[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Config mode questions
Yes, sorry. I was reading and typing INTERNAL_IP4_SUBNET, but my brain was
thinking INTERNAL_IP4_ADDRESS.
I later posted a correction. Sorry for the confusion.
Stephane.
> -----Original Message-----
> From: Mason, David [mailto:David_Mason@NAI.com]
> Sent: Thursday, January 27, 2000 2:51 PM
> To: 'Stephane Beaulieu'; Georgescu, Cristina; ipsec@lists.tislabs.com
> Subject: RE: Config mode questions
>
>
> From discussions with you and Roy at the bakeoff I was under
> the impression that in Section 3.4 of mode-cfg.05 it was
> supposed to be as follows.
>
> INTERNAL_IP4_SUBNET ............ 0 or 8 octets
>
>
> o INTERNAL_IP4_SUBNET ..... 4 octets for the sub-network
> address followed by 4 octets for the sub-network netmask .....
>
>
> Under INTERNAL_IPX_NETMASK it states that only one netmask
> is allowed in the reply - having the SUBNET attribute contain
> both the address and mask simplifies matching subnets with
> masks when there are multiple internal subnets.
>
>
> NB: data attributes having to be 4 byte multiples was dropped
> in ISAKMP ID version 9 or 10. Since the 4 byte multiple wording
> does not exist in the RFC I would take that to mean that variable
> length attributes MUST NOT be padded to 4 byte multiples (which
> makes sense seeing as none of the other payloads have any
> alignment requirements that I'm aware of).
>
> -dave
>
> -----Original Message-----
> From: Stephane Beaulieu [mailto:sbeaulieu@TimeStep.com]
> Sent: Thursday, January 27, 2000 1:21 PM
> To: Georgescu, Cristina; ipsec@lists.tislabs.com
> Subject: RE: Config mode questions
>
>
> >
> > For a Request/Reply exchange in Config mode:
> >
> > 1. If the gateway wants to send its response to an
> INTERNAL_IP4_SUBNET
> > attribute request how the response will be sent for both
> > subnet and mask if
> > the attribute length is mentioned into RFC to be 0 or 4
> > octets for this
> > attribute. How do you specify the mask for the subnet protected?
>
> The Reply message will contain 2 attributes: INTERNAL_IP4_SUBNET and
> INTERNAL_IP4_NETMASK.
>
> >
> > 2. APPLICATION_VERSION attribute can be 0 length or more.
> Is this one
> > required to be multiple of 2 or 4 octets? If not, when
> someone request
> > SUPPORTED_ATTRIBUTES, the result should be multiple of 2
> > (which might not be
> > in case your APPLICATION_VERSION is 7 bytes length for example)
> >
>
> I think you misunderstood the text describing
> SUPPORTED_ATTRIBUTES. The
> length of the SUPPORTED_ATTRIBUTES has nothing to do with the
> lengths of
> other attributes. The length of SUPPORTED_ATTRIBUTES = # of supported
> attributes / 2; because the data portion of
> SUPPORTED_ATTRIBUTES is a list
> of identifiers, each 2 octets in length.
>
>
> > 3. Are the attributes required to be aligned at 4 bytes?
> >
>
> I think IKE-Cfg follows the general rules of any attribute
> payload. I don't
> believe there is any such requirement, but I could be wrong.
>
> > Thanks in advance.
> >
>