@@ -237,8 +237,8 @@ The fixed portion of the base header is defined as follows.
237237- Security Parameter Index (SPI) :: 32 bits: The SPI is an arbitrary
238238 32-bit value that is used by a receiver to identify the SA to which
239239 an incoming packet is bound.
240- # XXX: Enhanced SPI is not explained!
241- # This combined with the 16-bit Session ID is the Enhanced SPI.
240+ # XXX: Enhanced SPI is not explained!
241+ # This combined with the 16-bit Session ID is the Enhanced SPI.
242242
243243The Flags field in the fixed Base Header is defined as follows:
244244
@@ -317,7 +317,8 @@ based on their needs.
317317 | Sequence Number (optional) |
318318 | |
319319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
320- | IV (optional) |
320+ | |
321+ ~ IV (optional) ~
321322 | |
322323 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
323324#+end_src
@@ -412,7 +413,8 @@ sometimes is referred to as being part of the ciphertext.)
412413Counter mode algorithms MAY use the 64-bit counter as the
413414Initialization Vector (IV) in the Sequence number Field, as specified
414415[[RFC8750]]. This option, Implicit Initialization Vector (IIV)
415- saves 8 header bytes on each packet. Whether or not this option is
416+ saves the size of IV on each packet.
417+ Whether or not this option is
416418selected is determined as part of Security Association (SA)
417419establishment.
418420
@@ -575,7 +577,8 @@ packet format for use with IPv4 or IPv6 Tunnel Mode when the
575577 | Sequence Number (optional) |
576578 | |
577579 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
578- | IV* (optional) |
580+ | |
581+ ~ IV* (optional) ~
579582 | |
580583 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
581584 | 0x0 | Reserved | Next Header | Pad Length |
@@ -609,7 +612,8 @@ packet format for use with IPv4 or IPv6 Tunnel Mode when the
609612 | Sequence Number (optional) |
610613 | |
611614 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
612- | IV* (optional) |
615+ | |
616+ ~ IV* (optional) ~
613617 | |
614618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
615619 | |
@@ -908,7 +912,8 @@ zero-valued octets.
908912
909913Flow Identifier (FID) Options are used to carry characteristic
910914information of the inner flow and SHOULD NOT change on per packet
911- basis inside any inner flow. # to avoid packet reordering.
915+ basis inside any inner flow.
916+ # to avoid packet reordering.
912917The Flow Identifier SHOULD be negotiated by IKEv2 or another
913918suitable protocol. The detailed specification of FIDs MAY be provided
914919in subsequent documents. The precise meaning of a FID is opaque to
@@ -934,13 +939,13 @@ intermediate devices.
934939 inner flow and MUST NOT change for a given inner flow within a SA.
935940
936941*** EESP Crypt Offset Option
937- This option is typically used for within one Datacenter use case
942+ This option is typically used within one Datacenter use case
938943such as [[PSP]]. When enabled, full packet format with Payload Info
939944Header MUST be used; for the intermediate router to have Next Header.
940945
941946The Crypt Offset can vary on a per packet basis. The maximum
942947allowed Crypt Offset MUST be negotiated by IKEv2 or any other
943- appropriate protocol. Packets with a Crypt Offset grater than
948+ appropriate protocol. Packets with a Crypt Offset greater than
944949the negotiated maximum MUST be dropped by the receiver.
945950The receiver SHOULD cryptographically process such packets anyway.
946951The action in case of a correct ICV value depends on local policy.
0 commit comments