[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] Interpretation of ICMP Type and Code

To: ipsec@ietf.org
Subject: [Ipsec] Interpretation of ICMP Type and Code
From: Charles Lynn <clynn@bbn.com>
Date: Mon, 19 Apr 2004 11:25:02 -0400 (EDT)
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: ipsec-admin@ietf.org

IKEv2 specifies how ICMP Type and Code are encoded into a single 16-bit
"port" field.

      For the
      ICMP protocol, the two one octet fields Type and Code are
      treated as a single 16 bit integer (with Type in the most
      significant eight bits and Code in the least significant
      eight bits) port number for the purposes of filtering based
      on this field.

How are Type and Code to be treated by an implementation?
I have not found a clear specification of the semantics.

Given a start Type of tstart and an end Type of tend,
      a start Code of cstart and an end Code of cend, and
      an ICMP packet with Type t and Code c:

Is the test that an implementation MUST make:

a)	(tstart <= t <= tend) AND (cstart <= c <= cend),
 or
b)	tstart*256+cstart <= t*256+c <= tend*256+cend

I think that either 2401bis or IKEv2 should state one of the above to
make sure that all implementations interpret things the same way.

Comments?

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Prev by Date: Re: [Ipsec] Re: IKEv2 AUTH payload
Next by Date: [Ipsec] Re: 2401bis -- Issue 91 -- handling ICMP error messages
Previous by thread: [Ipsec] Re: Your text
Next by thread: RE: [Ipsec] Interpretation of ICMP Type and Code
Index(es):
- Date
- Thread