ICMP messages and per-port selectors
Michael Richardson <mcr@sandelman.ottawa.on.ca> Tue, 24 February 2004 20:19 UTC
Received: from lists.tislabs.com (portal.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08775 for <ipsec-archive@lists.ietf.org>; Tue, 24 Feb 2004 15:19:16 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA22645 Tue, 24 Feb 2004 13:09:44 -0500 (EST)
To: IPsec WG <ipsec@lists.tislabs.com>
Subject: ICMP messages and per-port selectors
X-Mailer: MH-E 7.4.2; nmh 1.0.4+dev; XEmacs 21.4 (patch 6)
Date: Tue, 24 Feb 2004 13:21:09 -0500
Message-ID: <29398.1077646869@marajade.sandelman.ottawa.on.ca>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
-----BEGIN PGP SIGNED MESSAGE----- Along time ago, I wrote a number of drafts about ICMP messages: PMTU messages: draft-richardson-ipsec-pmtu-discovery.txt http://www.sandelman.ca/SSW/ietf/draft-richardson-ipsec-pmtu-discovery-00.txt more recent ideas (discussed with the re-chartered PMTUD group already): draft-richardson-ipsec-fragment-00.txt http://www.sandelman.ca/SSW/ietf/ipsec/fragment/draft-richardson-ipsec-fragment-00.txt on other ICMP messages: http://www.sandelman.ca/SSW/ietf/ipsec-icmp-handle-v4-01.txt and http://www.sandelman.ca/SSW/ietf/ipsec-icmp-options-01.txt Tero Kivinen asked me to repost references to them. The essential premise of the later documents it that an ICMP message such as a port-unreachable should be examined - the "quoted" IP packet examined, reversed (src<->dst address/ports) and an SA found for it. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQDuWE4qHRg3pndX9AQGMVQP/VRjfaQ8gcD6AK2i6mE4qpGOaKremU9Sv RwPboX3wg+iZUSnHn8OrAX7XzTbfajIeRukcGeylGpDppxJACAJFoJnAWJH/IMCE 5Zw3YrZfcW8FZpGB42LUMzoWRk8AykI3vmkzG3kanihchRLpVtuae4VjvBJBlHU8 jwYLF/yTrco= =kOlX -----END PGP SIGNATURE-----
- ICMP messages and per-port selectors Michael Richardson
- Re: ICMP messages and per-port selectors Stephen Kent
- Re: ICMP messages and per-port selectors Jean-Jacques Puig
- Re: ICMP messages and per-port selectors Michael Richardson
- Re: ICMP messages and per-port selectors Stephen Kent