[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec SA DELETE in "dangling" implementation
Jan Vilhuber writes:
> > - could we use (somehow) IPSec-based keep-alives
> You could, but it would introduce a 'special' ipsec packet, which I do not
> particularly care for. IPSEC shouldn't have to look at each packet and decide
> if this is a 'control packet' or if this is a regular packet.
We already have that "special" packet. It is called ICMP echo
(ping)... I don't think there is need to create another one. If we use
IPsec based keep-alives, I think it should use normal ICMP echo (ping)
packets.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
Follow-Ups:
References: