[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

question on IPsec RFC 2401 SPD, SAD, Selectors



Dear Everyone

1.

Could anyone of you tell me if somewhere there is extra information of 
the detail requirement of using IPsec RFC 2401 Security Polciy Database, 
Security Association Database, and Selectors?

Where I canfind latest implmenetation based on recent RFC?


2.

I see some ealier research using hash table indexed by SPI (for SPD), 
or indexed by source/destination address (SAD), but the standard RFC2401 
require two databases for each inbound and outbound: 

SPD should be looked up by selectors which have 6 data fields, for ourbound
traffic;
SAD should be indexed by triple (Destination Add, Source Add, and SPI) and
looked up 
    by inbound traffic;

Also, does this mean that 
   each SAD entry does not have to keep selector data field;
   while inbound packet does not have to match its selector data fields
with inbound SPD?
     

Thank you very much for answering these question. 


Qu