On 08/02/2013 21:42, Fernando Gont wrote: > On 02/08/2013 12:17 PM, RJ Atkinson wrote: >>> **How many bytes of the transport header+payload are included in this >>> definition?** >>> >>> For ESP, is it 8 bytes (SPI + Sequence Number)? >> I think that would be OK. Certainly it MUST NOT be >> more than those 8 bytes, because beyond there lies >> encrypted bits (in the general case). > > Quickly skimming through RFC4303, it looks like the first 8 bytes of the > ESP header are referred to as "header" (with the other being referred to > as "payload" and "trailer").. so it looks like ESP wouldn't really be a > "special case". > > Should we clarify "how many bytes are included" for ESP, nevertheless? > > > >> I actually believe that the SPI alone would suffice >> for ESP. > > It probably would, but.. since the Seq # is part of the header, and it > is also transmitted in plain text, I'd personally deal with ESP as with > the general case "the entire ESP header" (IMO, the fewer the "special > cases", the better). > > > >>> For TCP, is it 8 bytes (ports + Sequence Number)? >> My own sense is that Source Port and Destination Port, >> so 32 bits, actually would suffice, but I'll at least >> note one possible counter-argument: >> A firewall implementation might want to look >> at the TCP flags to check for invalid flag >> combinations. > > In general, firewalls tend to look at many fields in the upper-layer > header -- so it's useful to have it all. > > > >> I would have no objection to Fernando adding more >> detail for the obvious terminating payloads >> (e.g. UDP, TCP, SCTP, ICMP, ESP) to the draft. >> >> Adding more clarity about this to the I-D could not hurt, >> and might help some implementers. > > Something that might make sense is to specify something along the lines > of "if the size of the upper layer header is unknown (say, the upper > layer protocol is implemented as a loadable module, in userland, or the > like). > > Thoughts?
If you specify a minimum of 8 bytes that would cover most cases, wouldn't it? I don't think you will find much enthusiasm among coders for a case statement that adjusts the number of bytes according to the layer 4 protocol. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------