On 08/02/2013 21:42, Fernando Gont wrote:
> On 02/08/2013 12:17 PM, RJ Atkinson wrote:
>>> **How many bytes of the transport header+payload are included in this
>>> definition?**
>>>
>>> For ESP, is it 8 bytes (SPI + Sequence Number)?
>> I think that would be OK. Certainly it MUST NOT be
>> more than those 8 bytes, because beyond there lies
>> encrypted bits (in the general case).
>
> Quickly skimming through RFC4303, it looks like the first 8 bytes of the
> ESP header are referred to as "header" (with the other being referred to
> as "payload" and "trailer").. so it looks like ESP wouldn't really be a
> "special case".
>
> Should we clarify "how many bytes are included" for ESP, nevertheless?
>
>
>
>> I actually believe that the SPI alone would suffice
>> for ESP.
>
> It probably would, but.. since the Seq # is part of the header, and it
> is also transmitted in plain text, I'd personally deal with ESP as with
> the general case "the entire ESP header" (IMO, the fewer the "special
> cases", the better).
>
>
>
>>> For TCP, is it 8 bytes (ports + Sequence Number)?
>> My own sense is that Source Port and Destination Port,
>> so 32 bits, actually would suffice, but I'll at least
>> note one possible counter-argument:
>> A firewall implementation might want to look
>> at the TCP flags to check for invalid flag
>> combinations.
>
> In general, firewalls tend to look at many fields in the upper-layer
> header -- so it's useful to have it all.
>
>
>
>> I would have no objection to Fernando adding more
>> detail for the obvious terminating payloads
>> (e.g. UDP, TCP, SCTP, ICMP, ESP) to the draft.
>>
>> Adding more clarity about this to the I-D could not hurt,
>> and might help some implementers.
>
> Something that might make sense is to specify something along the lines
> of "if the size of the upper layer header is unknown (say, the upper
> layer protocol is implemented as a loadable module, in userland, or the
> like).
>
> Thoughts?
If you specify a minimum of 8 bytes that would cover most cases, wouldn't it?
I don't think you will find much enthusiasm among coders for a case statement
that adjusts the number of bytes according to the layer 4 protocol.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
