Re: ICMP_UNREACH_NEEDFRAG returns iface MTU instead of route?

[Gert Doering <gert%greenie.muc.de@localhost>]

Hi,

On Sat, Dec 28, 2013 at 11:03:37AM -0500, Greg Troxel wrote:
> That's layering on a kludge to fix a bug.  An interface has a configured
> MTU, which can be changed if it's wrong.  But an MTU and the implicit
> MRU are really a property of link (v6 term).

True, on layer 3.

Untrue on higher layers, where a MTU is effectively a function of the
whole path between you and the system you are talking to.

I'd argue that for IPSEC, what is *relevant* is the MTU on the path
to the other side of the end host, not the local interface MTU - so
using route MTU is the most likely source of path MTU information that
has useful information to the sender of the to-be-IPSEC-encapsulated
packet how to avoid fragmentation.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             
gert%greenie.muc.de@localhost
fax: +49-89-35655025                        
gert%net.informatik.tu-muenchen.de@localhost