Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
ipsecah(7P)			   Protocols			   ipsecah(7P)

       ipsecah,	AH - IPsec Authentication Header


       The  ipsecah  module ("AH") provides strong integrity,  authentication,
       and  partial sequence integrity (replay protection) to IP datagrams. AH
       protects	 the  parts  of	 the IP	datagram that can be predicted	by the
       sender as it will be received by	the receiver.  For  example,   the  IP
       TTL field is not	a predictable field, and is not	protected by AH.

       AH   is	inserted between the IP	 header	 and  the  transport   header.
       The transport header can	be  TCP,  UDP, ICMP, or	 another IP header, if
       tunnels are  being used.	See tun(7M).

   Authentication Algorithms And The AH	Device
       AH is implemented as a module that is auto-pushed  on  top  of  IP. The
       entry /dev/ipsecah is used for tuning AH	 with ndd(1M), as well	as  to
       allow future authentication algorithms to be loaded on top of AH.  Cur-
       rent authentication  algorithms	include	HMAC-MD5 and HMAC-SHA-1.   See
       authmd5h(7M)  and  authsha1(7P).	 Each authentication algorithm has its
       own  key	size and key format properties.

   Security Considerations
       Without replay protection enabled, AH is	vulnerable to replay  attacks.
       AH  does	not protect against eavesdropping.  Data protected with	AH can
       still be	seen by	an adversary.

       See attributes(5)  for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsr (32-bit)		   |
       |			     |SUNWcarx (64-bit)		   |
       |Interface Stability	     |Evolving			   |

       ipsecconf(1M),  ndd(1M),	 attributes(5),	 authmd5h(7M),	 authsha1(7P),
       ip(7P), ipsec(7P), ipsecesp(7P),	tun(7M)

       Kent, S.	and Atkinson, R.RFC 2402, IP Authentication Header, The	Inter-
       net Society, 1998.

SunOS 5.9			  28 Mar 2001			   ipsecah(7P)


Want to link to this manual page? Use this URL:

home | help