Re: ICMP and unknown extension headers?

JINMEI Tatuya / $B?@L@C#:H(B Wed, 21 Jun 2000 13:53:38 -0700
>>>>> On Thu, 15 Jun 2000 23:21:13 +0300 (EET DST), 
>>>>> Markku Savela <[EMAIL PROTECTED]> said:

> This is what I have been thinking that would make sense. At least in
> IPv6 ICMP, the error messages are clearly distingquished. So I have
> been wondering if it would be a good rule as follows:

>  for IPv6 ICMP Error reports,

>   outbound: apply policy and IPSEC to the error packed based on the
>   header of the received packet (except the src/dst swapped as if the
>   packet were going out)

>   inbound: the policy check on ICMP error packets is based on the
>   contained header (not the outer ICMP). Thus, if the contained packet
>   would have required some IPSEC operations, the *whole* ICMP error
>   should have been protected by this IPSEC.

But how can you examine the contained header, which might be
encrypted, for the policy check?

                                        JINMEI, Tatuya
                                        Communication Platform Lab.
                                        Corporate R&D Center, Toshiba Corp.
                                        [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
Re: ICMP and unknown extension headers?

Reply via email to
