IPsec之AH

AH是IPsec的子协议,其IANA规定的协议号码是51,头部如下:

 

 

 

 

 

 

Next Header (8 bits) 
上层头类型,表示所保护的上层协议是什么,其值可能是 协议数字号码对应表其中之一.
Payload Len (8 bits) 
The length of this Authentication Header in 4-octet units, minus 2. For example an AH value of 4 equals 3x(32-bit fixed-length AH fields) + 3x(32-bit ICV fields) – 2 and thus an AH value of 4 means 24 octets. Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This restriction does not apply to an Authentication Header carried in an IPv4 packet.
Reserved (16 bits) 
Reserved for future use (all zeroes until then).
Security Parameters Index (32 bits) 
Arbitrary value which is used (together with the destination IP address) to identify the security association of the receiving party.
Sequence Number (32 bits) 
A monotonic strictly increasing sequence number (incremented by 1 for every packet sent) to prevent replay attacks. When replay detection is enabled, sequence numbers are never reused, because a new security association must be renegotiated before an attempt to increment the sequence number beyond its maximum value.[8]
Integrity Check Value (multiple of 32 bits) 
Variable length check value. It may contain padding to align the field to an 8-octet boundary for IPv6, or a 4-octet boundary for IPv4.

 

版权所有,禁止转载. 如需转载,请先征得博主的同意,并且表明文章出处,否则按侵权处理.

    分享到:
This entry was posted in 网络安全. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*