| To: | Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: IPsec and Path MTU |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Sat, 19 Jun 2004 12:50:53 -0700 |
| Cc: | herbert@xxxxxxxxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <7882.1087616014@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| References: | <20040615124334.GA25164@xxxxxxxxxxxxxxxxxxx> <20040616195653.GC29781@xxxxxxxxxxxxx> <20040616231317.GA5742@xxxxxxxxxxxxxxxxxxx> <20040617190158.GA10925@xxxxxxxxxxxxx> <20040617213832.GC14089@xxxxxxxxxxxxxxxxxxx> <20040617152921.730892c7.davem@xxxxxxxxxx> <20040617231241.GB14739@xxxxxxxxxxxxxxxxxxx> <20040617161403.2d0ee598.davem@xxxxxxxxxx> <7882.1087616014@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Fri, 18 Jun 2004 23:33:34 -0400 Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > >>>>> "David" == David S Miller <davem@xxxxxxxxxx> writes: > >> In my case, the ICMP message is not coming from the remote IPsec > >> gateway or a router in front of it. It's coming from a host > >> behind it. So the original IP header is in the ICMP message, in > >> the clear. > > David> Remote gateway is supposed to encapsulate the ICMP message > David> and send it back to the other gateway isn't it? > > Maybe. Maybe not. > The policy may be per-port, or based upon some other more complicated > policy. The policy should therefore match the quoted packet in the ICMP message. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH] ECONET: fix compilation failure, YOSHIFUJI Hideaki / 吉藤英明 |
|---|---|
| Next by Date: | Re: Iptables-1.2.9/10 compile failure with linux 2.6.7 headers, David S. Miller |
| Previous by Thread: | Re: IPsec and Path MTU, Michael Richardson |
| Next by Thread: | Re: IPsec and Path MTU, Alexey Kuznetsov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |