[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: who is right ? (take 2)
I don't see this as an inconsistency.
You should not copy the options from the inner header to the outer header.
But the outer header may contain options, depending on the local node's
configuration.
Rich
> -----Original Message-----
> From: dbastien@galea.com [mailto:dbastien@galea.com]
> Sent: Monday, September 28, 1998 9:50 AM
> To: ipsec@tis.com
> Subject: who is right ? (take 2)
>
>
>
> I'm really sorry guys.
>
> The first one (cut and paste) is suppose to be the tunnel mode :
>
> I saw in the draft-ietf-ipsec-esp-v2-06.txt :
>
> >
> --------------------------------------------------------
> ---
> > IPv4 | new IP hdr* | | orig IP hdr* | |
> | ESP |
> ESP|
> > |(any options)| ESP | (any options)
> |TCP|Data|Trailer|Auth|
> >
> --------------------------------------------------------
> ---
> > |<--------- encrypted
> ---------->|
> > |<----------- authenticated
> ---------->|
>
> and i read in the draft-ietf-ipsec-arch-sec-06.txt :
>
> > 5.1.2.1 IPv4 -- Header Construction for Tunnel Mode
> >
> > <-- How Outer Hdr Relates to
> Inner Hdr -->
> > Outer Hdr at
> Inner Hdr at
> > IPv4 Encapsulator
> Decapsulator
> > Header fields: --------------------
> ------------
> > version 4 (1) no change
> > header length constructed no change
> > TOS copied from inner hdr (5) no change
> > total length constructed no change
> > ID constructed no change
> > flags (DF,MF) constructed, DF (4) no change
> > fragmt offset constructed no change
> > TTL constructed (2)
> decrement (2)
> > protocol AH, ESP, routing hdr no change
> > checksum constructed
> constructed (2)
> > src address constructed (3) no change
> > dest address constructed (3) no change
> > Options never copied no change
>
>
>
> I just want to know how to process the option in the outter IP header.
>
> I remove them ? or I let them unchange (from IP1)?
>
> Thanks,
>
> Dominique
> dbastien@galea.com
>
>
>
>