svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
ipsecah(4p)
ipsecah(4P) Network Protocols ipsecah(4P)
NAME
ipsecah, AH - IPsec Authentication Header
SYNOPSIS
drv/ipsecah
DESCRIPTION
The ipsecah module (AH) provides strong integrity, authentication, and
partial sequence integrity (replay protection) to IP datagrams. AH pro‐
tects the parts of the IP datagram that can be predicted by the sender
as it will be received by the receiver. For example, the IP TTL field
is not a predictable field, and is not protected by AH.
AH is inserted between the IP header and the transport header. The
transport header can be TCP, UDP, ICMP, or another IP header, if tun‐
nels are being used.
AH Device
AH is implemented as a module that is auto-pushed on top of IP. The
entry /dev/ipsecah is used for tuning AH with ndd(8).
Authentication Algorithms
Current authentication algorithms supported include HMAC-MD5 and HMAC-
SHA-1. Each authentication algorithm has its own key size and key for‐
mat properties. You can obtain a list of authentication algorithms and
their properties by using the ipsecalgs(8) command. You can also use
the functions described in the getipsecalgbyname(3C) man page to
retrieve the properties of algorithms.
Security Considerations
Without replay protection enabled, AH is vulnerable to replay attacks.
AH does not protect against eavesdropping. Data protected with AH can
still be seen by an adversary.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
ted
SEE ALSO
getipsecalgbyname(3C), ip(4P), ipsec(4P), ipsecesp(4P), attributes(7),
ipsecalgs(8), ipsecconf(8), ndd(8)
Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header, The Inter‐
net Society, 1998.
Oracle Solaris 11.4 25 Sep 2009 ipsecah(4P)