Incoming SPD check on packet with no IPsec header?

["Cambria, Mike" <mcambria@avaya.com>]

In section 5.2.1 of RFC2401, should step #3 be performed (i.e. find incoming
policy in the SPD that matches the packet) even if the packet arrives with
no IPsec headers (e.g. nothing to do in steps 1 & 2)?

The beginning of section 5 (and 4.4.1) says that the SPD must be consulted
during the processing of all traffic.  However, since 5.2.1 doesn't mention
to do this, I wanted to check.

Thanks,
MikeC

---

Follow-Ups:

• Re: Incoming SPD check on packet with no IPsec header?
• From: Derek Atkins <warlord@mit.edu>
• Re: Incoming SPD check on packet with no IPsec header?
• From: Stephen Kent <kent@bbn.com>
• Re: Incoming SPD check on packet with no IPsec header?
• From: Ramana Yarlagadda <ramana@chiplogic.com>
• Re: Incoming SPD check on packet with no IPsec header?
• From: "mahdavi" <mahdavi@sepahan.iut.ac.ir>

---

• Prev by Date: SPD per interface?
• Next by Date: Re: SPD per interface?
• Prev by thread: Re: SPD per interface?
• Next by thread: Re: Incoming SPD check on packet with no IPsec header?
• Index(es):
  • Main
  • Thread