1.\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $ 2.\" 3.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the project nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.Dd February 6, 2017 31.Dt IPSEC 4 32.Os 33.Sh NAME 34.Nm ipsec 35.Nd Internet Protocol Security protocol 36.Sh SYNOPSIS 37.Cd "options IPSEC" 38.Cd "options IPSEC_SUPPORT" 39.Cd "device crypto" 40.Pp 41.In sys/types.h 42.In netinet/in.h 43.In netipsec/ipsec.h 44.In netipsec/ipsec6.h 45.Sh DESCRIPTION 46.Nm 47is a security protocol implemented within the Internet Protocol layer 48of the networking stack. 49.Nm 50is defined for both IPv4 and IPv6 51.Xr ( inet 4 52and 53.Xr inet6 4 ) . 54.Nm 55is a set of protocols, 56.Tn ESP 57(for Encapsulating Security Payload) 58.Tn AH 59(for Authentication Header), 60and 61.Tn IPComp 62(for IP Payload Compression Protocol) 63that provide security services for IP datagrams. 64AH both authenticates and guarantees the integrity of an IP packet 65by attaching a cryptographic checksum computed using one-way hash functions. 66ESP, in addition, prevents unauthorized parties from reading the payload of 67an IP packet by also encrypting it. 68IPComp tries to increase communication performance by compressing IP payload, 69thus reducing the amount of data sent. 70This will help nodes on slow links but with enough computing power. 71.Nm 72operates in one of two modes: transport mode or tunnel mode. 73Transport mode is used to protect peer-to-peer communication between end nodes. 74Tunnel mode encapsulates IP packets within other IP packets 75and is designed for security gateways such as VPN endpoints. 76.Pp 77System configuration requires the 78.Xr crypto 4 79subsystem. 80.Pp 81The packets can be passed to a virtual 82.Xr enc 4 83interface, 84to perform packet filtering before outbound encryption and after decapsulation 85inbound. 86.Pp 87To properly filter on the inner packets of an 88.Nm 89tunnel with firewalls, you can change the values of the following sysctls 90.Bl -column net.inet6.ipsec6.filtertunnel default enable 91.It Sy "Name Default Enable" 92.It "net.inet.ipsec.filtertunnel 0 1" 93.It "net.inet6.ipsec6.filtertunnel 0 1" 94.El 95.\" 96.Ss Kernel interface 97.Nm 98is controlled by a key management and policy engine, 99that reside in the operating system kernel. 100Key management 101is the process of associating keys with security associations, also 102know as SAs. 103Policy management dictates when new security 104associations created or destroyed. 105.Pp 106The key management engine can be accessed from userland by using 107.Dv PF_KEY 108sockets. 109The 110.Dv PF_KEY 111socket API is defined in RFC2367. 112.Pp 113The policy engine is controlled by an extension to the 114.Dv PF_KEY 115API, 116.Xr setsockopt 2 117operations, and 118.Xr sysctl 3 119interface. 120The kernel implements 121an extended version of the 122.Dv PF_KEY 123interface and allows the programmer to define IPsec policies 124which are similar to the per-packet filters. 125The 126.Xr setsockopt 2 127interface is used to define per-socket behavior, and 128.Xr sysctl 3 129interface is used to define host-wide default behavior. 130.Pp 131The kernel code does not implement a dynamic encryption key exchange protocol 132such as IKE 133(Internet Key Exchange). 134Key exchange protocols are beyond what is necessary in the kernel and 135should be implemented as daemon processes which call the 136.Nm APIs. 137.\" 138.Ss Policy management 139IPsec policies can be managed in one of two ways, either by 140configuring per-socket policies using the 141.Xr setsockopt 2 142system calls, or by configuring kernel level packet filter-based 143policies using the 144.Dv PF_KEY 145interface, via the 146.Xr setkey 8 147you can define IPsec policies against packets using rules similar to packet 148filtering rules. 149Refer to 150.Xr setkey 8 151on how to use it. 152.Pp 153Depending on the socket's address family, IPPROTO_IP or IPPROTO_IPV6 154transport level and IP_IPSEC_POLICY or IPV6_IPSEC_POLICY socket options 155may be used to configure per-socket security policies. 156A properly-formed IPsec policy specification structure can be 157created using 158.Xr ipsec_set_policy 3 159function and used as socket option value for the 160.Xr setsockopt 2 161call. 162.Pp 163When setting policies using the 164.Xr setkey 8 165command, the 166.Dq Li default 167option instructs the system to use its default policy, as 168explained below, for processing packets. 