Re: IPsec and Path MTU

To:	"David S. Miller" <davem@xxxxxxxxxx>
Subject:	Re: IPsec and Path MTU
From:	Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Fri, 18 Jun 2004 23:33:34 -0400
Cc:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, kuznet@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	Message from "David S. Miller" <davem@redhat.com> of "Thu, 17 Jun 2004 16:14:03 PDT." <20040617161403.2d0ee598.davem@redhat.com>
References:	<20040615124334.GA25164@gondor.apana.org.au> <20040616195653.GC29781@ms2.inr.ac.ru> <20040616231317.GA5742@gondor.apana.org.au> <20040617190158.GA10925@ms2.inr.ac.ru> <20040617213832.GC14089@gondor.apana.org.au> <20040617152921.730892c7.davem@redhat.com> <20040617231241.GB14739@gondor.apana.org.au> <20040617161403.2d0ee598.davem@redhat.com>
Sender:	netdev-bounce@xxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "David" == David S Miller <davem@xxxxxxxxxx> writes:
    >> In my case, the ICMP message is not coming from the remote IPsec
    >> gateway or a router in front of it.  It's coming from a host
    >> behind it.  So the original IP header is in the ICMP message, in
    >> the clear.

    David> Remote gateway is supposed to encapsulate the ICMP message
    David> and send it back to the other gateway isn't it?

Maybe. Maybe not.
The policy may be per-port, or based upon some other more complicated
policy. 

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxx      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQNO0DYqHRg3pndX9AQF28QP/bSgt3W2Sp6NOh4qevn/wtTcbjfE+ku0W
KRIChkF4Npot65yQKUzkwm1aV6xxcq+jPTIrgM4BASoOtrMNug2nj7EBowTSHImK
abY8KrB2JZsCFIQpa8M0vB89gJ41ufq2NaavLsjkwsPLZZX/IYtrnd8Drt4nAT5s
MqXS3xwaoxU=
=feOK
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>
Re: IPsec and Path MTU, (continued) Re: IPsec and Path MTU, David S. Miller Re: IPsec and Path MTU, Herbert Xu Re: IPsec and Path MTU, Alexey Kuznetsov Re: IPsec and Path MTU, Herbert Xu Re: IPsec and Path MTU, Alexey Kuznetsov Re: IPsec and Path MTU, Herbert Xu Re: IPsec and Path MTU, David S. Miller Re: IPsec and Path MTU, Herbert Xu Re: IPsec and Path MTU, David S. Miller Re: IPsec and Path MTU, Herbert Xu Re: IPsec and Path MTU, Michael Richardson <= Re: IPsec and Path MTU, David S. Miller Re: IPsec and Path MTU, Alexey Kuznetsov Re: IPsec and Path MTU, Herbert Xu

Previous by Date:	Re: [PATCH] ECONET: fix compilation failure, David S. Miller
Next by Date:	Re: [PATCH] ECONET: fix compilation failure, David S. Miller
Previous by Thread:	Re: IPsec and Path MTU, Herbert Xu
Next by Thread:	Re: IPsec and Path MTU, David S. Miller
Indexes:	[Date] [Thread] [Top] [All Lists]