摘要 |
An approach is provided for implementing IPsec in PEP environments. The approach generally involves preserving TCP header data contained in packets prior to IPsec encryption and making the TCP header data available to PEP applications. For example, TCP header data is identified in a packet that conforms to the TCP and a copy of the TCP header data is generated. Encrypted packet data is generated by encrypting at least a portion of the packet using IPsec. For example, the TCP header data and payload may be encrypted to generate the encrypted packet data. A modified copy of the TCP header data is generated by modifying length data contained in the copy of the TCP header data to reflect a length of at least the encrypted packet data. A new packet is generated that includes the modified copy of the TCP header data and the encrypted packet data.
|