169The following sysctl variables are available for configuring the 170system's IPsec behavior. 171The variables can have one of two values. 172A 173.Li 1 174means 175.Dq Li use , 176which means that if there is a security association then use it but if 177there is not then the packets are not processed by IPsec. 178The value 179.Li 2 180is synonymous with 181.Dq Li require , 182which requires that a security association must exist for the packets 183to move, and not be dropped. 184These terms are defined in 185.Xr ipsec_set_policy 8 . 186.Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx 187.It Sy "Name Type Changeable" 188.It "net.inet.ipsec.esp_trans_deflev integer yes" 189.It "net.inet.ipsec.esp_net_deflev integer yes" 190.It "net.inet.ipsec.ah_trans_deflev integer yes" 191.It "net.inet.ipsec.ah_net_deflev integer yes" 192.It "net.inet6.ipsec6.esp_trans_deflev integer yes" 193.It "net.inet6.ipsec6.esp_net_deflev integer yes" 194.It "net.inet6.ipsec6.ah_trans_deflev integer yes" 195.It "net.inet6.ipsec6.ah_net_deflev integer yes" 196.El 197.Pp 198If the kernel does not find a matching, system wide, policy then the 199default value is applied. 200The system wide default policy is specified 201by the following 202.Xr sysctl 8 203variables. 204.Li 0 205means 206.Dq Li discard 207which asks the kernel to drop the packet. 208.Li 1 209means 210.Dq Li none . 211.Bl -column net.inet6.ipsec6.def_policy integerxxx 212.It Sy "Name Type Changeable" 213.It "net.inet.ipsec.def_policy integer yes" 214.It "net.inet6.ipsec6.def_policy integer yes" 215.El 216.\" 217.Ss Miscellaneous sysctl variables 218When the 219.Nm 220protocols are configured for use, all protocols are included in the system. 221To selectively enable/disable protocols, use 222.Xr sysctl 8 . 223.Bl -column net.inet.ipcomp.ipcomp_enable 224.It Sy "Name Default" 225.It "net.inet.esp.esp_enable On" 226.It "net.inet.ah.ah_enable On" 227.It "net.inet.ipcomp.ipcomp_enable On" 228.El 229.Pp 230In addition the following variables are accessible via 231.Xr sysctl 8 , 232for tweaking the kernel's IPsec behavior: 233.Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx 234.It Sy "Name Type Changeable" 235.It "net.inet.ipsec.ah_cleartos integer yes" 236.It "net.inet.ipsec.ah_offsetmask integer yes" 237.It "net.inet.ipsec.dfbit integer yes" 238.It "net.inet.ipsec.ecn integer yes" 239.It "net.inet.ipsec.debug integer yes" 240.It "net.inet.ipsec.natt_cksum_policy integer yes" 241.It "net.inet.ipsec.check_policy_history integer yes" 242.It "net.inet6.ipsec6.ecn integer yes" 243.It "net.inet6.ipsec6.debug integer yes" 244.El 245.Pp 246The variables are interpreted as follows: 247.Bl -tag -width 6n 248.It Li ipsec.ah_cleartos 249If set to non-zero, the kernel clears the type-of-service field in the IPv4 header 250during AH authentication data computation. 251This variable is used to get current systems to inter-operate with devices that 252implement RFC1826 AH. 253It should be set to non-zero 254(clear the type-of-service field) 255for RFC2402 conformance. 256.It Li ipsec.ah_offsetmask 257During AH authentication data computation, the kernel will include a 25816bit fragment offset field 259(including flag bits) 260in the IPv4 header, after computing logical AND with the variable. 261The variable is used for inter-operating with devices that 262implement RFC1826 AH. 263It should be set to zero 264(clear the fragment offset field during computation) 265for RFC2402 conformance. 266.It Li ipsec.dfbit 267This variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation. 268If set to 0, the DF bit on the outer IPv4 header will be cleared while 2691 means that the outer DF bit is set regardless from the inner DF bit and 2702 indicates that the DF bit is copied from the inner header to the 271outer one. 272The variable is supplied to conform to RFC2401 chapter 6.1. 273.It Li ipsec.ecn 274If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will 275be friendly to ECN 276(explicit congestion notification), 277as documented in 278.Li draft-ietf-ipsec-ecn-02.txt . 279.Xr gif 4 280talks more about the behavior. 281.It Li ipsec.debug 282If set to non-zero, debug messages will be generated via 283.Xr syslog 3 . 