[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 2401 section 5.2.1
> But which IPsec SA the packet emerged from is significant information for
> the checking. The two cannot safely be divorced; checking *does* need to
> be an integrated function of IPsec setup. Unfortunate but inevitable
> (except in some favorable special cases).
who says you have to discard that information as part of ipsec
decapsulation?
stacks typically have to retain a bunch of metadata associated with
the packet on the way up; the inbound SA information is just part of
this.
- Bill
Follow-Ups:
References: