ipsec tunnels & packet length issues
Eric Masson
e-masson at kisoft-services.com
Tue Oct 28 03:40:34 PST 2003
>>>>> "Michael" == Michael Sierchio <kudzu at tenebras.com> writes:
Michael> You should allow for an IP header with options and the ESP
Michael> header, which is smaller than 1450. For SKIP I use 1366 as the
Michael> advertised MTU, and for IPsec usually 1436, unless I need to
Michael> accomodate ESP and AH, in which case it's smaller.
Ok, that's fine.
Michael> It's a known feature of any sort of IP encapsulation.
I understand.
I'm no kernel hacker at all, I was just thinking about the ability for
the tunnel endpoint to send back an icmp packet type 3 code 4 when the
packet is too long to be encapsulated.
Is this plain dumb or does it present any interest ?
Regards
Eric Masson
--
comment fait on pour craker un logiciel car j'ai le logiciel et le
crack, et quand je lance le crack ca m'ouvre une session dos et c'est
tous, y'a t'il quelque chose à écrire dans cette session sous dos ?
-+- FV in : Guide du Neuneu Usenet : Aidez-moi ou je cracke -+-
More information about the freebsd-net
mailing list