Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
Protocolsipsecah(7P)


NAME

 ipsecah, AH - IPsec Authentication Header

SYNOPSIS

 
drv/ipsecah

DESCRIPTION

 

The ipsecah module ("AH") provides strong integrity, authentication, and partial sequence integrity (replay protection) to IP datagrams. AH protects the parts of the IP datagram that can be predicted by the sender as it will be received by the receiver. For example, the IP TTL field is not a predictable field, and is not protected by AH.

AH is inserted between the IP header and the transport header. The transport header can be TCP, UDP, ICMP, or another IP header, if tunnels are being used. See tun(7M).

Authentication Algorithms And The AH Device

 

AH is implemented as a module that is auto-pushed on top of IP. The entry /dev/ipsecah is used for tuning AH with ndd(1M), as well as to allow future authentication algorithms to be loaded on top of AH. Current authentication algorithms include HMAC-MD5 and HMAC-SHA-1. See authmd5h(7M) and authsha1(7p). Each authentication algorithm has its own key size and key format properties.

Security Considerations

 

Without replay protection enabled, AH is vulnerable to replay attacks. AH does not protect against eavesdropping. Data protected with AH can still be seen by an adversary.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWcsr (32-bit)
SUNWcarx (64-bit)
Interface StabilityEvolving

SEE ALSO

 

ipsecconf(1M), ndd(1M), attributes(5), authmd5h(7M), authsha1(7p), ip(7P), ipsec(7P), ipsecesp(7P), tun(7M)

Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header, The Internet Society, 1998.


SunOS 5.9Go To TopLast Changed 28 Mar 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.