[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Incoming SPD check on packet with no IPsec header?

To: "Cambria, Mike" <mcambria@avaya.com>
Subject: Re: Incoming SPD check on packet with no IPsec header?
From: Stephen Kent <kent@bbn.com>
Date: Tue, 21 Aug 2001 14:44:12 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <3A6D367EA1EFD4118C9B00A0C9DD99D706502D@rerun.lucentctc.com>
References: <3A6D367EA1EFD4118C9B00A0C9DD99D706502D@rerun.lucentctc.com>
Sender: owner-ipsec@lists.tislabs.com

At 2:26 PM -0400 8/21/01, Cambria, Mike wrote:
>In section 5.2.1 of RFC2401, should step #3 be performed (i.e. find incoming
>policy in the SPD that matches the packet) even if the packet arrives with
>no IPsec headers (e.g. nothing to do in steps 1 & 2)?
>
>The beginning of section 5 (and 4.4.1) says that the SPD must be consulted
>during the processing of all traffic.  However, since 5.2.1 doesn't mention
>to do this, I wanted to check.
>
>Thanks,
>MikeC

One needs to check to see that any inbound packet without an IPsec 
header is allowed to be bypassed (vs. discarded). The SPD contains 
the requisite info to make this decision.

Steve

References:

Incoming SPD check on packet with no IPsec header?

From: "Cambria, Mike" <mcambria@avaya.com>

Prev by Date: Re: Incoming SPD check on packet with no IPsec header?
Next by Date: RE: Incoming SPD check on packet with no IPsec header?
Prev by thread: Re: Incoming SPD check on packet with no IPsec header?
Next by thread: Re: Incoming SPD check on packet with no IPsec header?
Index(es):
- Main
- Thread