Co-chair: Paul Lambert
Motorola
602-441-3646
Paul_Lambert@email.mot.com
Co-chair: Jim Zmuda
Spyrus
zmuda@spyrus.com
Mailing List: ipsec@ans.net
To Subscribe: ipsec-request@ans.net
Archive: ftp.ans.net:~/pub/archive/ipsec
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 .- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ s H | Packet type | Header length | Policy Identifier | w e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I a | Packet sequence number | P d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ e e / / r \ Authenticator (optional, variable length) \ `- / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ \ / Original (inner) packet / \ \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ Padding (optional) \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Packet type (8 bits) 0 Plain encapsulation; Header length should be 1 and the Policy identifier should be 1. 1 Packet is authenticated but not encrypted. 2 Packet is encrypted; the encryption algorithm may provide some authentication (e.g., DES CBC residue). 3 Packet is both authenticated and encrypted. 4-15 Unused.
1 2 3 0123 4567 8901 2345 6789 0123 4567 8901 +----+----+---------+-------------------+ ------------ |Ver |IHL | TOS | Total Length | +-------------------+--+----------------+ | Identifier |F1| Frag. Offset | +---------+---------+-------------------+ | TTL | Protocol| Header Checksum | IPv4 | | (52) | | Header +---------+---------+-------------------+ | Source Address | +---------------------------------------+ | Destination Address | +---------------------------------------+ | Options + Padding | +---------+----+----+-------------------+ ------------ | Prot |Ver | F1 | Length | +---------+----+----+-------------------+ SDT PDU | SAID | Reserved | Header +-------------------+-------------------+ ------------ | Alg_Param + D_Length | +-------------------+-------------------+ Protected | | Octet | Data | String +---------------------------------------+ | Pad + ICV | +---------------------------------------+ ------------
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SAID | Security Transformation / | | Prepended Information (STAI) / +---------------+ + / / / / + +-------------------------------+---------------+ / | Length | Next | / | | Protocol | +-----------------------------------------------+---------------+ / / / Protected Client Data / + + / ... / / / + +-----------------------------------------------+ / | Security Transformation / / | Appended Information (STAP) / +---------------+ + / / / / +---------------------------------------------------------------+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Association Identifier (SAID) | | | +---------------------------------------------------------------+ / Security Transformation / / Prepended Information (STPI) / +---------------+-----------------------------------------------+ | Next | Length | Reserved | | Protocol | of Pad | | +---------------------------------------------------------------+ / / / Protected Client Data / + (TCP, UDP, IPv4, IPv6, etc.) + / ... / / / + +-----------------------------------------------+ / | Security Transformation / / | Appended Information (STAP) / +---------------+ + / / / / +---------------------------------------------------------------+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Association Identifier (SAID) | | | +---------------------------------------------------------------+ | Data Encryption Standard | | Initialization Vector (DES-IV) | --- +---------------+---------------+-------------------------------+ --- ^ | Next | Length | Reserved | ^ | | Protocol | of Pad | | | | +---------------+---------------+-------------------------------+ E | / / n M / Protected Client Data / c D + + r 5 / ... / y | / / p | + +---------------+ t | / / DES | e v / / Padding | d --- +-----------------------------------------------+---------------+ | | MD5 Integrity Check Value | | | (MD5-ICV) | v +---------------------------------------------------------------+ ---