ipsecah(7P)
NAME
ipsecah, AH - IPsec Authentication Header
SYNOPSIS
drv/ipsecah
DESCRIPTION
The ipsecah module ("AH") provides strong integrity,
authentication, and partial sequence integrity (replay
protection) to IP datagrams. AH protects the parts of the IP
datagram that can be predicted by the sender as it will be
received by the receiver. For example, the IP TTL field is
not a predictable field, and is not protected by AH.
AH is inserted between the IP header and the transport
header. The transport header can be TCP, UDP, ICMP, or
another IP header, if tunnels are being used. See tun(7M).
Authentication Algorithms And The AH Device
AH is implemented as a module that is auto-pushed on top
of IP. The entry /dev/ipsecah is used for tuning AH with
ndd(1M), as well as to allow future authentication algo-
rithms to be loaded on top of AH. Current authentication
algorithms include HMAC-MD5 and HMAC-SHA-1. See
authmd5h(7M) and authsha1(7P). Each authentication algorithm
has its own key size and key format properties.
Security Considerations
Without replay protection enabled, AH is vulnerable to
replay attacks. AH does not protect against eavesdropping.
Data protected with AH can still be seen by an adversary.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsr (32-bit) |
|_____________________________|_____________________________|
| | SUNWcarx (64-bit) |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
ipsecconf(1M), ndd(1M), attributes(5), authmd5h(7M),
authsha1(7P), ip(7P), ipsec(7P), ipsecesp(7P), tun(7M)
Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header,
The Internet Society, 1998.
Man(1) output converted with
man2html