AH man page on SmartOS

Printed from http://www.polarhome.com/service/man/?qf=AH&af=0&tf=2&of=SmartOS

IPSECAH(7P)							   IPSECAH(7P)

       ipsecah, AH - IPsec Authentication Header


       The ipsecah module (AH) provides strong integrity,  authentication, and
       partial sequence integrity (replay protection)  to  IP  datagrams.   AH
       protects	 the  parts  of	 the  IP datagram that can be predicted by the
       sender as it will be received by the receiver. For example, the IP  TTL
       field is not a predictable field, and is not protected by AH.

       AH  is  inserted	 between  the  IP header and the transport header. The
       transport header can be	TCP,  UDP, ICMP, or another IP header, if tun‐
       nels are	 being used.

   AH Device
       AH  is  implemented  as	a module that is auto-pushed on top of IP. The
       entry /dev/ipsecah is used for tuning AH with ndd(1M).

   Authentication Algorithms
       Current authentication algorithms supported include HMAC-MD5 and	 HMAC-
       SHA-1.  Each authentication algorithm has its own key size and key for‐
       mat properties.	You can obtain a list of authentication algorithms and
       their  properties  by using the ipsecalgs(1M) command. You can also use
       the functions described in  the	getipsecalgbyname(3NSL)	 man  page  to
       retrieve the properties of algorithms.

   Security Considerations
       Without	replay protection enabled, AH is vulnerable to replay attacks.
       AH does not protect against eavesdropping. Data protected with  AH  can
       still be seen by an adversary.

       See attributes(5)  for descriptions of the following attributes:

       │Interface Stability │ Committed	      │

       ipsecalgs(1M),  ipsecconf(1M),  ndd(1M),	 attributes(5), getipsecalgby‐
       name(3NSL), ip(7P), ipsec(7P), ipsecesp(7P)

       Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header, The Inter‐
       net Society, 1998.

				 Sep 25, 2009			   IPSECAH(7P)

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net