> -----Original Message-----
> From: EXT Francis Dupont
> => this cannot deal with the case where there are more than
> one AH header
> (I've seen some mails about this issue but I don't remember
> whether this
> issue was solved and (more important) how). Of course the problem is
> detected when the internal AH is processed...
Works quite fine(?) if you adopt the logic that assumes incremental building
of multiple AH's. On receive, AH processing removes the outer AH header,
before proceeding to the next header. On send, one adds AH at time, from
inside-out, independently of each other (previous AH is just payload for the
new one).
This goes against "read-only" buffer on receive, but IPSEC ESP requires
modifiable buffer (or copy) anyway, so having AH to modify (at least
logically) the buffer, is not so bad.
I think this was discussed on IPSEC list while back (last year?). I prefer
the incremental, of course!
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
