개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

ipsecesp(4p)

ipsecesp(4P)                   Network Protocols                  ipsecesp(4P)



NAME
       ipsecesp, ESP - IPsec Encapsulating Security Payload

DESCRIPTION
       The  ipsecesp  module  provides confidentiality, integrity, authentica‐
       tion, and partial sequence integrity (replay protection)  to  IP  data‐
       grams.  The encapsulating security payload (ESP) encapsulates its data,
       enabling it to protect data that follows in the datagram. For TCP pack‐
       ets,  ESP  encapsulates the TCP header and its data only. If the packet
       is an IP in IP datagram, ESP protects the inner IP datagram. Per-socket
       policy  allows  "self-encapsulation"  so ESP can encapsulate IP options
       when necessary. See ipsec(4P).


       Unlike the authentication header (AH), ESP allows multiple varieties of
       datagram  protection.  (Using  a  single  datagram  protection form can
       expose vulnerabilities.) For example, only ESP can be used  to  provide
       confidentiality.  But protecting confidentiality alone exposes vulnera‐
       bilities in both replay attacks and cut-and-paste  attacks.  Similarly,
       if  ESP  protects  only  integrity  and  does not fully protect against
       eavesdropping,  it  may  provide  weaker  protection   than   AH.   See
       ipsecah(4P).

   ESP Device
       ESP  is  implemented  as a module that is auto-pushed on top of IP. Use
       the /dev/ipsecesp entry to tune ESP with ndd(8).

   Algorithms
       ESP uses encryption and authentication algorithms. Authentication algo‐
       rithms  include  HMAC-MD5 and HMAC-SHA-1. Encryption algorithms include
       DES, Triple-DES, Blowfish and AES. Each authentication  and  encryption
       algorithm  contain key size and key format properties. You can obtain a
       list of authentication and encryption algorithms and  their  properties
       by  using  the  ipsecalgs(8)  command.  You  can also use the functions
       described in the getipsecalgbyname(3C) man page to retrieve the proper‐
       ties of algorithms.

   Security Considerations
       ESP  without  authentication  exposes  vulnerabilities to cut-and-paste
       cryptographic attacks as well as eavesdropping attacks. Like AH, ESP is
       vulnerable to eavesdropping when used without confidentiality.

ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
       ted


SEE ALSO
       getipsecalgbyname(3C),  ip(4P),  ipsec(4P), ipsecah(4P), attributes(7),
       ipsecalgs(8), ipsecconf(8), ndd(8)

       Kent, S. and Atkinson, R., RFC 2406, IP Encapsulating Security Payload
       (ESP), The Internet Society, 1998.

           https://tools.ietf.org/html/rfc2406




Oracle Solaris 11.4               21 Jun 2021                     ipsecesp(4P)