[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ipsec error protocol
Title: RE: ipsec error protocol
Sankar,
<snip>
This is where I was getting confused. How are sequence
numbers maintained
on the outbound side?
as full 64-bit values
Is it maintained as a continously incresing 64bit
counter? If so
since the upper 32 bits are not sent over the wire, a replayed
packet and a
genuine packet whose lower 32 bit has rolled over may look the same
to
the receiver of the packet -
right?
it would look the same until the integrity check was performed.
admittedly, this scheme places a limit on receiver window size,
i.e., it must be less than 2**32.
anyone have a problem with that?
Steve
Follow-Ups:
References: