--DwoPkXS38qd3dnhB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 28, 2004 at 03:35:16PM -0700, Jason Thorpe wrote:
>=20
> On May 28, 2004, at 3:28 PM, Daniel Carosone wrote:
>=20
> >I think it should keep a per-SA record of the MTU across the SA, and
> >update that accordingly. Then NEEDS FRAG's get generated appropriately
> >later when A/D send something too large for the new smaller tunnel.
>=20
> Yah, that's basically that I concluded after writing that paragraph=20
> originally :-)

Hm. Routes can have MTU's..

> Unfortunately, it requires the original sender to retransmit (since the=
=20
> first ICMP message will be "lost"), but them's the breaks, I guess.

Yup... perhaps if we use routes rather than per-SA MTU's, at least we
can avoid this for the case where there are several SA's to the same
remote peer.  Keeping the inside vs outside routes and MTUs clear is
likely to get just as messy, though :(

--
Dan.



--DwoPkXS38qd3dnhB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFAt8CTEAVxvV4N66cRApbMAJ0ajltLEcWRr4NIy0RRamVNTfyoDwCeNPeo
qlkgDm45MK2xNZPD2z2InZs=
=oGbM
-----END PGP SIGNATURE-----

--DwoPkXS38qd3dnhB--