[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] lists of protocols in 2401-bis
hi,
I am wondering if I can get some clarification on whether or not
2401-bis mandates the support for lists of the protocol selector in the
SPD and SAD.
In section 4.4.1.1 it mentions the protocol selector as:
- Next Layer Protocol: Obtained from the IPv4 "Protocol" or the
IPv6 "Next Header" fields. This is an individual protocol
number, or ANY. The Next Layer Protocol is whatever comes after
any IP extension headers that are present.
It purposely seems to avoid mentioning that the protocol selector can be
a list (as with other selectors). However, later on in section 4.4.2 it
has several tables which include:
protocol list of prot's* 0 prot. "P" list of prot's*
or ANY** or ANY
list of prot's* 1 prot. "P" "P"
or ANY**
OPAQUE 0 not avail. "undefined"
OPAQUE 1 not avail. ***
This table in section 4.4.2 implies that the protocol can be both a list
and opaque, whereas section 4.4.1.1 directly implies that it can only be
a singular discrete value, or "ANY". (I assume that "ANY" implies that
it must support the "OPAQUE" value, as "ANY" includes "OPAQUE".
However, for IPv4 IPsec implementations the "OPAQUE" value for the
protocol selector is not possible).
I am seeking clarification on two points:
o Should implementations support lists of protocols as a selector?
o If they should, then this logically places limitations on the port
combinations possible (ie, if the list was TCP with UDP then port
selectors are possible, but TCP with ICMP then port combinations would
not be possible).
Cheers,
Ashley Partis
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec