SA and Packet Policies
Packet policy: filters
- input filter determines whether packet is acceptable for the SA it came from
- output filter selects (“routes”) among SAs
- must be very fast (stateless, etc.)
- we all know how to do this already
SA policy: “meta filters”
- determines whether SA should be created
- determines what packet policy should be
- deals with more complex policies, credentials, etc.