[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Inbound processing of ESP packet




I am confused about how the inbound processing of ESP 
packet is done.

       [ [SPI] [Seq#] [IV] [encrypted payload] [auth data] ]

How does the IPsec stack know the size of the encrypted payload?
Or how does it avoid having to know it?

Also, since the Auth trailer follows the encrypted payload
and since the inbound processing routine does not
know the length of the encrypted payload, how does the 
stack do authenticate the packet prior to encryption?

Pervaiz


Follow-Ups: