[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec error protocol

To: "sankar ramamoorthi" <sankar@nexsi.com>
Subject: RE: ipsec error protocol
From: Stephen Kent <kent@bbn.com>
Date: Wed, 31 Jan 2001 17:59:07 -0500
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <DIEPJEEKAPMEEKEELGGCIEOGCGAA.sankar@nexsi.com>
References: <DIEPJEEKAPMEEKEELGGCIEOGCGAA.sankar@nexsi.com>
Sender: owner-ipsec@lists.tislabs.com

Title: RE: ipsec error protocol

Sankar,

<snip>

This is where I was getting confused. How are sequence numbers maintained
on the outbound side?

as full 64-bit values

Is it maintained as a continously incresing 64bit counter? If so
since the upper 32 bits are not sent over the wire, a replayed packet and a
genuine packet whose lower 32 bit has rolled over may look the same to

the receiver of the packet - right?

it would look the same until the integrity check was performed.

admittedly, this scheme places a limit on receiver window size, i.e., it must be less than 2**32.

anyone have a problem with that?

Steve

Follow-Ups:

RE: ipsec error protocol

From: "sankar ramamoorthi" <sankar@nexsi.com>

References:

RE: ipsec error protocol

From: "sankar ramamoorthi" <sankar@nexsi.com>

Prev by Date: RE: ipsec error protocol
Next by Date: Re: ipsec error protocol
Prev by thread: RE: ipsec error protocol
Next by thread: RE: ipsec error protocol
Index(es):
- Main
- Thread