1 .\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
3 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nd IP security protocol
40 .Cd "options IPSEC_DEBUG"
41 .Cd "options IPSEC_ESP"
42 .Cd "options IPSEC_FILTERGIF"
49 is a security protocol implemented within the Internet Protocol layer
52 is defined for both IPv4 and IPv6
57 contains two protocols,
58 ESP, the encapsulated security payload protocol and
59 AH, the authentication header protocol.
60 ESP prevents unauthorized parties from reading the payload of an IP packet
61 by encrypting it using
62 secret key cryptography algorithms.
63 AH both authenticates guarantees the integrity of an IP packet
64 by attaching a cryptographic checksum computed using one-way hash functions.
66 has operates in one of two modes: transport mode or tunnel mode.
67 Transport mode is used to protect peer-to-peer communication between end nodes.
68 Tunnel mode encapsulates IP packets within other IP packets
69 and is designed for security gateways such as VPN endpoints.
73 is controlled by a key management and policy engine,
74 that reside in the operating system kernel.
76 is the process of associating keys with security associations, also
78 Policy management dictates when new security
79 associations created or destroyed.
81 The key management engine can be accessed from userland by using
86 socket API is defined in RFC2367.
88 The policy engine is controlled by an extension to the
96 an extended version of the
98 interface, and allows the programmer to define IPsec policies
99 which are similar to the per-packet filters.
102 interface is used to define per-socket behavior, and
104 interface is used to define host-wide default behavior.
106 The kernel code does not implement a dynamic encryption key exchange protocol
108 (Internet Key Exchange).
109 Key exchange protocols are beyond what is necessary in the kernel and
110 should be implemented as daemon processes which call the
113 .Ss Policy management
114 IPsec policies can be managed in one of two ways, either by
115 configuring per-socket policies using the
117 system calls, or by configuring kernel level packet filter-based
123 In either case, IPsec policies must be specified using the syntax described in
124 .Xr ipsec_set_policy 3 .
127 man page for instructions on its use.
129 When setting policies using the
133 option you can have the system use its default policy, explained
134 below, for processing packets.
135 The following sysctl variables are available for configuring the
136 system's IPsec behavior.
137 The variables can have one of two values.
142 which means that if there is a security association then use it but if
143 there is not then the packets are not processed by IPsec.
148 which requires that a security association must exist for the packets
149 to move, and not be dropped.
150 These terms are defined in
151 .Xr ipsec_set_policy 8 .
152 .Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx
153 .It Sy "Name Type Changeable"
154 .It "net.inet.ipsec.esp_trans_deflev integer yes"
155 .It "net.inet.ipsec.esp_net_deflev integer yes"
156 .It "net.inet.ipsec.ah_trans_deflev integer yes"
157 .It "net.inet.ipsec.ah_net_deflev integer yes"
158 .It "net.inet6.ipsec6.esp_trans_deflev integer yes"
159 .It "net.inet6.ipsec6.esp_net_deflev integer yes"
160 .It "net.inet6.ipsec6.ah_trans_deflev integer yes"
161 .It "net.inet6.ipsec6.ah_net_deflev integer yes"
164 If the kernel does not find a matching, system wide, policy then the
165 default value is applied.
166 The system wide default policy is specified
173 which asks the kernel to drop the packet.
177 .Bl -column net.inet6.ipsec6.def_policy integerxxx
178 .It Sy "Name Type Changeable"
179 .It "net.inet.ipsec.def_policy integer yes"
180 .It "net.inet6.ipsec6.def_policy integer yes"
183 .Ss Miscellaneous sysctl variables
184 The following variables are accessible via
186 for tweaking the kernel's IPsec behavior:
187 .Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx
188 .It Sy "Name Type Changeable"
189 .It "net.inet.ipsec.ah_cleartos integer yes"
190 .It "net.inet.ipsec.ah_offsetmask integer yes"
191 .It "net.inet.ipsec.dfbit integer yes"
192 .It "net.inet.ipsec.ecn integer yes"
193 .It "net.inet.ipsec.debug integer yes"
194 .It "net.inet6.ipsec6.ecn integer yes"
195 .It "net.inet6.ipsec6.debug integer yes"
198 The variables are interpreted as follows:
200 .It Li ipsec.ah_cleartos
201 If set to non-zero, the kernel clears the type-of-service field in the IPv4 header
202 during AH authentication data computation.
203 This variable is used to get current systems to inter-operate with devices that
204 implement RFC1826 AH.
205 It should be set to non-zero
206 (clear the type-of-service field)
207 for RFC2402 conformance.
208 .It Li ipsec.ah_offsetmask
209 During AH authentication data computation, the kernel will include a
210 16bit fragment offset field
211 (including flag bits)
212 in the IPv4 header, after computing logical AND with the variable.
213 The variable is used for inter-operating with devices that
214 implement RFC1826 AH.
215 It should be set to zero
216 (clear the fragment offset field during computation)
217 for RFC2402 conformance.
219 This variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation.
220 If set to 0, the DF bit on the outer IPv4 header will be cleared while
221 1 means that the outer DF bit is set regardless from the inner DF bit and
222 2 indicates that the DF bit is copied from the inner header to the
224 The variable is supplied to conform to RFC2401 chapter 6.1.
226 If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will
228 (explicit congestion notification),
230 .Li draft-ietf-ipsec-ecn-02.txt .
232 talks more about the behavior.
234 If set to non-zero, debug messages will be generated via
240 tree have similar meanings to those described above.
245 protocol acts as a plug-in to the
249 protocols and therefore supports most of the protocols defined upon
250 those IP-layer protocols.
255 protocols may behave differently with
263 routines from looking into the IP payload.
268 .Xr ipsec_set_policy 3 ,
279 .%T "IP Authentication Header"
285 .%T "IP Encapsulating Security Payload (ESP)"
290 .%A Daniel L. McDonald
293 .%T "PF_KEY Key Management API, Version 2"
300 .%T "A Simple IP Security API Extension to BSD Sockets"
302 .%N "draft-mcdonald-simple-ipsec-api-03.txt"
303 .%O work in progress material
306 The implementation described herein appeared in WIDE/KAME IPv6/IPsec stack.
308 The IPsec support is subject to change as the IPsec protocols develop.
310 There is no single standard for the policy engine API,
311 so the policy engine API described herein is just for KAME implementation.
313 AH and tunnel mode encapsulation may not work as you might expect.
314 If you configure inbound
316 policy with an AH tunnel or any IPsec encapsulating policy with AH
318 .Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) ,
319 tunnelled packets will be rejected.
320 This is because the policy check is enforced on the inner packet on reception,
321 and AH authenticates encapsulating
323 packet, not the encapsulated
326 (so for the receiving kernel there is no sign of authenticity).
327 The issue will be solved when we revamp our policy engine to keep all the
328 packet decapsulation history.
330 When a large database of security associations or policies is present
337 sockets may fail due to lack of space.
338 Increasing the socket buffer
339 size may alleviate this problem.