[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Config mode questions

To: "'Stephane Beaulieu'" <sbeaulieu@TimeStep.com>, "Georgescu, Cristina" <cristina.georgescu@intel.com>, ipsec@lists.tislabs.com
Subject: RE: Config mode questions
From: "Mason, David" <David_Mason@nai.com>
Date: Thu, 27 Jan 2000 11:50:32 -0800
Sender: owner-ipsec@lists.tislabs.com

>From discussions with you and Roy at the bakeoff I was under
the impression that in Section 3.4 of mode-cfg.05 it was
supposed to be as follows.

INTERNAL_IP4_SUBNET   ............    0 or 8 octets


  o  INTERNAL_IP4_SUBNET   .....  4 octets for the sub-network
address followed by 4 octets for the sub-network netmask  .....


Under INTERNAL_IPX_NETMASK it states that only one netmask
is allowed in the reply - having the SUBNET attribute contain
both the address and mask simplifies matching subnets with
masks when there are multiple internal subnets.


NB: data attributes having to be 4 byte multiples was dropped
in ISAKMP ID version 9 or 10.  Since the 4 byte multiple wording
does not exist in the RFC I would take that to mean that variable
length attributes MUST NOT be padded to 4 byte multiples (which
makes sense seeing as none of the other payloads have any
alignment requirements that I'm aware of).

-dave

-----Original Message-----
From: Stephane Beaulieu [mailto:sbeaulieu@TimeStep.com]
Sent: Thursday, January 27, 2000 1:21 PM
To: Georgescu, Cristina; ipsec@lists.tislabs.com
Subject: RE: Config mode questions


> 
> For a Request/Reply exchange in Config mode:
> 
> 1. If the gateway wants to send its response to an INTERNAL_IP4_SUBNET
> attribute request how the response will be sent for both 
> subnet and mask if
> the attribute length is mentioned into RFC to be 0 or 4 
> octets for this
> attribute. How do you specify the mask for the subnet protected?

The Reply message will contain 2 attributes: INTERNAL_IP4_SUBNET and
INTERNAL_IP4_NETMASK.

> 
> 2. APPLICATION_VERSION attribute can be 0 length or more. Is this one
> required to be multiple of 2 or 4 octets? If not, when someone request
> SUPPORTED_ATTRIBUTES, the result should be multiple of 2 
> (which might not be
> in case your APPLICATION_VERSION is 7 bytes length for example)
> 

I think you misunderstood the text describing SUPPORTED_ATTRIBUTES.  The
length of the SUPPORTED_ATTRIBUTES has nothing to do with the lengths of
other attributes.  The length of SUPPORTED_ATTRIBUTES = # of supported
attributes / 2; because the data portion of SUPPORTED_ATTRIBUTES is a list
of identifiers, each 2 octets in length.


> 3. Are the attributes required to be aligned at 4 bytes?
> 

I think IKE-Cfg follows the general rules of any attribute payload.  I don't
believe there is any such requirement, but I could be wrong.

> Thanks in advance.
>

Prev by Date: RE: Config mode questions
Next by Date: RE: Config mode questions
Prev by thread: RE: Config mode questions
Next by thread: RE: Config mode questions
Index(es):
- Main
- Thread