Paul Hoffman writes: > Also the bullet > > - Store the original traffic selector IP addresses as real source > and destination address in case we need to undo address > substitution. > > needs to be changed to > > - Store the original traffic selector IP addresses as real source > and destination address and also in case we need them to undo > address substitution. > > [[ Response: That wording doesn't make any sense to me. ]]
There is two reason why original traffic selector IP addresses are stored: 1) to use as "real source and destination address" as specified by RFC3948 for TCP/UDP checksum fixup; 2) when they are needed to undo address substitution in case we need to fall back to tunnel mode. The original text only mentioned the second use, not first use, and my change tried to include both... Perhaps you can try to write some wording that makes sense... BTW, the RFC3948 uses term "peer's real source and destination IP addresses" (section 3.1.2, option 1). The RFC3947 uses therm "Original Source and Destination Addresses" (section 5.2). -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec