Hi, Alexey Since there's little thing happening about PMTU handling in IPSec for IPv4 in 2.5 kernel, I'm willing to give some proposals. Welcome your comments! 1 Add a new data field "u32 pmtu" to struct xfrm_state, this new field is used to record the PMTU value associated with the specific SA 2 when the source receive the <<ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED>> message, if the source find the SA using daddr, SPI and proto, it should store the MTU in xfrm_state.pmtu 3 Every time the source output the data packet, it should check each SA associated with the specific secure policy. If it find any one xfrm_state has the meaningful pmtu value, then it should calculate the resulting PMTU and send <<ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED>> message to the real source in the secure policy selector. This checking point should be in function: dst_output();. 4 According to the PMTU Aging, I haven't got a clear idea. Maybe you can give me some hint. Can you tell me if there is something that I missed? Thanks! Forrest - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
