Dave Huang <khym%azeotrope.org@localhost> writes: > It appears that (FAST_)IPSEC doesn't send ICMP fragmentation needed > when it gets a Don't Fragment packet that needs to be fragmented > because of encapsulation overhead. Beverly Schwartz posted an analysis > of the problem last year > <http://mail-index.netbsd.org/tech-net/2012/10/16/msg003674.html>, but > nobody said anything :( I think that was partly because this is hard and not that many people are having trouble and partly because at least for some of the issues there are spec ambiguities. Thanks for sending the updated patch. It is probably better to apply a sensible change that helps rather than dither forever about the perfect fix. (I won't get a change to look at this for a few weeks.) Objections?
Attachment:
pgpjj6_xnIm5m.pgp
Description: PGP signature