I wanted to know
which protocols might follow an IPv4 or an IPv6 IP header,
and
whether
or not they used any IP header bits in their checksum calculations.
I
looked through the list of protocols at:
http://www.iana.org/assignments/protocol-numbers
http://en.wikipedia.org/wiki/List_of_IP_protocol_numbersand
selected those I recognised as likely to be used within IPv4 or IPv6.
Hopefully
I haven't missed any significant protocols - at least as far as a
map-encap like scheme is concerned.
Here is what I found.
The *
points list the contents of the pseudo headers
which are
constructed in order to contribute to the checksum calculation.
Those
in
bold are items from the
IPv4 or IPv6 header, indicating that
changing these items in the
IPv4 or IPv6 header will cause the resulting
packet not to pass the
verification of the checksum in the header of the
higher layer
protocol.
This summary ignores loose or strict source
routing (IPv4) and these Routing Extension Header (IPv6).
For
both IPv4 and IPv6, changing any of the bits in the IP header for any
of:
- Source address.
- Destination address.
- Next
Header (specifies the higher level protocol header to follow).
will
result in a packet in which the
checksums in the headers of the following protocols will fail to match
the packet:
- ICMPv6
- UDP (However, UDP
can be sent with no checksum with IPv4)
- TCP
- DCCP
- UDP-Lite
In
addition to the Source/Destination Addresses and the Next Header field,
IPsec AH also applies the selected Integrity Check algorithm to these
fields:
- IPv4:
- Protocol (1000).
- Header
Length.
- Packet length.
- Identification.
- IPv6:
- Protocol
(1100).
- Packet Length.