[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Inbound processing of ESP packet

To: Pervaiz Rizvi <shoaib21@juno.com>
Subject: Re: Inbound processing of ESP packet
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 15 Jan 2001 17:11:20 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <20010115.124614.-530629.0.shoaib21@juno.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 15 Jan 2001, Pervaiz Rizvi wrote:
> Now it must get to the start of the ESP trailer. Since it does not know 
> the length of the encrypted payload, how does it find the start
> of the ESP trailer in the packet?

It doesn't have to find the *start* of the trailer, only the *end*, because
the Pad Length and Next Header fields are at the end, not at the start.

It authenticates the whole packet, then decrypts the encrypted payload.
The second-last byte of the decrypted result is the pad length.  If that
byte's value is N, the last N+2 bytes of the decrypted result are the
trailer.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Inbound processing of ESP packet

From: Pervaiz Rizvi <shoaib21@juno.com>

Prev by Date: Re: Protection of port 500
Next by Date: Re: Protection of port 500
Prev by thread: Re: Inbound processing of ESP packet
Next by thread: Protection of port 500
Index(es):
- Main
- Thread