tech-net: Re: Default value of net.inet.ipsec.dfbit breaks PMTU over IPsec tunnels

Subject: Re: Default value of net.inet.ipsec.dfbit breaks PMTU over IPsec tunnels
To: Michael Hertrick <m.hertrick@neovera.com>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-net
Date: 05/28/2004 08:05:16

--Apple-Mail-37-75333677
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On May 28, 2004, at 7:08 AM, Michael Hertrick wrote:

> In the interest of security, specifically the risk of DoS (both 
> intentional and not), I'd like to see the DF bit set by default.

Set?  Or copied from the original packet?

I think it should be copied from the original.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>


--Apple-Mail-37-75333677
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD4DBQFAt1UrOpVKkaBm8XkRAjitAJiZ/e4aQ83iS535V+3FoE4oDinNAJ9h3RGk
LUfkHIpQ/F5J5Ui8XDv5xQ==
=Hddd
-----END PGP SIGNATURE-----

--Apple-Mail-37-75333677--