is there any RFC about ICMP notification and IPsec? I am not sure 
what kind of ICMP error messages should be sent out from the security 
gateway. For example, is ICMP destination unreachable necessary if the 
inner destination is unreachable? Or ICMP Redirect packet necessary if 
the inner destination needs to be redirected?

Thanks.

Best regards,

Yi-Wen