Dear all:
Recently I am tracing the codes of ip6_forward(), which is defined in
ip6_forward.c. My referenced version is FreeBSD Release 6.1. I have the
following questions about IPsec operations:
(1) lines 489-512 are about the transmission of ICMP Packet Too Big
message. Is it necessary here since tunneled packets are already sent
out at this point?
(2) The location of the packet size examination is not proper. If the
packet matches SP, then it will be tunneled without sending out ICMP
packet too big error message to the source.
(3) Is there any RFC about ICMP notification and IPsec? I am not sure
what kind of ICMP error messages should be sent out from the security
gateway. For example, is ICMP destination unreachable necessary if the
inner destination is unreachable? Or ICMP Redirect packet necessary if
the inner destination needs to be redirected?
Thanks.
Best regards,
Yi-Wen
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"