[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem about reassembly and fragmentation
At 09:28 PM 3/7/02 , Nagendra B.S wrote:
>As per RFC [2401], all fragmented packets should be reassembled before
>applying IPSEC.
How do you come to that conclusion? The text reads:
In tunnel mode, AH or ESP is applied to an
IP packet, the payload of which may be a fragmented IP packet. For
example, a security gateway, "bump-in-the-stack" (BITS), or "bump-
in-the-wire" (BITW) IPsec implementation may apply tunnel mode AH to
such fragments.
It would appear to state that if you are using tunnel mode, you can
encrypt fragments.
>Jia Xu wrote:
>>
>> Dear all,
>>
>> I have a question about implementing IPSec by Bump-In-The-Wire approach. When I received IP fragments, can I directly apply IPSec transform on them individually, or should I first reassemble them into an integrated IP datagram?
>>
>> Thanks,
>> Jia Xu
>
>--
>------------------------------------------------------------------------
>Nagendra B.S nbs@lucent.com
>Infosys - India Phone Office : 91-80-8520261 xtn : 6566
>------------------------------------------------------------------------
>