David S. Miller wrote:
After talking the IPV6 PMTU situation over with Herbert this afternoon, we discovered that IPV4 has the same problem :-)
Yes it does, and arguably correctly so. As I see it this really comes down to a question of cached metrics scope. I had a discussion recently about this with Fernando Gont. See the thread "Improvement for the current PMTUD mechanism" at <http://www1.ietf.org/mail-archive/web/pmtud/current/threads.html>.
When implementing additional validity checks at a protocol above IP, these checks are useless if it just uses a cached value from another protocol which doesn't do any checks. A single cached value is as weak as your weakest protocol. If you hope to do PMTUD with a stateless protocol like UDP, there can be no veritication. Using two cache values, a "strong" and a "weak" one, may be sufficient. A per-protocol metric for each protocol implementing ICMP checks is another possibility.
Doing PMTUD at the Packetization Layer (MTU probing) may change the answer of how best to handle these issues, especially for something like IPsec since it can work correctly even if all ICMP is discarded.
<http://www.ietf.org/internet-drafts/draft-ietf-pmtud-method-05.txt> <http://www.psc.edu/~jheffner/projects/mtup/> -John - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
