RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 4303, "IP Encapsulating Security Payload (ESP)", December 2005

Source of RFC: ipsec (sec)

Errata ID: 6559
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Yaakov Stein
Date Reported: 2021-04-25

Section 3.1.1 says:

                  AFTER APPLYING ESP
       IPv4  |orig IP hdr  | ESP |     |      |   ESP   | ESP|
             |(any options)| Hdr | TCP | Data | Trailer | ICV|

It should say:

                  AFTER APPLYING ESP
       IPv4  |updated IP hdr  | ESP |     |      |   ESP   | ESP|
             |(any options)   | Hdr | TCP | Data | Trailer | ICV|


"orig" implies that the IP header is left as-is, while in fact the "protocol" field and the "total length" and the checksum must be updated. There IS appropriate text explaining this in RFC 3948 "The Total Length, Protocol, and Header Checksum (for IPv4) fields in the IP header are edited to match the resulting IP packet." but this text is missing here.

We have encountered an implementation that does not update the "total length" and the implementer claims that this is mandated by RFC 4303.

Report New Errata