RFC 2401 Security Architecture for IP November 1998 5. IP Traffic Processing..............................................30 5.1 Outbound IP Traffic Processing..................................30 5.1.1 Selecting and Using an SA or SA Bundle.....................30 5.1.2 Header Construction for Tunnel Mode........................31 5.1.2.1 IPv4 -- Header Construction for Tunnel Mode...........31 5.1.2.2 IPv6 -- Header Construction for Tunnel Mode...........32 5.2 Processing Inbound IP Traffic...................................33 5.2.1 Selecting and Using an SA or SA Bundle.....................33 5.2.2 Handling of AH and ESP tunnels.............................34 6. ICMP Processing (relevant to IPsec)................................35 6.1 PMTU/DF Processing..............................................36 6.1.1 DF Bit.....................................................36 6.1.2 Path MTU Discovery (PMTU)..................................36 6.1.2.1 Propagation of PMTU...................................36 6.1.2.2 Calculation of PMTU...................................37 6.1.2.3 Granularity of PMTU Processing........................37 6.1.2.4 PMTU Aging............................................38 7. Auditing...........................................................39 8. Use in Systems Supporting Information Flow Security................39 8.1 Relationship Between Security Associations and Data Sensitivity.40 8.2 Sensitivity Consistency Checking................................40 8.3 Additional MLS Attributes for Security Association Databases....41 8.4 Additional Inbound Processing Steps for MLS Networking..........41 8.5 Additional Outbound Processing Steps for MLS Networking.........41 8.6 Additional MLS Processing for Security Gateways.................42 9. Performance Issues.................................................42 10. Conformance Requirements..........................................43 11. Security Considerations...........................................43 12. Differences from RFC 1825.........................................43 Acknowledgements......................................................44 Appendix A -- Glossary................................................45 Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues.....48 B.1 DF bit..........................................................48 B.2 Fragmentation...................................................48 B.3 Path MTU Discovery..............................................52 B.3.1 Identifying the Originating Host(s)........................53 B.3.2 Calculation of PMTU........................................55 B.3.3 Granularity of Maintaining PMTU Data.......................56 B.3.4 Per Socket Maintenance of PMTU Data........................57 B.3.5 Delivery of PMTU Data to the Transport Layer...............57 B.3.6 Aging of PMTU Data.........................................57 Appendix C -- Sequence Space Window Code Example......................58 Appendix D -- Categorization of ICMP messages.........................60 References............................................................63 Disclaimer............................................................64 Author Information....................................................65 Full Copyright Statement..............................................66 Kent & Atkinson Standards Track