From: Brian Lodwick (xpranax@xxxxxxxxxxx)
Date: Thu Mar 07 2002 - 14:26:20 GMT-3
I have been trying to figure out something that would seem simple, but has
proven to be quite difficult.
Is an IPsec packet connection-oriented or connectionless when using ESP?
I have found some good information on the breakdown of the ESP header format
from the latest IETF draft, and I think I have the answer, but I wanted to
run it by some of the security whizzes out there.
I understood that the "next header" field of the ESP header will note the
protocol number and therefore will indicate the service type. Below is an
excerpt from the IETF draft:
2.6 Next Header
The Next Header is a mandatory, 8-bit field that identifies the type
of data contained in the Payload Data field, e.g., an IPv4 or IPv6
packet, or an upper layer header and data. The value of this field
is chosen from the set of IP Protocol Numbers defined on the web page
of the IANA, e.g., a value of 4 indicates IPv4, a value of 41
indicates IPv6 and a value of 6 indicates TCP.
I have to assume the router (tunneling device) is to read the old IP packet
information and then populate this "next header" field with that same
information, and then treat the data stream accordingly? It doesn't say that
exactly though which is confusing. If this is correct I would guess the
answer to my question would be dependant upon the original IP packet
information. i.e. if the original packet was using IP protocol number 6 the
ESP packet "next header" field would populate with a 6 and the router would
treat this as a connection-oriented data flow.
Any comments?
>>>Brian
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:56 GMT-3