[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec inbound processing
In your previous mail you wrote:
The RFC 2401's section 5.2.1 says about selecting an SA / SA bundle for
Inbound IP traffic. I am at the moment quite confused about the sequence of
searching and using an SA.
=> RFC 2401 has a high level of details and experience showed this was/is
necessary. Of course, they (the details) are not easy to understand...
Why is it so that we first directly look for an SA from SAD using the
selector valus of the packet? Why not we directly refer to SPD than get the
SA pointer from there (SPD) to look it in SAD.
=> just a little question, how can you do this with ESP in tunnel mode
(which is BTW the most common IPsec SA type)?
And if it is not the way i have written it, how an inbound ip packet is
processed?
=> RFC 2401 section 5.2 (read, reread, and don't stop when you believe
you've understood :-).
Regards
Francis.Dupont@enst-bretagne.fr