Fernando, >>> **How many bytes of the transport header+payload are included in this >>> definition?** >>> >>> For ESP, is it 8 bytes (SPI + Sequence Number)? >> >> I think that would be OK. Certainly it MUST NOT be >> more than those 8 bytes, because beyond there lies >> encrypted bits (in the general case). > > Quickly skimming through RFC4303, it looks like the first 8 bytes of the > ESP header are referred to as "header" (with the other being referred to > as "payload" and "trailer").. so it looks like ESP wouldn't really be a > "special case". > > Should we clarify "how many bytes are included" for ESP, nevertheless?
anything that has a next header field is not the upper layer header. the middlebox doesn't have access to anything following the ESP header. >> I actually believe that the SPI alone would suffice >> for ESP. > > It probably would, but.. since the Seq # is part of the header, and it > is also transmitted in plain text, I'd personally deal with ESP as with > the general case "the entire ESP header" (IMO, the fewer the "special > cases", the better). what about ESP with NULL encryption? what you are trying to archive is "the first fragment should include as much of the header chain as would be available if the packet was reassembled", right? perhaps phrase it along those lines. cheers, Ole -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
