[Openswan dev] IPv6 fragmentation for KLIPS vs NETKEY
David McCullough
david_mccullough at mcafee.com
Tue Apr 26 20:56:29 EDT 2011
Jivin Paul Wouters lays it down ...
> On Mon, 25 Apr 2011, Paul Wouters wrote:
>
> > Subject: [Openswan dev] IPv6 fragmentation for KLIPS vs NETKEY
>
> I fixed the fragmentation code, it will be in openswan 2.6.34.
>
> One thing I wanted to bring up to be sure we're not making a mistake is
> the following.
>
> We originally did our tests with ping6 packet sizes, but the code was
> explicitly not sending any ICMP6 messages if the packet that was too
> big was itself an ICMP6 message. I removed this check, as I don't think
> this is needed. The only "storm" this could produce is if we would receive
> an ICMPV6_PKT_TOOBIG message that in itself is too big. I don't think that
> can realisticly happen, as that packet only contains a few bytes of headers
> and the max mtu that can go through the link as data.
>
> With the current code, you can test fragmentation using ping6 -s 1400 destip
Sounds ok to me,
Cheers,
Davidm
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list