2.2.11.2 Encrypted Fragment Payload

The Encrypted Fragment payload is specified in section 2.5 of [RFC7383]. If the Encrypted Fragment payload is present in a message, it MUST be the last payload in the message and its payload type is 53.

The following diagram shows the format of the Encrypted Fragment Payload packet.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Next Payload

RESERVED

Payload_Length

Fragment_Number

Total_Fragments

Initialization_Vector

Encrypted_Content (variable)

...

...

...

Next_Payload (1 byte): In the very first fragment (with Fragment_Number equal to 1), this field MUST be set to the payload type of the first inner payload. In the remainder of the Fragment messages (with Fragment_Number greater than 1), this field MUST be set to zero.

RESERVED (1 byte): This field MUST be set to zero. The responder (2) MUST ignore this field upon receipt. This is identical to IKE version 1 behavior.

Payload_Length (2 bytes): This field MUST be the length, in bytes, of the payload, including the Generic Payload Header. This is identical in IKE version 1.

Fragment_Number (2 bytes): The current Fragment message number, starting from 1. This field MUST be less than or equal to the next field (Total Fragments). This field MUST NOT be zero.

Total_Fragments (2 bytes): The number of Fragment messages into which the original message was divided. This field MUST NOT be zero. With path maximum transmission unit discovery (PMTUD), this field plays an additional role, as described in section 2.5.2 of [RFC7383].

Initialization_Vector (4 bytes): As specified in section 3.14 of [RFC7296].

Encrypted_Content (variable): As specified in section 3.14 of [RFC7296].