tech-net: Re: IPSec: packet continuity problem

Subject: Re: IPSec: packet continuity problem
To: The evil human resources director <root@pilhuhn.de>
From: None <itojun@iijlab.net>
List: tech-net
Date: 08/15/1999 18:35:08

>I sometimes see on console "packet continuity problem; drop it for
>simplicity".

	There are some assumptions in esp code about mbuf alignments,
	and it seems that it was not satisfied due to the way the other end.

>11:18:37.574513 Sharky.pilhuhn.de > catbert.pilhuhn.de: ESP(spi=4660,seq=0x1c2d) (frag 22140:-64056@0+) [tos 0x10] (ttl 64)
>11:18:37.574601 Sharky.pilhuhn.de > catbert.pilhuhn.de: (frag 22140:4@1480) [tos 0x10] (ttl 64)

	If shark.pilhuhn.de is a NetBSD box it should not fragment like this.
	(I know nothing about Shark - sorry for dumb question, is it
	NetBSD box or some other firewall product?)
	Anyway, I'll remove this assumption soon.  Thanks for reporting.

itojun