1ipsec(7P) Protocols ipsec(7P)
2
6 ipsec - Internet Protocol Security Architecture
7
9 The IP Security Architecture (IPsec) provides protection for IP data‐
10 grams. The protection can include confidentiality, strong integrity of
11 the data, partial sequence integrity (replay protection), and data
12 authentication. IPsec is performed inside the IP processing, and it can
13 be applied with or without the knowledge of an Internet application.
14 IPsec applies to both IPv4 and IPv6. See ip(7P) and ip6(7P).
17 Protection Mechanisms
19 IPsec provides two mechanisms for protecting data. The Authentication
20 Header (AH) provides strong integrity, replay protection, and data
21 authentication. AH protects as much of the IP datagram as it can. AH
22 cannot protect fields that change nondeterministically between sender
23 and receiver.
24 The Encapsulating Security Payload (ESP) provides confidentiality over
27 what it encapsulates, as well as the services that AH provides, but
28 only over that which it encapsulates. ESP's authentication services are
29 optional, which allow ESP and AH to be used together on the same data‐
30 gram without redundancy.
31 Authentication and encryption algorithms are used for IPsec. Authenti‐
34 cation algorithms produce an integrity checksum value or "digest"based
35 on the data and a key. Encryption algorithms operate on data in units
36 of a "block size".
37 NAT Traversal
39 IPsec's ESP can also encapsulate itself in UDP if IKE (see in.iked(1M))
40 discovers a Network Address Translator (NAT) between two communicating
41 endpoints.
42 A UDP socket can be specified as a NAT-Traversal endpoint. See udp(7P)
45 for details.
46 Security Associations
48 AH and ESP use Security Associations (SA). SA's are entities that spec‐
49 ify security properties from one host to another. Two communicating
50 machines require two SAs (at a minimum) to communicate securely. How‐
51 ever, communicating machines that use multicast can share the same mul‐
52 ticast SA. SAs are managed through the pf_key(7P) interface. For IPv4,
53 automatic SA management is available through the Internet Key Exchange
54 (IKE), as implemented by in.iked(1M). A command-line front-end is
55 available by means of ipseckey(1M). An IPsec SA is identified by a
56 tuple of <AH or ESP, destination IP address, and SPI>. The Security
57 Parameters Index (SPI) is an arbitrary 32-bit value that is transmitted
58 on the wire with an AH or ESP packet. See ipsecah(7P) or ipsecesp(7P)
59 for an explanation about where the SPI falls in a protected packet.
60 Protection Policy and Enforcement Mechanisms
62 Mechanism and policy are separate. The policy for applying IPsec is
63 enforced on a system-wide or per-socket level. Configuring system-wide
64 policy and per-tunnel policy (see Transport Mode and Tunnel Mode sec‐
65 tions) is done via the ipsecconf(1M) command. Configuring per-socket
66 policy is discussed later in this section.
67 System-wide IPsec policy is applied to incoming and outgoing datagrams.
70 Some additional rules can be applied to outgoing datagrams because of
71 the additional data known by the system. Inbound datagrams can be
72 accepted or dropped. The decision to drop or accept an inbound datagram
73 is based on several criteria which sometimes overlap or conflict. Con‐
74 flict resolution is resolved by which rule is parsed first, with one
75 exception: if a policy entry states that traffic should bypass all
76 other policy, it is automatically be accepted. Outbound datagrams are
77 sent with or without protection. Protection may (or may not) indicate
78 specific algorithms. If policy normally would protect a datagram, it
79 can be bypassed either by an exception in system-wide policy or by
80 requesting a bypass in per-socket policy.
81 Intra-machine traffic policies are enforced, but actual security mecha‐
84 nisms are not applied. Instead, the outbound policy on an intra-machine
85 packet translates into an inbound packet with those mechanisms applied.
86 IPsec policy is enforced in the ip(7P) driver. Several ndd tunables for
89 /dev/ip affect policy enforcement, including:
90 icmp_accept_clear_messages If equal to 1 (the default), allow cer‐
92 tain cleartext icmp messages to bypass
93 policy. For ICMP echo requests
94 ("ping"messages), protect the response
95 like the request. If zero, treat icmp
96 messages like other IP traffic.
97 igmp_accept_clear_messages If 1, allow inbound cleartext IGMP mes‐
100 sages to bypass IPsec policy.
101 pim_accept_clear_messages If 1, allow inbound cleartext PIM mes‐
104 sages to bypass IPsec policy.
105 ipsec_policy_log_interval IPsec logs policy failures and errors to
108 /var/adm/messages. To prevent syslog from
109 being overloaded, the IPsec kernel mod‐
110 ules limit the rate at which errors can
111 be logged. You can query/set ipsec_pol‐
112 icy_log_interval using ndd(1M). The value
113 is in milliseconds. Only one message can
114 be logged per interval.
115 Transport Mode and Tunnel Mode
118 If IPsec is used on a tunnel, Tunnel Mode IPsec can be used to protect
119 distinct flows within a tunnel or to cause packets that do not match
120 per-tunnel policy to drop. System-wide policy is always Transport Mode.
