[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

an SPD syntax example

To: ipsec@lists.tislabs.com
Subject: an SPD syntax example
From: Stephen Kent <kent@bbn.com>
Date: Wed, 21 Jan 2004 14:42:58 -0500
Sender: owner-ipsec@lists.tislabs.com

Folks,

In trying to more precisely explain the nominal structure for the 
SPD, we found it helpful to create a sample syntax using ASN.1. 
Remember, this is not a requirement to use ASN.1 to represent the 
SPD, but rather a way of explaining the structure of the SPD, now 
that we have more complex entries. We're thinking of putting this in 
the next rev of 2401bis, either as part of the SPD description, or as 
an appendix.

Comments welcome, other than those arguing for use of another syntax :-)

Steve

P.S.  make your e-mail viewing wide enough to preserve the 
indentation, for easy reading.
---------

SPD ::= SEQUENCE of SPDEntry

SPDEntry ::= SET OF SelectorSet

SelectorSet ::= SEQUENCE {
	sourceAddr	AddrList,
	destAddr	AddrList,
	protocol	INTEGER,	-- 8 bits
	next CHOICE {
		ports	SEQUENCE {
				SourcePort	INTEGER, -- 16 bits
				DestPort }	INTEGER, -- 16 bits
		mobilityHdr	INTEGER, -- 16 bits
		ICMP [0] SEQUENCE {
			type	INTEGER,	-- 8 bits
			code	INTEGER } }	-- 8 bits

AddrList ::=  SET OF AddrOrList

AddrOrList ::= CHOICE {
			iPAddr	IPaddr 	-- individual IP address
			range	IPRange} -- IP address range

IPaddr	::= CHOICE {
			v4Addr		INTEGER, -- 32 bits
			v6Addr [0] 	INTEGER } -- 128 bits

IPRange	::=	CHOICE {
			v4range		SEQUENCE {
						start	INTEGER, -- 32 bits
						end	INTEGER } -- 32 bits
			v6range [0]	SEQUENCE {
						start	INTEGER, -- 128 bits
						end	INTEGER } } -- 128 bits

Follow-Ups:
- an SPD syntax example
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: an SPD syntax example
  - From: ravivsn@roc.co.in

Prev by Date: SPD name entries & IKE
Next by Date: Re: SPD name entries & IKE
Previous by thread: Re: SPD name entries & IKE
Next by thread: an SPD syntax example
Index(es):
- Date
- Thread