Tim Hartrick <[EMAIL PROTECTED]> writes:
> For example, lets say we have a UDP datagram that looked like the following:
>
> IPv6 header
> Hop-by-hop options header
> Destination options header
> AH header
> ESP header
> <Encrypted>
> Destination options header
> UDP payload
>
> Assuming that all the relevent IPV6_RECVxxx options had been enabled the
> ancillary data would look like.
>
> IPV6_HOPOPTS
> IPV6_DSTOPTS
> IPV6_AUTH
> IPV6_ESP
> IPV6_DSTOPTS
>
> The IPV6_AUTH and IPV6_ESP ancillary data items would have zero length data.
> They do nothing but mark where the respective headers are located in the
> datagram.
To me it would make sense to have associated data that is the index of
the security association used (is that the right term? I'm not really
up to date on IPSEC terminology).
Would it make sense to use the same ancillary data on the sending
side, for applications that want full control of IPSEC and other
headers? I'm imagining an application that makes creative use of
nested ESP and source routing headers for hiding traffic.
/Niels
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
