[Top] [All Lists]

Re: IPsec and Path MTU

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: IPsec and Path MTU
From: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Date: Wed, 16 Jun 2004 23:56:53 +0400
Cc: davem@xxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040615124334.GA25164@xxxxxxxxxxxxxxxxxxx>
References: <20040615124334.GA25164@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6i

> As it is, the MTU for any peer with an IPsec policy is determined
> by the MTU of its dst->path.  But this is wrong because it assigns
> a single MTU to all hosts behind an IPsec gateway, even though their
> paths may well diverge beyond the gateway.

Each SA bundle referring to a dst has pmtu derived from pmtu
of that dst. So, actually, I do not understand the question.
If the policy uses the raw IP level path dst, it inherits this pmtu.


PS. Broadcast: guys, please, tell someone to Herbert, my e-mail is banned
at his server:

... while talking to
>>> RCPT To:<herbert@xxxxxxxxxxxxxxxxxxx>
<<< 550 mail from rejected: administrative prohibition

<Prev in Thread] Current Thread [Next in Thread>