On Tue, Apr 03, 2007 at 06:32:07PM +0200, Patrick McHardy wrote:
>
> I'm not sure I understand how this would work, the ICMP message
> looks the same in both cases. Or are you suggesting to
> differentiate based on the source of the ICMP message?
Actually you're right, this can't work in the gene
On Thu, Apr 05, 2007 at 02:16:53PM +0200, Patrick McHardy wrote:
>
> That sounds easier. I'm currently working in that area anyway, I'll
> give it a try.
Thanks Patrick!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.
On Thu, Apr 05, 2007 at 02:09:20PM +0200, Patrick McHardy wrote:
>
> > One possible solution is to not send MTU errors to ourselves since
> > we it wouldn't give us any new information. We'd need to audit the
> > users of icmp_send to make sure that there isn't a legitimate case
> > where we'd wan
Herbert Xu wrote:
> On Thu, Apr 05, 2007 at 02:09:20PM +0200, Patrick McHardy wrote:
>
>>>One possible solution is to not send MTU errors to ourselves since
>>>we it wouldn't give us any new information. We'd need to audit the
>>>users of icmp_send to make sure that there isn't a legitimate case
Herbert Xu wrote:
> On Tue, Apr 03, 2007 at 06:32:07PM +0200, Patrick McHardy wrote:
>
>>I'm not sure I understand how this would work, the ICMP message
>>looks the same in both cases. Or are you suggesting to
>>differentiate based on the source of the ICMP message?
>
>
> Actually you're right,
Herbert Xu wrote:
> On Mon, Apr 02, 2007 at 04:10:25PM +0200, Patrick McHardy wrote:
>
>>I noticed a problem with PMTUD between two IPsec tunnel endpoints.
>>When sending a packet larger than the PMTU with IP_DF from one
>>tunnel endpoint to the other, xfrm4_output sends an ICMP frag.
>>required w
Hi Patrick:
On Mon, Apr 02, 2007 at 04:10:25PM +0200, Patrick McHardy wrote:
> I noticed a problem with PMTUD between two IPsec tunnel endpoints.
> When sending a packet larger than the PMTU with IP_DF from one
> tunnel endpoint to the other, xfrm4_output sends an ICMP frag.
> required with the IP
I noticed a problem with PMTUD between two IPsec tunnel endpoints.
When sending a packet larger than the PMTU with IP_DF from one
tunnel endpoint to the other, xfrm4_output sends an ICMP frag.
required with the IPsec MTU. Since the addresses match the tunnel
endpoints, this updates the MTU for the
