Re: FAST_IPSEC doesn't send ICMP frag needed

To: tech-net%netbsd.org@localhost
Subject: Re: FAST_IPSEC doesn't send ICMP frag needed
From: Dave Huang <khym%azeotrope.org@localhost>
Date: Fri, 20 Dec 2013 11:22:57 -0600

On Fri, Dec 20, 2013 at 11:06:44AM -0500, Greg Troxel wrote:
> I think the concept is that a packet that would be routed out one
> interface matches an SPD entry and can get put in a tunnel that causes
> the encapsulated packet to be sent out a different interface.   Really
> only the interface that gets the tunnel packet should matter (and the
> route MTU for that outer dst).

Ah, yeah... after looking into it more, the destmtu from ip_forward()
is for the inner packet's interface/route, not the outer. So something
like the code I deleted is needed, but that exact code doesn't
actually work (and I definitely don't know enough to make it work :)
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 38 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++

References:
- FAST_IPSEC doesn't send ICMP frag needed
  - From: Dave Huang
- Re: FAST_IPSEC doesn't send ICMP frag needed
  - From: Dave Huang
- Re: FAST_IPSEC doesn't send ICMP frag needed
  - From: Greg Troxel

Prev by Date: Re: ICMP_UNREACH_NEEDFRAG returns iface MTU instead of route?
Next by Date: Re: BPF memstore and bpf_validate_ext()
Previous by Thread: Re: FAST_IPSEC doesn't send ICMP frag needed
Next by Thread: Re: FAST_IPSEC doesn't send ICMP frag needed
Indexes:

Home | Main Index | Thread Index | Old Index