Hi Paul, Please see my response in line.
Yours, Daniel On Tue, Aug 1, 2023 at 2:15 PM Paul Wouters <p...@nohats.ca> wrote: > On Aug 1, 2023, at 12:56, Daniel Migault <mglt.i...@gmail.com> wrote: > > > > > Hi Ben, > > Just trying to position our understanding of the position between the ICMP > PTB and the IKE PTB. > > If an incoming Encrypted packet is larger than the Link MTU > > > How can than be? You mean you received an ESP or ESPinUDP that after > decrypting was too large for the > link you need to send the decrypted packet on? That seems really odd. > I was trying to mention the very basic use of ICMP PTB here. There is no decryption at that point, that is if an IP packet IP/ESP or IP/UDP/ESP is larger than the link MTU, an ICMP PTB will be sent. > > an ICMP PTB is sent, otherwise the packet is accepted. If fragments are > received, a reassembly operation happens and the packet may be too large to > be built or decrypted. > > > What is this “too large to decrypt” scenario ? Can you give more details? > The reassembled packet is larger than EMTU_R for example. > > Paul > -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec