> > The receiver can do any number of wrong things with what it sends, but I'd 
> > normally call those bugs. :)
> Yes, that's true. But if the protocol allows to do things wrong, it is
> a bug in the protocol :)
> Maybe you can just make it clear at the sender side by saying something
> like 'Fragments must be sent ordered and ESP encapsulated with consecutive
> sequence numbers.'

I concur (modulo s/must/MUST). And in addition: "If this requirement cannot be 
met, the sender MUST NOT fragment packets."

> > Adding a packet ID also means that you can't just chain the inner traffic 
> > buffers together to form the IP-TFS
> payload as you must now insert an extra header between each of the inner 
> packets, this is going to affect
> performance and memory use on whitebox/software based deployments as well as 
> reduce available
> bandwidth on the tunnel.
> Good point. You can always chain extra headers and inner packets with
> a scatter-gather list, but it will have some performance impact.

If support for transport mode is added then an extra header seems anavoidable...

> > I think we should try and keep fragmentation and reassembly as simple as 
> > possible so that it is easy to
> implement and get right.
> I absolutely agree here.

Strongly agree.


> Steffen

IPsec mailing list

Reply via email to