On 02/08/2013 12:17 PM, RJ Atkinson wrote: >> **How many bytes of the transport header+payload are included in this >> definition?** >> >> For ESP, is it 8 bytes (SPI + Sequence Number)? > > I think that would be OK. Certainly it MUST NOT be > more than those 8 bytes, because beyond there lies > encrypted bits (in the general case).
Quickly skimming through RFC4303, it looks like the first 8 bytes of the ESP header are referred to as "header" (with the other being referred to as "payload" and "trailer").. so it looks like ESP wouldn't really be a "special case". Should we clarify "how many bytes are included" for ESP, nevertheless? > I actually believe that the SPI alone would suffice > for ESP. It probably would, but.. since the Seq # is part of the header, and it is also transmitted in plain text, I'd personally deal with ESP as with the general case "the entire ESP header" (IMO, the fewer the "special cases", the better). >> For TCP, is it 8 bytes (ports + Sequence Number)? > > My own sense is that Source Port and Destination Port, > so 32 bits, actually would suffice, but I'll at least > note one possible counter-argument: > A firewall implementation might want to look > at the TCP flags to check for invalid flag > combinations. In general, firewalls tend to look at many fields in the upper-layer header -- so it's useful to have it all. > I would have no objection to Fernando adding more > detail for the obvious terminating payloads > (e.g. UDP, TCP, SCTP, ICMP, ESP) to the draft. > > Adding more clarity about this to the I-D could not hurt, > and might help some implementers. Something that might make sense is to specify something along the lines of "if the size of the upper layer header is unknown (say, the upper layer protocol is implemented as a loadable module, in userland, or the like). Thoughts? Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------