2.2.6 Notify Payload Packet

The Notify Payload packet is specified in [RFC2408] section 3.14. The format is as follows.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Next_Payload

RESERVED

Payload_Length

Domain_of_Interpretation

Protocol-ID

SPI_size

Notify_Message_Type

Security_Parameter_Index (variable)

...

Notification_Data (variable)

...

Next_Payload (1 byte): This field MUST be as specified in [RFC2408] section 3.14.

RESERVED (1 byte): This field MUST be as specified in [RFC2408] section 3.14.

Payload_Length (2 bytes): This field MUST be as specified in [RFC2408] section 3.14.

Domain_of_Interpretation (4 bytes): The domain of interpretation (DOI) field MUST be set to 1 (IPSEC_DOI) as specified in [RFC2408] section A.2.

Protocol-ID (1 byte): This field MUST be as specified in [RFC2408] section 3.14.

SPI_size (1 byte): This field MUST be as specified in [RFC2408] section 3.14. The SPI_size is updated to a value of 8 when the Message ID is appended to the notification data as described in this section under Notification_Data.

Notify_Message_Type (2 bytes): This MUST identify the type of notification being sent with this message, in network byte order. The notify message types MUST be one of the following values, which are from the private range, as specified in [RFC2408] section 3.14.1.

Value

Meaning

0x9C43

NOTIFY_STATUS (check)

This notify message type is a status code indicating the failure to establish a security association (SA) with a peer.

0x9C44

NOTIFY_DOS_COOKIE (check)

This notify message type is used by the DoS protection extension.

0x9C45

EXCHANGE_INFO

This notify message type is used by the negotiation discovery extension.

Security_Parameter_Index (variable): This is the Security Parameter Index (SPI) of size SPI_size. This field MUST be as specified in [RFC2408] section 3.14.

Notification_Data (variable): The content of this field depends on the Notify_Message_Type field. The following list describes field content for various notify message types. If the peer has previously sent the Vendor ID "MS NT5 ISAKMPOAKLEY" as specified in the footnote regarding Capability Negotiation in section 1.7, and the notify corresponds to the quick mode exchange, then the Message ID (in network order) of the quick mode is appended as the first 4 bytes of the notification data. In particular, the NOTIFY_DOS_COOKIE will never have the Message ID in the notification data because that is always a main mode operation. The EXCHANGE_INFO notify will always have the Message ID appended if the peer sends the above vendor ID. The NOTIFY_STATUS will only have the Message ID appended if the failure is a quick mode failure.

Field content MUST correspond to the Notify_Message_Type as follows:

  • NOTIFY_STATUS (4 Bytes): MUST be a status code indicating failure. The values transmitted as status codes are implementation-specific.<8>

  • NOTIFY_DOS_COOKIE (8 Bytes): MUST be the responder cookie value.

  • EXCHANGE_INFO (4 Bytes): The flag values MUST be one of the following values.

    Value

    Meaning

    0x00000001

    IKE_EXCHANGE_INFO_ND_BOUNDARY

    This flag is used by the negotiation discovery extension.

    0x00000002

    IKE_EXCHANGE_INFO_GUARANTEE_ENCRYPTION

    This flag is used by the negotiation discovery extension.

Show: