JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 7: Device and Network Interfaces     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

Device and Network Interfaces

6to4(7M)

6to4tun(7M)

aac(7D)

adp(7D)

adpu320(7D)

afb(7d)

agpgart_io(7I)

AH(7P)

ahci(7D)

allkmem(7D)

amd8111s(7D)

amr(7D)

ARP(7P)

arp(7P)

ast(7D)

asy(7D)

ata(7D)

atun(7M)

audio1575(7D)

audio(7I)

audio810(7D)

audiocs(7D)

audioens(7D)

audiohd(7D)

audioixp(7D)

audio_support(7I)

audiots(7D)

audiovia823x(7D)

av1394(7D)

bbc_beep(7D)

bcm_sata(7D)

bd(7M)

bge(7D)

bmc(7D)

bnx(7D)

bnxe(7D)

bpp(7D)

bscbus(7D)

bscv(7D)

bufmod(7M)

cadp160(7D)

cadp(7D)

cdio(7I)

ce(7D)

cgsix(7D)

chxge(7D)

cmdk(7D)

connld(7M)

console(7D)

cpqary3(7D)

cpr(7)

cpuid(7D)

ctfs(7FS)

ctsmc(7D)

cvc(7D)

cvcredir(7D)

dad(7D)

daplt(7D)

dbri(7D)

dca(7D)

dcam1394(7D)

dcfs(7FS)

devfs(7FS)

devinfo(7D)

dkio(7I)

dlcosmk(7ipp)

dlpi(7P)

dm2s(7D)

dmfe(7D)

dnet(7D)

dr(7d)

drmach(7d)

dscpmk(7ipp)

dtrace(7D)

e1000(7D)

e1000g(7D)

ecpp(7D)

efb(7D)

ehci(7D)

elxl(7D)

emlxs(7D)

eri(7D)

esp(7D)

ESP(7P)

fas(7D)

fasttrap(7D)

fbio(7I)

fbt(7D)

fcip(7D)

fcp(7D)

fctl(7D)

fd(7D)

fdc(7D)

fdio(7I)

ffb(7D)

firewire(7D)

flowacct(7ipp)

fp(7d)

FSS(7)

ge(7D)

gld(7D)

glm(7D)

gpio_87317(7D)

grbeep(7d)

hci1394(7D)

hdio(7I)

hermon(7D)

hid(7D)

hme(7D)

hpfc(7D)

hsfs(7FS)

hubd(7D)

hxge(7D)

i2bsc(7D)

i2o_bs(7D)

i2o_scsi(7D)

ib(7D)

ibcm(7D)

ibd(7D)

ibdm(7D)

ibmf(7)

ibtl(7D)

icmp6(7P)

ICMP(7P)

icmp(7P)

idn(7d)

ieee1394(7D)

if(7P)

ifb(7d)

ifp(7D)

if_tcp(7P)

igb(7D)

igbvf(7D)

imraid_sas(7D)

inet6(7P)

inet(7P)

ip6(7P)

IP(7P)

ip(7P)

ipge(7D)

ipgpc(7ipp)

ipmi(7D)

ipnat(7I)

ipqos(7ipp)

iprb(7D)

ipsec(7P)

ipsecah(7P)

ipsecesp(7P)

iscsi(7D)

isdnio(7I)

iser(7D)

isp(7D)

ixgb(7d)

ixgbe(7D)

ixgbevf(7D)

jfb(7D)

jfca(7D)

kb(7M)

kdmouse(7D)

kfb(7D)

kmdb(7d)

kmem(7D)

kstat(7D)

ksyms(7D)

ldterm(7M)

llc1(7D)

llc2(7D)

lockstat(7D)

lofi(7D)

lofs(7FS)

log(7D)

logi(7D)

lsimega(7D)

lx_systrace(7D)

m64(7D)

marvell88sx(7D)

mc-opl(7D)

mcxe(7D)

md(7D)

mediator(7D)

mega_sas(7D)

mem(7D)

mga(7D)

mhd(7i)

mixer(7I)

mpt(7D)

mpt_sas(7D)

mr_sas(7D)

msglog(7D)

msm(7D)

mt(7D)

mtio(7I)

n2cp(7d)

n2rng(7d)

ncp(7D)

ncrs(7D)

nfb(7D)

ngdr(7d)

ngdrmach(7d)

nge(7D)

npe(7D)

ntwdt(7D)

ntxn(7D)

null(7D)

nulldriver(7D)

nv_sata(7D)

nxge(7D)

objfs(7FS)

oce(7D)

ocf_ibutton(7D)

ohci(7D)

openprom(7D)

oplkmdrv(7D)

oplmsu(7D)

oplpanel(7D)

pcata(7D)

pcelx(7D)

pcfs(7FS)

pcic(7D)

pcicmu(7D)

pcie_pci(7D)

pckt(7M)

pcmcia(7D)

pcmem(7D)

pcn(7D)

pcram(7D)

pcscsi(7D)

pcser(7D)

pfb(7D)

pf_key(7P)

pfmod(7M)

physmem(7D)

pipemod(7M)

pm(7D)

poll(7d)

prnio(7I)

profile(7D)

ptem(7M)

ptm(7D)

pts(7D)

pty(7D)

qfe(7d)

qlc(7D)

qlcnic(7D)

qlge(7D)

quotactl(7I)

qus(7D)

ramdisk(7D)

random(7D)

