[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2: prepending four octets

To: <ipsec@lists.tislabs.com>
Subject: RE: IKEv2: prepending four octets
From: "Yoav Nir" <ynir@CheckPoint.com>
Date: Tue, 18 Mar 2003 13:55:27 +0200
Importance: Normal
In-Reply-To: <3E76D4A7.20400@roc.co.in>
Sender: owner-ipsec@lists.tislabs.com

Hi,

I will try to answer both your questions:

1. The next payload field of an encrypted payload is that of the first
encapsulated payload rather than zero because otherwise we would not know
how to parse the first encrypted payload.

2. You prepend four zeros to IKE messages, because no
IPsec-encapsulated-in-UDP message begins with four zeros.  An encapsulated
IPSec packet begins with the SPI which is always non-zero.  Adding four
zeros to the beginning of an IKE message makes it possible to distinguish
IKE messages from encapsulated IPSec packets.

Hope this helps

Yoav

-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of ravi
Sent: Tuesday, March 18, 2003 10:11 AM
To: ipsec@lists.tislabs.com
Subject: IKEv2: prepending four octets


Dear All,
I am going through the ikev2-0.5 draft.It says
In the IKE header when sent on UDP port 4500 ,IKE messages have
prepended four octets of Zero.

My doubt is what made to prepend four octets of Zeroes before the IKE
message.
Thanks in advance,
Ravi Kumar CH.

Follow-Ups:
- Re: IKEv2: prepending four octets
  - From: ravi <ravivsn@roc.co.in>

References:
- IKEv2: prepending four octets
  - From: ravi <ravivsn@roc.co.in>

Prev by Date: IKEv2: prepending four octets
Next by Date: IKEv2: prepending four octets
Prev by thread: IKEv2: prepending four octets
Next by thread: Re: IKEv2: prepending four octets
Index(es):
- Date
- Thread