[Swan] ike_frag= options - what should it mean and do?
D. Hugh Redelmeier
hugh at mimosa.com
Thu Feb 14 20:08:11 EET 2013
| From: Paul Wouters <pwouters at redhat.com>
| MAIN_I1 ->
| <- MAIN_R1
| MAIN_I2 ->
| <- MAIN_R2
| fragments of MAIN_I3 ->
| < fragments of MAIN_R3
| MAIN_I4
Sorry, I don't remember what payloads go where.
Which packets in Main Mode are likely to be fragmented? Why (i.e. which
payloads might get fat)?
Which packets have the vendorid payloads?
Where does encryption start? (Conventionally denoted by * in these
diagrams)?
How about Aggressive Mode? I assume that we hope to handle fragmentation
for Aggressive Mode.
Oh, and while I'm asking, what are the thoughts about IKEv2 and
fragmentation. If I remember: not an urgent requirement.
More information about the Swan
mailing list