ipsec tunnels & packet length issues

Eric Masson e-masson at kisoft-services.com
Tue Oct 28 03:40:34 PST 2003

>>>>> "Michael" == Michael Sierchio <kudzu at tenebras.com> writes:

 Michael> You should allow for an IP header with options and the ESP
 Michael> header, which is smaller than 1450. For SKIP I use 1366 as the
 Michael> advertised MTU, and for IPsec usually 1436, unless I need to
 Michael> accomodate ESP and AH, in which case it's smaller.

Ok, that's fine.

 Michael> It's a known feature of any sort of IP encapsulation.

I understand.

I'm no kernel hacker at all, I was just thinking about the ability for
the tunnel endpoint to send back an icmp packet type 3 code 4 when the
packet is too long to be encapsulated.

Is this plain dumb or does it present any interest ?


Eric Masson

 comment fait on pour craker un logiciel car j'ai le logiciel et le
 crack, et quand je lance le crack ca m'ouvre une session dos et c'est
 tous, y'a t'il quelque chose à écrire dans cette session sous dos ?
 -+- FV in : Guide du Neuneu Usenet : Aidez-moi ou je cracke -+-

More information about the freebsd-net mailing list