[Ipsec] IKEv2: potential 4-byte alignment problem

[Tero Kivinen <kivinen@iki.fi>]

Kevin Li writes:
> In IKEv2 draft,  there seems to be no strict rule to ensure all the 
> payload or content to be 4-byte aligned. For example, the 
> INVALID_KE_PAYLOAD notification allows only two octets of the data to be 
> sent.

True. We do not even try to keep things aligned.

> If 4-byte alignment is not enforced throughout the IKE payload by IKEv2 
> standard, then there won't be much value to have all the 
> header/substruct 4-byte aligned. Because, the header could be shifted 
> arbitrarily due to the un-aligned data.

They are not aligned. Most of the reserved stuff there, is because
IKEv1 had them, and we didn't want to change them. Also note, that
IKEv1 didn't keep things aligned either, there used to be mandatory
alignment of 4 bytes earlier, but that was removed by the quite early
from the IKEv1 drafts. 

> I am wondering whether IKEv2 should have this rule (and allow padding) 
> in the standard?

No. Adding padding simply makes things harder to implement, and does
not really offer anything. The speed difference of the aligned vs
non-aligned data access is very small compared to the other operations
we do, like crypto... Only padding there is the padding needed for
encryption. 

I think the reserved fields are added mostly to make the pictures
easier to draw in the draft :-)
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec