The kernel deals with the individual packets sent and received by the computer. This is sometimes called the forwarding plane. It involves turning normal IP packets into secure IPsec packets, carrying out encryption, decryption, signing, encapsulation, and decapsulation of the packets. These techniques all involve changing and verifying packets, and are normally performed by the kernel.
Authentication Header (RFC 2404) is the first new network protocol that was introduced. It received IP protocol number 51. (Other examples are the TCP protocol, IP protocol 6, and the UDP protocol, IP protocol 17. On a computer running Linux, you can find a list of IP protocols in /etc/protocols
). Don't be misled by the name: AH does not just authenticate the header of an IP packet, but authenticates the data (payload) as well as parts of the header.
When two machines are configured with secret keys to communicate using the AH protocol, they agree on...