diff options
Diffstat (limited to 'doc/manpage.d/ipsec_spi.5.html')
| -rw-r--r-- | doc/manpage.d/ipsec_spi.5.html | 305 |
1 files changed, 0 insertions, 305 deletions
diff --git a/doc/manpage.d/ipsec_spi.5.html b/doc/manpage.d/ipsec_spi.5.html deleted file mode 100644 index b1cf89033..000000000 --- a/doc/manpage.d/ipsec_spi.5.html +++ /dev/null @@ -1,305 +0,0 @@ -Content-type: text/html - -<HTML><HEAD><TITLE>Manpage of IPSEC_SPI</TITLE> -</HEAD><BODY> -<H1>IPSEC_SPI</H1> -Section: File Formats (5)<BR>Updated: 26 Jun 2000<BR><A HREF="#index">Index</A> -<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> - - - - -<A NAME="lbAB"> </A> -<H2>NAME</H2> - -ipsec_spi - list IPSEC Security Associations -<A NAME="lbAC"> </A> -<H2>SYNOPSIS</H2> - -<B>ipsec</B> - -<B>spi</B> - -<P> - -<B>cat</B> - -<B>/proc/net/ipsec_spi</B> - -<P> - -<A NAME="lbAD"> </A> -<H2>DESCRIPTION</H2> - -<I>/proc/net/ipsec_spi</I> - -is a read-only file that lists the current IPSEC Security Associations. -A Security Association (SA) is a transform through which packet contents -are to be processed before being forwarded. A transform can be an -IPv4-in-IPv4 or IPv6-in-IPv6 encapsulation, an IPSEC Authentication Header (authentication -with no encryption), or an IPSEC Encapsulation Security Payload -(encryption, possibly including authentication). -<P> - -When a packet is passed from a higher networking layer through an IPSEC -virtual interface, a search in the extended routing table (see -<I><A HREF="ipsec_eroute.5.html">ipsec_eroute</A></I>(5)) - -yields -a IP protocol number -, -a Security Parameters Index (SPI) -and -an effective destination address -When an IPSEC packet arrives from the network, -its ostensible destination, an SPI and an IP protocol -specified by its outermost IPSEC header are used. -The destination/SPI/protocol combination is used to select a relevant SA. -(See -<I><A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A></I>(5) - -for discussion of how multiple transforms are combined.) -<P> - -An -<I>spi ,</I> - -<I>proto, </I> - -<I>daddr</I> - -and -<I>address_family</I> - -arguments specify an SAID. -<I>Proto</I> - -is an ASCII string, "ah", "esp", "comp" or "tun", specifying the IP protocol. -<I>Spi</I> - -is a number, preceded by '.' indicating hexadecimal and IPv4 or by ':' indicating hexadecimal and IPv6, -where each hexadecimal digit represents 4 bits, -between -<B>0x100</B> - -and -<B>0xffffffff</B>; - -values from -<B>0x0</B> - -to -<B>0xff</B> - -are reserved. -<I>Daddr</I> - -is a dotted-decimal IPv4 destination address or a coloned hex IPv6 destination address. -<P> - -An -<I>SAID</I> - -combines the three parameters above, such as: "<A HREF="mailto:tun.101@1.2.3.4">tun.101@1.2.3.4</A>" for IPv4 or "tun:<A HREF="mailto:101@3049">101@3049</A>:1::1" for IPv6 -<P> - -A table entry consists of: -<DL COMPACT> -<DT>+<DD> -<B>SAID</B> - -<DT>+<DD> -<transform name (proto,encalg,authalg)>: -<DT>+<DD> -direction (dir=) -<DT>+<DD> -source address (src=) -<DT>+<DD> -source and destination addresses and masks for inner header policy check -addresses (policy=), as dotted-quads or coloned hex, separated by '->', -for IPv4-in-IPv4 or IPv6-in-IPv6 SAs only -<DT>+<DD> -initialisation vector length and value (iv_bits=, iv=) if non-zero -<DT>+<DD> -out-of-order window size, number of out-of-order errors, sequence -number, recently received packet bitmask, maximum difference between -sequence numbers (ooowin=, ooo_errs=, seq=, bit=, max_seq_diff=) if SA -is AH or ESP and if individual items are non-zero -<DT>+<DD> -extra flags (flags=) if any are set -<DT>+<DD> -authenticator length in bits (alen=) if non-zero -<DT>+<DD> -authentication key length in bits (aklen=) if non-zero -<DT>+<DD> -authentication errors (auth_errs=) if non-zero -<DT>+<DD> -encryption key length in bits (eklen=) if non-zero -<DT>+<DD> -encryption size errors (encr_size_errs=) if non-zero -<DT>+<DD> -encryption padding error warnings (encr_pad_errs=) if non-zero -<DT>+<DD> -lifetimes legend, c=Current status, s=Soft limit when exceeded will -initiate rekeying, h=Hard limit will cause termination of SA (life(c,s,h)=) -<DT>+<DD> -number of connections to which the SA is allocated (c), that will cause a -rekey (s), that will cause an expiry (h) (alloc=), if any value is non-zero -<DT>+<DD> -number of bytes processesd by this SA (c), that will cause a rekey (s), that -will cause an expiry (h) (bytes=), if any value is non-zero -<DT>+<DD> -time since the SA was added (c), until rekey (s), until expiry (h), in seconds (add=) -<DT>+<DD> -time since the SA was first used (c), until rekey (s), until expiry (h), in seconds (used=), -if any value is non-zero -<DT>+<DD> -number of packets processesd by this SA (c), that will cause a rekey (s), that -will cause an expiry (h) (packets=), if any value is non-zero -<DT>+<DD> -time since the last packet was processed, in seconds (idle=), if SA has -been used -<DT><DD> -average compression ratio (ratio=) -</DL> -<A NAME="lbAE"> </A> -<H2>EXAMPLES</H2> - -<B><A HREF="mailto:tun.12a@192.168.43.1">tun.12a@192.168.43.1</A> IPIP: dir=out src=192.168.43.2</B> - -<BR> - -<B> life(c,s,h)=bytes(14073,0,0)add(269,0,0)</B> - -<BR> - -<B> use(149,0,0)packets(14,0,0)</B> - -<BR> - -<B> idle=23</B> - -<P> - -is an outbound IPv4-in-IPv4 (protocol 4) tunnel-mode SA set up between machines -192.168.43.2 and 192.168.43.1 with an SPI of 12a in hexadecimal that has -passed about 14 kilobytes of traffic in 14 packets since it was created, -269 seconds ago, first used 149 seconds ago and has been idle for 23 -seconds. -<P> - -<B>esp:<A HREF="mailto:9a35fc02@3049">9a35fc02@3049</A>:1::1 ESP_3DES_HMAC_MD5:</B> - -<BR> - -<B> dir=in src=<A HREF="mailto:9a35fc02@3049">9a35fc02@3049</A>:1::2</B> - -<BR> - -<B> ooowin=32 seq=7149 bit=0xffffffff</B> - -<BR> - -<B> alen=128 aklen=128 eklen=192</B> - -<BR> - -<B> life(c,s,h)=bytes(1222304,0,0)add(4593,0,0)</B> - -<BR> - -<B> use(3858,0,0)packets(7149,0,0)</B> - -<BR> - -<B> idle=23</B> - -<P> - -is an inbound Encapsulating Security Payload (protocol 50) SA on machine -3049:1::1 with an SPI of 9a35fc02 that uses 3DES as the encryption -cipher, HMAC MD5 as the authentication algorithm, an out-of-order -window of 32 packets, a present sequence number of 7149, every one of -the last 32 sequence numbers was received, the authenticator length and -keys is 128 bits, the encryption key is 192 bits (actually 168 for 3DES -since 1 of 8 bits is a parity bit), has passed 1.2 Mbytes of data in -7149 packets, was added 4593 seconds ago, first used -3858 seconds ago and has been idle for 23 seconds. -<P> - -<A NAME="lbAF"> </A> -<H2>FILES</H2> - -/proc/net/ipsec_spi, /usr/local/bin/ipsec -<A NAME="lbAG"> </A> -<H2>SEE ALSO</H2> - -<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5), -<A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_spi.8.html">ipsec_spi</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5), -<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5) -<A NAME="lbAH"> </A> -<H2>HISTORY</H2> - -Written for the Linux FreeS/WAN project -<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>> -by Richard Guy Briggs. -<A NAME="lbAI"> </A> -<H2>BUGS</H2> - -The add and use times are awkward, displayed in seconds since machine -start. It would be better to display them in seconds before now for -human readability. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<P> - -<HR> -<A NAME="index"> </A><H2>Index</H2> -<DL> -<DT><A HREF="#lbAB">NAME</A><DD> -<DT><A HREF="#lbAC">SYNOPSIS</A><DD> -<DT><A HREF="#lbAD">DESCRIPTION</A><DD> -<DT><A HREF="#lbAE">EXAMPLES</A><DD> -<DT><A HREF="#lbAF">FILES</A><DD> -<DT><A HREF="#lbAG">SEE ALSO</A><DD> -<DT><A HREF="#lbAH">HISTORY</A><DD> -<DT><A HREF="#lbAI">BUGS</A><DD> -</DL> -<HR> -This document was created by -<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, -using the manual pages.<BR> -Time: 21:40:18 GMT, November 11, 2003 -</BODY> -</HTML> |