[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SA identification




>>>>> "Steven" == Steven M Bellovin <smb@research.att.com> writes:
    Steven> On receipt you can't look up the SA until after you've matched on
    Steven> <SPI,protocol,dstaddr> or <SPI,protocol>...

  Why can't one lookup <SPI,protocol>, and then look to see if there is 
0, 1 or multiple addresses attached.

  Each entry could have different SA's referenced. If a host allocates
all SPI numbers for the same pool (which seems like a wise optomization to
me), the only time when the SPI number can be duplicated is in the multicast
case, and that would be obvious from looking at the DA that is is class D.

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]     mcr@solidum.com   www.solidum.com   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [


References: