[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Config mode questions
>From discussions with you and Roy at the bakeoff I was under
the impression that in Section 3.4 of mode-cfg.05 it was
supposed to be as follows.
INTERNAL_IP4_SUBNET ............ 0 or 8 octets
o INTERNAL_IP4_SUBNET ..... 4 octets for the sub-network
address followed by 4 octets for the sub-network netmask .....
Under INTERNAL_IPX_NETMASK it states that only one netmask
is allowed in the reply - having the SUBNET attribute contain
both the address and mask simplifies matching subnets with
masks when there are multiple internal subnets.
NB: data attributes having to be 4 byte multiples was dropped
in ISAKMP ID version 9 or 10. Since the 4 byte multiple wording
does not exist in the RFC I would take that to mean that variable
length attributes MUST NOT be padded to 4 byte multiples (which
makes sense seeing as none of the other payloads have any
alignment requirements that I'm aware of).
-dave
-----Original Message-----
From: Stephane Beaulieu [mailto:sbeaulieu@TimeStep.com]
Sent: Thursday, January 27, 2000 1:21 PM
To: Georgescu, Cristina; ipsec@lists.tislabs.com
Subject: RE: Config mode questions
>
> For a Request/Reply exchange in Config mode:
>
> 1. If the gateway wants to send its response to an INTERNAL_IP4_SUBNET
> attribute request how the response will be sent for both
> subnet and mask if
> the attribute length is mentioned into RFC to be 0 or 4
> octets for this
> attribute. How do you specify the mask for the subnet protected?
The Reply message will contain 2 attributes: INTERNAL_IP4_SUBNET and
INTERNAL_IP4_NETMASK.
>
> 2. APPLICATION_VERSION attribute can be 0 length or more. Is this one
> required to be multiple of 2 or 4 octets? If not, when someone request
> SUPPORTED_ATTRIBUTES, the result should be multiple of 2
> (which might not be
> in case your APPLICATION_VERSION is 7 bytes length for example)
>
I think you misunderstood the text describing SUPPORTED_ATTRIBUTES. The
length of the SUPPORTED_ATTRIBUTES has nothing to do with the lengths of
other attributes. The length of SUPPORTED_ATTRIBUTES = # of supported
attributes / 2; because the data portion of SUPPORTED_ATTRIBUTES is a list
of identifiers, each 2 octets in length.
> 3. Are the attributes required to be aligned at 4 bytes?
>
I think IKE-Cfg follows the general rules of any attribute payload. I don't
believe there is any such requirement, but I could be wrong.
> Thanks in advance.
>