From owner-freebsd-net@FreeBSD.ORG  Tue Oct 28 03:40:34 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1475916A4CE
	for <freebsd-net@FreeBSD.org>; Tue, 28 Oct 2003 03:40:34 -0800 (PST)
Received: from math.teaser.net (math.teaser.net [213.91.2.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C07E843F75
	for <freebsd-net@FreeBSD.org>; Tue, 28 Oct 2003 03:40:32 -0800 (PST)
	(envelope-from e-masson@kisoft-services.com)
Received: from t39bsdems.interne.kisoft-services.com
	(nantes.kisoft-services.com [193.56.60.243])
	by math.teaser.net (Postfix) with ESMTP
	id 7C12C6CF3F; Tue, 28 Oct 2003 12:40:31 +0100 (CET)
Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001)
	id 79F9F5A899; Tue, 28 Oct 2003 12:40:04 +0100 (CET)
To: Michael Sierchio <kudzu@tenebras.com>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <3F9950F6.6000208@tenebras.com> (Michael Sierchio's message of
 "Fri, 24 Oct 2003 09:19:02 -0700")
References: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com>
	<3F9950F6.6000208@tenebras.com>
X-Operating-System: FreeBSD 4.9-PRERELEASE i386
Date: Tue, 28 Oct 2003 12:40:04 +0100
Message-ID: <86n0bllhez.fsf@t39bsdems.interne.kisoft-services.com>
User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject: Re: ipsec tunnels & packet length issues
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2003 11:40:34 -0000

>>>>> "Michael" == Michael Sierchio <kudzu@tenebras.com> writes:

 Michael> You should allow for an IP header with options and the ESP
 Michael> header, which is smaller than 1450. For SKIP I use 1366 as the
 Michael> advertised MTU, and for IPsec usually 1436, unless I need to
 Michael> accomodate ESP and AH, in which case it's smaller.

Ok, that's fine.

 Michael> It's a known feature of any sort of IP encapsulation.

I understand.

I'm no kernel hacker at all, I was just thinking about the ability for
the tunnel endpoint to send back an icmp packet type 3 code 4 when the
packet is too long to be encapsulated.

Is this plain dumb or does it present any interest ?

Regards

Eric Masson

-- 
 comment fait on pour craker un logiciel car j'ai le logiciel et le
 crack, et quand je lance le crack ca m'ouvre une session dos et c'est
 tous, y'a t'il quelque chose à écrire dans cette session sous dos ?
 -+- FV in : Guide du Neuneu Usenet : Aidez-moi ou je cracke -+-