[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP Security Failures



>The other implementation strategy is to completely fill out the
>inner AH header in a first pass, and then completely fill out the
>outer AH header in a second pass (noting that the IP header will
>have changed between the two passes in this case).

This is the most obvious and straightforward way to handle this case.
It's equivalent to using a pseudo-header that happens to be a copy of
the current IP header, with the length updated to include only those
headers that have been added to the packet so far. You always build a
packet from right to left, and you parse it left to right.

Phil


References: