[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Inbound processing of ESP packet

To: Stephen Kent <kent@bbn.com>
Subject: Re: Inbound processing of ESP packet
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 16 Jan 2001 00:18:11 -0500 (EST)
cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <v04220806b68965249761@[128.33.238.34]>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 15 Jan 2001, Stephen Kent wrote:
> Steve Bellovin is right, Henry. A LAN interface may include padding 
> after the end of the IP packet...

Please note what I said about the lower-level value possibly being
supplemented by information from the IP total length.

The IP total length field is authoritative, in a realistic sense, only if
the lower levels actually delivered at least that much data.  Otherwise
the lower-level count *is* authoritative about how much data is present,
and the discrepancy between that and the IP length indicates a lower-level
transmission error. 

The only statement of Steve B's that I actually disagree with is his
assertion that I am wrong. :-)  We're saying the same thing in two
different ways.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Inbound processing of ESP packet

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Protection of port 500
Next by Date: Re: Protection of port 500
Prev by thread: Re: Inbound processing of ESP packet
Next by thread: Re: Inbound processing of ESP packet
Index(es):
- Main
- Thread