[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problem about reassembly and fragmentation

To: "Joseph Tardo" <jtardo@broadcom.com>
Subject: RE: Problem about reassembly and fragmentation
From: Scott Fluhrer <sfluhrer@cisco.com>
Date: Fri, 08 Mar 2002 12:54:09 -0800
Cc: "Paul Koning" <pkoning@equallogic.com>, sfluhrer@cisco.com, nbs@lucent.com, xujia@is.ac.cn, ipsec@lists.tislabs.com
In-Reply-To: <NDBBJJDNOJJEFGHAECHIMENKDLAA.jtardo@broadcom.com>
References: <15496.56790.927000.46587@gargle.gargle.HOWL>
Sender: owner-ipsec@lists.tislabs.com

At 12:33 PM 3/8/2002, Joseph Tardo wrote:
>What if you are supporting port policies? Don't you need the transport
>header to verify policy on the decrypted fragments?

Well, yes, if your SPD specifies ports, then you will need to find out what 
the ports are before applying the policy.  However, that doesn't apply SPD 
doesn't specify ports (and sometimes they don't), and even if it does, 
there are ways short of total reassembly for gaining that information.

--
scott

References:
- Re: Problem about reassembly and fragmentation
  - From: Paul Koning <pkoning@equallogic.com>
- RE: Problem about reassembly and fragmentation
  - From: "Joseph Tardo" <jtardo@broadcom.com>

Prev by Date: RE: Problem about reassembly and fragmentation
Next by Date: Re: Problem about reassembly and fragmentation
Prev by thread: RE: Problem about reassembly and fragmentation
Next by thread: Re: Choosing between IKEv2 and JFK
Index(es):
- Date
- Thread