[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Incoming SPD check on packet with no IPsec header?

To: "Cambria, Mike" <mcambria@avaya.com>, <ipsec@lists.tislabs.com>
Subject: Re: Incoming SPD check on packet with no IPsec header?
From: "mahdavi" <mahdavi@sepahan.iut.ac.ir>
Date: Wed, 29 Aug 2001 11:41:33 +0430
References: <3A6D367EA1EFD4118C9B00A0C9DD99D706502D@rerun.lucentctc.com>
Sender: owner-ipsec@lists.tislabs.com

Yes.
you have to check spd for all incomming packet. include non ipsec packets.
perhaps you want not to receive some packets.
----- Original Message -----
From: "Cambria, Mike" <mcambria@avaya.com>
To: <ipsec@lists.tislabs.com>
Sent: Tuesday, August 21, 2001 10:56 PM
Subject: Incoming SPD check on packet with no IPsec header?


>
> In section 5.2.1 of RFC2401, should step #3 be performed (i.e. find
incoming
> policy in the SPD that matches the packet) even if the packet arrives with
> no IPsec headers (e.g. nothing to do in steps 1 & 2)?
>
> The beginning of section 5 (and 4.4.1) says that the SPD must be consulted
> during the processing of all traffic.  However, since 5.2.1 doesn't
mention
> to do this, I wanted to check.
>
> Thanks,
> MikeC

References:

Incoming SPD check on packet with no IPsec header?

From: "Cambria, Mike" <mcambria@avaya.com>

Prev by Date: modp drafts
Next by Date: Re: question on SPI
Prev by thread: Re: Incoming SPD check on packet with no IPsec header?
Next by thread: RE: Incoming SPD check on packet with no IPsec header?
Index(es):
- Main
- Thread