284.It Li ipsec.natt_cksum_policy 285Controls how the kernel handles TCP and UDP checksums when ESP in UDP 286encapsulation is used for IPsec transport mode. 287If set to a non-zero value, the kernel fully recomputes checksums for 288inbound TCP segments and UDP datagrams after they are decapsulated and 289decrypted. 290If set to 0 and original addresses were configured for corresponding SA 291by the IKE daemon, the kernel incrementally recomputes checksums for 292inbound TCP segments and UDP datagrams. 293If addresses were not configured, the checksums are ignored. 294.It Li ipsec.check_policy_history 295Enables strict policy checking for inbound packets. 296By default, inbound security policies check that packets handled by IPsec 297have been decrypted and authenticated. 298If this variable is set to a non-zero value, each packet handled by IPsec 299is checked against the history of IPsec security associations. 300The IPsec security protocol, mode, and SA addresses must match. 301.El 302.Pp 303Variables under the 304.Li net.inet6.ipsec6 305tree have similar meanings to those described above. 306.\" 307.Sh PROTOCOLS 308The 309.Nm 310protocol acts as a plug-in to the 311.Xr inet 4 312and 313.Xr inet6 4 314protocols and therefore supports most of the protocols defined upon 315those IP-layer protocols. 316The 317.Xr icmp 4 318and 319.Xr icmp6 4 320protocols may behave differently with 321.Nm 322because 323.Nm 324can prevent 325.Xr icmp 4 326or 327.Xr icmp6 4 328routines from looking into the IP payload. 329.\" 330.Sh SEE ALSO 331.Xr ioctl 2 , 332.Xr socket 2 , 333.Xr ipsec_set_policy 3 , 334.Xr crypto 4 , 335.Xr enc 4 , 336.Xr if_ipsec 4 , 337.Xr icmp6 4 , 338.Xr intro 4 , 339.Xr ip6 4 , 340.Xr setkey 8 , 341.Xr sysctl 8 342.\".Xr racoon 8 343.Rs 344.%A "S. Kent" 345.%A "R. Atkinson" 346.%T "IP Authentication Header" 347.%O "RFC 2404" 348.Re 349.Rs 350.%A "S. Kent" 351.%A "R. Atkinson" 352.%T "IP Encapsulating Security Payload (ESP)" 353.%O "RFC 2406" 354.Re 355.Sh STANDARDS 356.Rs 357.%A Daniel L. McDonald 358.%A Craig Metz 359.%A Bao G. Phan 360.%T "PF_KEY Key Management API, Version 2" 361.%R RFC 362.%N 2367 363.Re 364.Pp 365.Rs 366.%A "D. L. McDonald" 367.%T "A Simple IP Security API Extension to BSD Sockets" 368.%R internet draft 369.%N "draft-mcdonald-simple-ipsec-api-03.txt" 370.%O work in progress material 371.Re 372.Sh HISTORY 373The original 374.Nm 375implementation appeared in the WIDE/KAME IPv6/IPsec stack. 376.Pp 377For 378.Fx 5.0 379a fully locked IPsec implementation called fast_ipsec was brought in. 380The protocols drew heavily on the 381.Ox 382implementation of the 383.Tn IPsec 384protocols. 385The policy management code was derived from the 386.Tn KAME 387implementation found 388in their 389.Tn IPsec 390protocols. 391The fast_ipsec implementation lacked 392.Xr ip6 4 393support but made use of the 394.Xr crypto 4 395subsystem. 396.Pp 397For 398.Fx 7.0 399.Xr ip6 4 400support was added to fast_ipsec. 401After this the old KAME IPsec implementation was dropped and fast_ipsec 402became what now is the only 403.Nm 404implementation in 405.Fx . 406.Sh BUGS 407There is no single standard for the policy engine API, 408so the policy engine API described herein is just for this implementation. 409.Pp 410AH and tunnel mode encapsulation may not work as you might expect. 411If you configure inbound 412.Dq require 413policy with an AH tunnel or any IPsec encapsulating policy with AH 414(like 415.Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) , 416tunnelled packets will be rejected. 417This is because the policy check is enforced on the inner packet on reception, 418and AH authenticates encapsulating 419(outer) 420packet, not the encapsulated 421(inner) 422packet 423(so for the receiving kernel there is no sign of authenticity). 424The issue will be solved when we revamp our policy engine to keep all the 425packet decapsulation history. 426.Pp 427When a large database of security associations or policies is present 428in the kernel the 429.Dv SADB_DUMP 430and 431.Dv SADB_SPDDUMP 432operations on 433.Dv PF_KEY 434sockets may fail due to lack of space. 435Increasing the socket buffer 436size may alleviate this problem. 437.Pp 438The 439.Tn IPcomp 440protocol may occasionally error because of 441.Xr zlib 3 442problems. 443.Pp 444This documentation needs more review. 445