[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
an inbound SPD-check question
Say I am processing an inbound packet that has IPSEC protection. I have
located the
right SA and I have decoded the original packet.
I am then required to check the SPD to see that the require security was
applied for the
packet I now have. If the SPD check comes back with the answer "BYPASS"
(i.e. no
security required), do I dump the packet, or forward it?
A bit of silly case (probably some mis-config somewhere), but it could
happen. If security
has been successfully applied, it seems a bit naff to bin the packet because
the inbound SPD
check says the IPSEC protection was not required.
Cheers, Steve.
Follow-Ups: