[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

who is right ? (take 2)




I'm really sorry guys.

The first one (cut and paste) is suppose to be the tunnel mode :

I saw in the draft-ietf-ipsec-esp-v2-06.txt :

     >             --------------------------------------------------------
---
     >       IPv4  | new IP hdr* |     | orig IP hdr*  |   |    | ESP   |
ESP|
     >             |(any options)| ESP | (any options)
|TCP|Data|Trailer|Auth|
     >             --------------------------------------------------------
---
     >                                 |<--------- encrypted ---------->|
     >                           |<----------- authenticated ---------->|

and  i read in the draft-ietf-ipsec-arch-sec-06.txt :

     > 5.1.2.1 IPv4 -- Header Construction for Tunnel Mode
     >
     >                        <-- How Outer Hdr Relates to Inner Hdr -->
     >                        Outer Hdr at                 Inner Hdr at
     >   IPv4                 Encapsulator                 Decapsulator
     >     Header fields:     --------------------         ------------
     >       version          4 (1)                        no change
     >       header length    constructed                  no change
     >       TOS              copied from inner hdr (5)    no change
     >       total length     constructed                  no change
     >       ID               constructed                  no change
     >       flags (DF,MF)    constructed, DF (4)          no change
     >       fragmt offset    constructed                  no change
     >       TTL              constructed (2)              decrement (2)
     >       protocol         AH, ESP, routing hdr         no change
     >       checksum         constructed                  constructed (2)
     >       src address      constructed (3)              no change
     >       dest address     constructed (3)              no change
     >   Options            never copied                 no change



I just want to know how to process the option in the outter IP header.

I remove them ? or I let them unchange (from IP1)?

Thanks,

Dominique
dbastien@galea.com






Follow-Ups: