ESP是IPsec的子协议,其IANA规定的协议号码是50,头部如下:
- Security Parameters Index (32 bits)
- Arbitrary value used (together with the destination IP address) to identify the security association of the receiving party.
- Sequence Number (32 bits)
- A monotonically increasing sequence number (incremented by 1 for every packet sent) to protect against replay attacks. There is a separate counter kept for every security association.
- Payload data (variable)
- The protected contents of the original IP packet, including any data used to protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the Next Header field.
- Padding (0-255 octets)
- Padding for encryption, to extend the payload data to a size that fits the encryption's cipher block size, and to align the next field.
- Pad Length (8 bits)
- Size of the padding (in octets).
- Next Header (8 bits)
- Type of the next header. The value is taken from the list of IP protocol numbers.
- Integrity Check Value (multiple of 32 bits)
- Variable length check value. It may contain padding to align the field to an 8-octet boundary for IPv6, or a 4-octet boundary for IPv4.
版权所有,禁止转载. 如需转载,请先征得博主的同意,并且表明文章出处,否则按侵权处理.