FreeS/WAN IPSec for Linux, Alternative: Linux'99, RGB
Authentication Header (2) Table of Contents

Authentication Header

Protection Extent

Original Packet:
                  BEFORE APPLYING AH
            ----------------------------
      IPv4  |orig IP hdr  |     |      |
            |(any options)| TCP | Data |
            ----------------------------

Transport Mode:
                  AFTER APPLYING AH
            ---------------------------------
      IPv4  |orig IP hdr  |    |     |      |
            |(any options)| AH | TCP | Data |
            ---------------------------------
            |<------- authenticated ------->|
                 except for mutable fields

Tunnel Mode:
                  AFTER APPLYING AH
          ------------------------------------------------
    IPv4  | new IP hdr* |    | orig IP hdr*  |    |      |
          |(any options)| AH | (any options) |TCP | Data |
          ------------------------------------------------
          |<- authenticated except for mutable fields -->|
          |           in the new IP hdr                  |

Last modified by Richard Guy Briggs on November 3rd, 1999.