RE: who is right ? (take 2)
Richard Draves <richdr@microsoft.com> Mon, 28 September 1998 16:59 UTC
Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA16622 for ipsec-outgoing; Mon, 28 Sep 1998 12:59:01 -0400 (EDT)
Message-ID: <4D0A23B3F74DD111ACCD00805F31D8100AF81326@RED-MSG-50>
From: Richard Draves <richdr@microsoft.com>
To: "'dbastien@galea.com'" <dbastien@galea.com>
Cc: ipsec@tis.com
Subject: RE: who is right ? (take 2)
Date: Mon, 28 Sep 1998 10:17:01 -0700
X-Mailer: Internet Mail Service (5.5.2232.9)
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I don't see this as an inconsistency. You should not copy the options from the inner header to the outer header. But the outer header may contain options, depending on the local node's configuration. Rich > -----Original Message----- > From: dbastien@galea.com [mailto:dbastien@galea.com] > Sent: Monday, September 28, 1998 9:50 AM > To: ipsec@tis.com > Subject: who is right ? (take 2) > > > > I'm really sorry guys. > > The first one (cut and paste) is suppose to be the tunnel mode : > > I saw in the draft-ietf-ipsec-esp-v2-06.txt : > > > > -------------------------------------------------------- > --- > > IPv4 | new IP hdr* | | orig IP hdr* | | > | ESP | > ESP| > > |(any options)| ESP | (any options) > |TCP|Data|Trailer|Auth| > > > -------------------------------------------------------- > --- > > |<--------- encrypted > ---------->| > > |<----------- authenticated > ---------->| > > and i read in the draft-ietf-ipsec-arch-sec-06.txt : > > > 5.1.2.1 IPv4 -- Header Construction for Tunnel Mode > > > > <-- How Outer Hdr Relates to > Inner Hdr --> > > Outer Hdr at > Inner Hdr at > > IPv4 Encapsulator > Decapsulator > > Header fields: -------------------- > ------------ > > version 4 (1) no change > > header length constructed no change > > TOS copied from inner hdr (5) no change > > total length constructed no change > > ID constructed no change > > flags (DF,MF) constructed, DF (4) no change > > fragmt offset constructed no change > > TTL constructed (2) > decrement (2) > > protocol AH, ESP, routing hdr no change > > checksum constructed > constructed (2) > > src address constructed (3) no change > > dest address constructed (3) no change > > Options never copied no change > > > > I just want to know how to process the option in the outter IP header. > > I remove them ? or I let them unchange (from IP1)? > > Thanks, > > Dominique > dbastien@galea.com > > > >
- who is right ? (take 2) dbastien
- RE: who is right ? (take 2) Richard Draves
- Re: who is right ? (take 2) Stephen Kent