RARP(7P)

rarp(7P)

rge(7D)

route(7P)

routing(7P)

rtls(7D)

sad(7D)

sata(7D)

sbpro(7D)

scfd(7D)

scmi2c(7d)

scsa1394(7D)

scsa2usb(7D)

scsi_vhci(7D)

SCTP(7P)

sctp(7P)

scu(7D)

sd(7D)

SDC(7)

sdp(7D)

sdt(7D)

se(7D)

se_hdlc(7D)

ses(7D)

sesio(7I)

sf(7D)

sgen(7D)

sharefs(7FS)

si3124(7D)

sip(7P)

sk98sol(7D)

skfp(7D)

slp(7P)

smbios(7D)

smbus(7D)

socal(7D)

sockio(7I)

sol_ofs(7D)

sol_ucma(7D)

sol_uverbs(7D)

sppptun(7M)

spwr(7D)

ssd(7D)

st(7D)

stp4020(7D)

streamio(7I)

su(7D)

sxge(7D)

sxp(7D)

symhisl(7D)

sysmsg(7D)

systrace(7D)

tavor(7D)

TCP(7P)

tcp(7P)

termio(7I)

termiox(7I)

ticlts(7D)

ticots(7D)

ticotsord(7D)

timod(7M)

tirdwr(7M)

tmpfs(7FS)

todopl(7D)

tokenmt(7ipp)

tpf(7D)

tsalarm(7D)

tswtclmt(7ipp)

ttcompat(7M)

tty(7D)

ttymux(7D)

tun(7M)

tzmon(7d)

uata(7D)

udfs(7FS)

UDP(7P)

udp(7P)

ufs(7FS)

ugen(7D)

uhci(7D)

urandom(7D)

usb(7D)

usba(7D)

usb_ac(7D)

usb_ah(7M)

usb_as(7D)

usbecm(7D)

usbkbm(7M)

usb_mid(7D)

usbms(7M)

usbprn(7D)

usbsacm(7D)

usbser_edge(7D)

usbsksp(7D)

usbsprl(7D)

uscsi(7I)

usoc(7D)

virtualkm(7D)

visual_io(7I)

vni(7d)

volfs(7FS)

vuid2ps2(7M)

vuid3ps2(7M)

vuidm3p(7M)

vuidm4p(7M)

vuidm5p(7M)

vuidmice(7M)

wrsm(7D)

wrsmd(7D)

wscons(7D)

xge(7D)

xhci(7D)

xmemfs(7FS)

zcons(7D)

zero(7D)

zs(7D)

zsh(7D)

zulu(7d)

ipsecah

, AH

- IPsec Authentication Header

Synopsis

drv/ipsecah

Description

The ipsecah module (AH) provides strong integrity, authentication, and partial sequence integrity (replay protection) to IP datagrams. AH protects the parts of the IP datagram that can be predicted by the sender as it will be received by the receiver. For example, the IP TTL field is not a predictable field, and is not protected by AH.

AH is inserted between the IP header and the transport header. The transport header can be TCP, UDP, ICMP, or another IP header, if tunnels are being used. See tun(7M).

AH Device

AH is implemented as a module that is auto-pushed on top of IP. The entry /dev/ipsecah is used for tuning AH with ndd(1M).

Authentication Algorithms

Current authentication algorithms supported include HMAC-MD5 and HMAC-SHA-1. Each authentication algorithm has its own key size and key format properties. You can obtain a list of authentication algorithms and their properties by using the ipsecalgs(1M) command. You can also use the functions described in the getipsecalgbyname(3NSL) man page to retrieve the properties of algorithms.

Security Considerations

Without replay protection enabled, AH is vulnerable to replay attacks. AH does not protect against eavesdropping. Data protected with AH can still be seen by an adversary.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
SUNWcsr
Interface Stability
Evolving

See Also

ipsecalgs(1M), ipsecconf(1M), ndd(1M), attributes(5), getipsecalgbyname(3NSL), tun(7M), ip(7P), ipsec(7P), ipsecesp(7P)

Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header, The Internet Society, 1998.