[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Config mode questions

To: "Mason, David" <David_Mason@nai.com>, Stephane Beaulieu <sbeaulieu@TimeStep.com>, "Georgescu, Cristina" <cristina.georgescu@intel.com>, ipsec@lists.tislabs.com
Subject: RE: Config mode questions
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Date: Thu, 27 Jan 2000 15:00:40 -0500
Sender: owner-ipsec@lists.tislabs.com

Yes, sorry.  I was reading and typing INTERNAL_IP4_SUBNET, but my brain was
thinking INTERNAL_IP4_ADDRESS.

I later posted a correction.  Sorry for the confusion.

Stephane.

> -----Original Message-----
> From: Mason, David [mailto:David_Mason@NAI.com]
> Sent: Thursday, January 27, 2000 2:51 PM
> To: 'Stephane Beaulieu'; Georgescu, Cristina; ipsec@lists.tislabs.com
> Subject: RE: Config mode questions
> 
> 
> From discussions with you and Roy at the bakeoff I was under
> the impression that in Section 3.4 of mode-cfg.05 it was
> supposed to be as follows.
> 
> INTERNAL_IP4_SUBNET   ............    0 or 8 octets
> 
> 
>   o  INTERNAL_IP4_SUBNET   .....  4 octets for the sub-network
> address followed by 4 octets for the sub-network netmask  .....
> 
> 
> Under INTERNAL_IPX_NETMASK it states that only one netmask
> is allowed in the reply - having the SUBNET attribute contain
> both the address and mask simplifies matching subnets with
> masks when there are multiple internal subnets.
> 
> 
> NB: data attributes having to be 4 byte multiples was dropped
> in ISAKMP ID version 9 or 10.  Since the 4 byte multiple wording
> does not exist in the RFC I would take that to mean that variable
> length attributes MUST NOT be padded to 4 byte multiples (which
> makes sense seeing as none of the other payloads have any
> alignment requirements that I'm aware of).
> 
> -dave
> 
> -----Original Message-----
> From: Stephane Beaulieu [mailto:sbeaulieu@TimeStep.com]
> Sent: Thursday, January 27, 2000 1:21 PM
> To: Georgescu, Cristina; ipsec@lists.tislabs.com
> Subject: RE: Config mode questions
> 
> 
> > 
> > For a Request/Reply exchange in Config mode:
> > 
> > 1. If the gateway wants to send its response to an 
> INTERNAL_IP4_SUBNET
> > attribute request how the response will be sent for both 
> > subnet and mask if
> > the attribute length is mentioned into RFC to be 0 or 4 
> > octets for this
> > attribute. How do you specify the mask for the subnet protected?
> 
> The Reply message will contain 2 attributes: INTERNAL_IP4_SUBNET and
> INTERNAL_IP4_NETMASK.
> 
> > 
> > 2. APPLICATION_VERSION attribute can be 0 length or more. 
> Is this one
> > required to be multiple of 2 or 4 octets? If not, when 
> someone request
> > SUPPORTED_ATTRIBUTES, the result should be multiple of 2 
> > (which might not be
> > in case your APPLICATION_VERSION is 7 bytes length for example)
> > 
> 
> I think you misunderstood the text describing 
> SUPPORTED_ATTRIBUTES.  The
> length of the SUPPORTED_ATTRIBUTES has nothing to do with the 
> lengths of
> other attributes.  The length of SUPPORTED_ATTRIBUTES = # of supported
> attributes / 2; because the data portion of 
> SUPPORTED_ATTRIBUTES is a list
> of identifiers, each 2 octets in length.
> 
> 
> > 3. Are the attributes required to be aligned at 4 bytes?
> > 
> 
> I think IKE-Cfg follows the general rules of any attribute 
> payload.  I don't
> believe there is any such requirement, but I could be wrong.
> 
> > Thanks in advance.
> > 
>

Prev by Date: RE: Config mode questions
Next by Date: Re: issues raised at VPN interoperability workshop
Prev by thread: RE: Config mode questions
Next by thread: Very quick, very basic
Index(es):
- Main
- Thread