Dear all:

Recently I am tracing the codes of ip6_forward(), which is defined in ip6_forward.c. My referenced version is FreeBSD Release 6.1. I have the following questions about IPsec operations:

(1) lines 489-512 are about the transmission of ICMP Packet Too Big message. Is it necessary here since tunneled packets are already sent out at this point? (2) The location of the packet size examination is not proper. If the packet matches SP, then it will be tunneled without sending out ICMP packet too big error message to the source. (3) Is there any RFC about ICMP notification and IPsec? I am not sure what kind of ICMP error messages should be sent out from the security gateway. For example, is ICMP destination unreachable necessary if the inner destination is unreachable? Or ICMP Redirect packet necessary if the inner destination needs to be redirected?

Thanks.

Best regards,

Yi-Wen

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to