> > The receiver can do any number of wrong things with what it sends, but I'd > > normally call those bugs. :) > > Yes, that's true. But if the protocol allows to do things wrong, it is > a bug in the protocol :) > > Maybe you can just make it clear at the sender side by saying something > like 'Fragments must be sent ordered and ESP encapsulated with consecutive > sequence numbers.'
I concur (modulo s/must/MUST). And in addition: "If this requirement cannot be met, the sender MUST NOT fragment packets." > > Adding a packet ID also means that you can't just chain the inner traffic > > buffers together to form the IP-TFS > payload as you must now insert an extra header between each of the inner > packets, this is going to affect > performance and memory use on whitebox/software based deployments as well as > reduce available > bandwidth on the tunnel. > > Good point. You can always chain extra headers and inner packets with > a scatter-gather list, but it will have some performance impact. If support for transport mode is added then an extra header seems anavoidable... > > I think we should try and keep fragmentation and reassembly as simple as > > possible so that it is easy to > implement and get right. > > I absolutely agree here. Strongly agree. Regards, Valery. > Steffen _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec