Placement of IPCOMP header in IPSEC Tunnel mode

"Strahm, Bill" <bill.strahm@intel.com> Thu, 18 November 1999 00:15 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA16807; Wed, 17 Nov 1999 16:15:02 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA00816 Wed, 17 Nov 1999 16:29:19 -0500 (EST)
Message-ID: <7DAA70BEB463D211AC3E00A0C96B7AB20344B38B@orsmsx41.jf.intel.com>
From: "Strahm, Bill" <bill.strahm@intel.com>
To: ipsec@lists.tislabs.com
Subject: Placement of IPCOMP header in IPSEC Tunnel mode
Date: Wed, 17 Nov 1999 13:32:25 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

I am confused about the placement of the IPComp header when used in Tunnel
mode.

>From RFC 2393 Section 2.1
   In IP version 4 [RFC-0791], the compression is applied to the upper
   layer protocol (ULP) payload of the IP datagram.  No portion of the
   IP header or the IP header options is compressed.

Now in Tunnel mode I am building an IP packet that looks like this

IP(outer)- IPSEC transform - IP(inner) - data

I am convinced that the correct placement of a tunnel mode compression
header is

IP(outer) - IPSEC transform - IPCOMP - IP(inner) - data

However from section 2.1 I can see a reading that says I am not to compress
the IP header or options, so a packet would be built like this

IP(outer) - IPSEC transform - IP(inner) - IPCOMP - data

If this later packet is correct I would have a hard time determining if I
should unapply compression at the gateway or the end host.

Can I get some clarification on this point please ?

Bill

______________________________________________
Bill Strahm        Programming today is a race between
bill.strahm@      software engineers striving to build
intel.com           bigger and better idiot-proof programs,
(503) 264-4632   and the Universe trying to produce
            bigger and better idiots.  So far, the
                        Universe is winning.--Rich Cook
I am not speaking for Intel.  And Intel rarely speaks for me