121 A tunnel can use Transport Mode IPsec or Tunnel Mode IPsec.
122 Per-Socket Policy
124 The IP_SEC_OPT or IPV6_SEC_OPT socket option is used to set per-socket
125 IPsec policy. The structure used for an IP_SEC_OPT request is:
126 typedef struct ipsec_req {
128 uint_t ipsr_ah_req; /* AH request */
129 uint_t ipsr_esp_req; /* ESP request */
130 uint_t ipsr_self_encap_req; /* Self-Encap request */
131 uint8_t ipsr_auth_alg; /* Auth algs for AH */
132 uint8_t ipsr_esp_alg; /* Encr algs for ESP */
133 uint8_t ipsr_esp_auth_alg; /* Auth algs for ESP */
134 } ipsec_req_t;
135 The IPsec request has fields for both AH and ESP. Algorithms may or may
139 not be specified. The actual request for AH or ESP services can take
140 one of the following values:
141 IPSEC_PREF_NEVER Bypass all policy. Only the superuser may
143 request this service.
144 IPSEC_PREF_REQUIRED Regardless of other policy, require the use of
147 the IPsec service.
148 The following value can be logically ORed to an IPSEC_PREF_REQUIRED
152 value:
153 IPSEC_PREF_UNIQUE Regardless of other policy, enforce a unique SA
155 for traffic originating from this socket.
156 In the event IP options not normally encapsulated by ESP need to be,
160 the ipsec_self_encap_req is used to add an additional IP header outside
161 the original one. Algorithm values from <net/pfkeyv2.h> are as follows:
162 SADB_AALG_MD5HMAC Uses the MD5-HMAC (RFC 2403) algorithm for
164 authentication.
165 SADB_AALG_SHA1HMAC Uses the SHA1-HMAC (RFC 2404) algorithm for
168 authentication.
169 SADB_EALG_DESCBC Uses the DES (RFC 2405) algorithm for encryp‐
172 tion.
173 SADB_EALG_3DESCBC Uses the Triple DES (RFC 2451) algorithm
176 for encryption.
177 SADB_EALG_BLOWFISH Uses the Blowfish (RFC 2451) algorithm for
180 encryption.
181 SADB_EALG_AES Uses the Advanced Encryption Standard algo‐
184 rithm for encryption.
185 SADB_AALG_SHA256HMAC Uses the SHA2 hash algorithms with HMAC (RFC
188 SADB_AALG_SHA384HMAC 4868)for authentication.
189 SADB_AALG_SHA512HMAC
190 An application should use either the getsockopt(3SOCKET) or the set‐
193 sockopt(3SOCKET) call to manipulate IPsec requests. For example:
194 #include <sys/socket.h>
196 #include <netinet/in.h>
197 #include <net/pfkeyv2.h> /* For SADB_*ALG_* */
198 /* .... socket setup skipped */
199 rc = setsockopt(s, IPPROTO_IP, IP_SEC_OPT,
200 (const char *)&ipsec_req, sizeof (ipsec_req_t));
201
204 While IPsec is an effective tool in securing network traffic, it will
205 not make security problems disappear. Security issues beyond the mecha‐
206 nisms that IPsec offers may be discussed in similar "Security" or
207 "Security Consideration" sections within individual reference manual
208 pages.
209 While a non-root user cannot bypass IPsec, a non-root user can set pol‐
212 icy to be different from the system-wide policy. For ways to prevent
213 this, consult the ndd(1M) variables in /dev/ip.
214
216 See attributes(5) for descriptions of the following attributes:
217 ┌─────────────────────────────┬─────────────────────────────┐
222 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
223 ├─────────────────────────────┼─────────────────────────────┤
224 │Interface Stability │Committed │
225 └─────────────────────────────┴─────────────────────────────┘
226
228 in.iked(1M), ipsecconf(1M), ipseckey(1M), ndd(1M), getsockopt(3SOCKET),
229 setsockopt(3SOCKET), attributes(5), inet(7P), ip(7P), ip6(7P),
230 ipsecah(7P), ipsecesp(7P), pf_key(7P), udp(7P)
231 Kent, S., and Atkinson, R., RFC 2401, Security Architecture for the
234 Internet Protocol, The Internet Society, 1998.
235 Kent, S. and Atkinson, R., RFC 2406, IP Encapsulating Security Payload
238 (ESP), The Internet Society, 1998.
239 Madson, C., and Doraswamy, N., RFC 2405, The ESP DES-CBC Cipher Algo‐
242 rithm with Explicit IV, The Internet Society, 1998.
243 Madsen, C. and Glenn, R., RFC 2403, The Use of HMAC-MD5-96 within ESP
246 and AH, The Internet Society, 1998.
247 Madsen, C. and Glenn, R., RFC 2404, The Use of HMAC-SHA-1-96 within ESP
250 and AH, The Internet Society, 1998.
251 Pereira, R. and Adams, R., RFC 2451, The ESP CBC-Mode Cipher Algo‐
254 rithms, The Internet Society, 1998.
255 Kelly, S. and Frankel, S., RFC 4868, Using HMAC-SHA-256, HMAC-SHA-384,
258 and HMAC-SHA-512 with IPsec, 2007.
259 Huttunen, A., Swander, B., Volpe, V., DiBurro, L., Stenberg, M., RFC
262 3948, UDP Encapsulation of IPsec ESP Packets, The Internet Society,
263 2005.
264SunOS 5.11 25 Sep 2009 ipsec(7P)