Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 1		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
5. IPSec: AH protocol structure
  


IPv4 considerations in AD calculations page 8 of 9


The IPv4 "Time to live" and "Header checksum" fields are the only fields in the IPv4 base header that are handled specially for the AD calculation. Reassembly of fragmented packets occurs prior to processing by the local IP AH implementation. The "more" bit is, of course, cleared upon reassembly.

Hence, no other fields in the IPv4 header will vary in transit from the perspective of the AH implementation. The "Time to live" and "Header checksum" fields of the IPv4 base header have to be set to all zeros for the AD calculation. All other IPv4 base header fields are processed normally with their actual contents. Because IPv4 packets are subject to intermediate fragmentation in transit, it is important that the reassembly of IPv4 packets be performed prior to the AH processing.

If a receiving system does not recognize an IPv4 option that is present in the packet, that option is included in the AD calculation. This means that any IPv4 packet containing an IPv4 option that is unrecognized by the receiver will fail the authentication check and consequently be dropped by the receiver.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact