Re: diffedge handling of fragments

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

>>>>> "Sumit" == Sumit Vakil <sumit@calynet.com> writes:

    Sumit> Michael, Section 4.4.2 of RFC 2401 also says that if the port
    Sumit> information is not available in a fragment it is to be discarded.
    Sumit> The exact text is as follows:

    Sumit> If the packet has been fragmented, then the port information may
    Sumit> not be available in the current fragment.  If so, discard the
    Sumit> fragment.  An ICMP PMTU should be sent for the first fragment,
    Sumit> which will have the port information.  [MAY be supported]

  Uh, I read this to be in the context of doing ICMP PMTU discovery for
the end hosts of the MTU of the tunnel. 

    Sumit> I'm not sure that sending a fragment over a host<->host SA would
    Sumit> always be the best course of action.  The host<->host SA might not
    Sumit> provide the required security for the fragment.

  Agreed.

] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [