[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] Interpretation of ICMP Type and Code
IKEv2 specifies how ICMP Type and Code are encoded into a single 16-bit
"port" field.
For the
ICMP protocol, the two one octet fields Type and Code are
treated as a single 16 bit integer (with Type in the most
significant eight bits and Code in the least significant
eight bits) port number for the purposes of filtering based
on this field.
How are Type and Code to be treated by an implementation?
I have not found a clear specification of the semantics.
Given a start Type of tstart and an end Type of tend,
a start Code of cstart and an end Code of cend, and
an ICMP packet with Type t and Code c:
Is the test that an implementation MUST make:
a) (tstart <= t <= tend) AND (cstart <= c <= cend),
or
b) tstart*256+cstart <= t*256+c <= tend*256+cend
I think that either 2401bis or IKEv2 should state one of the above to
make sure that all implementations interpret things the same way.
Comments?
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec