Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!arclight.uoregon.edu!dispatch.news.demon.net!demon!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!ais.net!ameritech.net!uunet!in2.uu.net!204.147.226.2!quack!quack.kfu.com!nsayer From: nsayer@quack.kfu.com (Nick Sayer) Newsgroups: comp.unix.bsd.freebsd.misc Subject: IPDIVERT and fragmentation Date: 7 Apr 1997 19:02:22 GMT Organization: The Duck Pond public unix - http://www.kfu.com/ Message-ID: <5ibgbu$at2$1@phoenix.kfu.com> NNTP-Posting-Host: quack.kfu.com X-Newsreader: NN version 6.5.1 (NOV) Lines: 27 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:38943 I am thinking about implementing a virtual private network scheme for FreeBSD using ipfw and a divert channel. VPNs mean that you encrypt the traffic going between LAN A and LAN B as it passes over the Internet. My implementation is going to use UDP encapsulation, so the packets will get a tiny bit bigger as they travel over the Internet. The question is this: What happens if I had a packet that is too large for the MTU of the underlying medium to the 'out' side of a divert socket? Will the IP layer _after_ divert fragment the packet? On the opposite side of the coin, what happens if a fragmented packet comes in from a network interface and is destined for a divert socket? Can I expect that the fragments have been collected and the packet reassembled before being given to me or must I assemble them myself? advTHANKSance -- Nick Sayer <nsayer@quack.kfu.com> | "The judgement of history N6QQQ @ N0ARY.#NORCAL.CA.USA.NOAM | depends on who writes it." +1 408 249 9630, log in as 'guest' | -- Richard M. Nixon URL: http://www.kfu.com/~nsayer/ | (1913-1994 R.I.P.)