Chapter 9. IP Security Architecture (IPsec) > Authentication Header (AH)

Authentication Header (AH)

Authentication Header (AH) gives strong integrity, authentication, and partial sequence integrity (replay protection) to IP packets. (Note that AH does not encrypt the data and thus does not provide confidentiality.) The Authentication Header is placed between the packet’s IP header and transport header so that the transport protocol headers and the data are protected by AH. In Solaris, AH is implemented by the ipsecah driver module of the kernel and is accessible as /dev/ipsecah. The AH is defined in RFC 2402, “IP Authentication Header (AH).” Algorithms used by the AH include HMAC-MD5 and HMAC-SHA1, as described in Chapter 2,“Security and Cryptography.” Using ndd(1M), it is possible to look up all user-accessible properties of the ipsecah module:

					# ndd /dev/ipsecah \ 
ipsecah_debug                         (read and write) 
ipsecah_age_interval                  (read and write) 
ipsecah_reap_delay                    (read and write) 
ipsecah_max_proposal_combinations     (read and write) 
ipsecah_replay_size                   (read and write) 
ipsecah_acquire_timeout               (read and write) 
ipsecah_larval_timeout                (read and write) 
ipsecah_default_soft_bytes            (read and write) 
ipsecah_default_hard_bytes            (read and write) 
ipsecah_default_soft_addtime          (read and write) 
ipsecah_default_hard_addtime          (read and write) 
ipsecah_default_soft_usetime          (read and write) 
ipsecah_default_hard_usetime          (read and write) 
ipsecah_status                        (read only) 


