[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec inbound processing

To: 827 <827@nu.edu.pk>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Re: IPsec inbound processing
From: Ramana Yarlagadda <ramana@chiplogic.com>
Date: Thu, 21 Feb 2002 11:47:33 -0800
In-Reply-To: <4F7DD203738DD411B71A00B0D03DDECC0173B99D@highway>
Sender: owner-ipsec@lists.tislabs.com

At 01:57 PM 2/20/02 +0500, 827 wrote:
>The RFC 2401's section 5.2.1 says about selecting an SA / SA bundle for
>Inbound IP traffic. I
]At 01:57 PM 2/20/02 +0500, you wrote:
>The RFC 2401's section 5.2.1 says about selecting an SA / SA bundle for
>Inbound IP traffic. I am at the moment quite confused about the sequence of
>searching and using an SA.
>
>Why is it so that we first directly look for an SA from SAD using the
>selector valus of the packet? Why not we directly refer to SPD than get the
>SA pointer from there (SPD) to look it in SAD.

Think of how you can extract the selectos from an encrypted packet.
To look into the SPD,  the required input values are selector values
(Source addr, dest addr, src port, dest port and protocol . ).


>And if it is not the way i have written it, how an inbound ip packet is
>processed?
>am at the moment quite confused about the sequence of
>searching and using an SA.
>
>Why is it so that we first directly look for an SA from SAD using the
>selector valus of the packet? Why not we directly refer to SPD than get the
>SA pointer from there (SPD) to look it in SAD.
>
>And if it is not the way i have written it, how an inbound ip packet is
>processed?
>
>Regards.
>
>Siddique
>FAST - NU Pakistan

References:
- IPsec inbound processing
  - From: 827 <827@nu.edu.pk>

Prev by Date: RE: Lifetime & rekeying
Next by Date: RE: Lifetime & rekeying
Prev by thread: Re: IPsec inbound processing
Next by thread: Tunnel Mode and Auditable Events
Index(es):
- Date
- Thread