diff options
Diffstat (limited to 'doc/manpage.d/ipsec_spigrp.5.html')
| -rw-r--r-- | doc/manpage.d/ipsec_spigrp.5.html | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/doc/manpage.d/ipsec_spigrp.5.html b/doc/manpage.d/ipsec_spigrp.5.html new file mode 100644 index 000000000..e0efcb73e --- /dev/null +++ b/doc/manpage.d/ipsec_spigrp.5.html @@ -0,0 +1,193 @@ +Content-type: text/html + +<HTML><HEAD><TITLE>Manpage of IPSEC_SPIGRP</TITLE> +</HEAD><BODY> +<H1>IPSEC_SPIGRP</H1> +Section: File Formats (5)<BR>Updated: 27 Jun 2000<BR><A HREF="#index">Index</A> +<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> + + + + +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +ipsec_spigrp - list IPSEC Security Association groupings +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +<B>ipsec</B> + +<B>spigrp</B> + +<P> + +<B>cat</B> + +<B>/proc/net/ipsec_spigrp</B> + +<P> + +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +<I>/proc/net/ipsec_spigrp</I> + +is a read-only file that lists groups of IPSEC Security Associations +(SAs). +<P> + +An entry in the IPSEC extended routing table can only point (via an +SAID) to one SA. If more than one transform must be applied to a given +type of packet, this can be accomplished by setting up several SAs with +the same destination address but potentially different SPIs and +protocols, and grouping them with +<I><A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8)</I>. + +<P> + +The SA groups are listed, one line per connection/group, as a sequence +of SAs to be applied (or that should have been applied, in the case of +an incoming packet) from inside to outside the packet. An SA is +identified by its SAID, which consists of protocol ("ah", "esp", "comp" or +"tun"), SPI (with '.' for IPv4 or ':' for IPv6 prefixed hexadecimal number ) and destination address +(IPv4 dotted quad or IPv6 coloned hex) prefixed by '@', in the format <proto><af><spi>@<dest>. +<A NAME="lbAE"> </A> +<H2>EXAMPLES</H2> + +<DL COMPACT> +<DT><B><A HREF="mailto:tun.3d0@192.168.2.110">tun.3d0@192.168.2.110</A></B> + +<DD> +<B><A HREF="mailto:comp.3d0@192.168.2.110">comp.3d0@192.168.2.110</A></B> + +<B><A HREF="mailto:esp.187a101b@192.168.2.110">esp.187a101b@192.168.2.110</A></B> + +<B><A HREF="mailto:ah.187a101a@192.168.2.110">ah.187a101a@192.168.2.110</A> </B> + +</DL> +<P> + +is a group of 3 SAs, destined for +<B>192.168.2.110</B> + +with an IPv4-in-IPv4 tunnel SA applied first with an SPI of +<B>3d0</B> + +in hexadecimal, followed by a Deflate compression header to compress +the packet with CPI of +<B>3d0</B> + +in hexadecimal, followed by an Encapsulating Security Payload header to +encrypt the packet with SPI +<B>187a101b</B> + +in hexadecimal, followed by an Authentication Header to authenticate the +packet with SPI +<B>187a101a</B> + +in hexadecimal, applied from inside to outside the packet. This could +be an incoming or outgoing group, depending on the address of the local +machine. +<P> + +<DL COMPACT> +<DT><B>tun:<A HREF="mailto:3d0@3049">3d0@3049</A>:1::2</B> + +<DD> +<B>comp:<A HREF="mailto:3d0@3049">3d0@3049</A>:1::2</B> + +<B>esp:<A HREF="mailto:187a101b@3049">187a101b@3049</A>:1::2</B> + +<B>ah:<A HREF="mailto:187a101a@3049">187a101a@3049</A>:1::2 </B> + +</DL> +<P> + +is a group of 3 SAs, destined for +<B>3049:1::2</B> + +with an IPv6-in-IPv6 tunnel SA applied first with an SPI of +<B>3d0</B> + +in hexadecimal, followed by a Deflate compression header to compress +the packet with CPI of +<B>3d0</B> + +in hexadecimal, followed by an Encapsulating Security Payload header to +encrypt the packet with SPI +<B>187a101b</B> + +in hexadecimal, followed by an Authentication Header to authenticate the +packet with SPI +<B>187a101a</B> + +in hexadecimal, applied from inside to outside the packet. This could +be an incoming or outgoing group, depending on the address of the local +machine. +<P> + +<A NAME="lbAF"> </A> +<H2>FILES</H2> + +/proc/net/ipsec_spigrp, /usr/local/bin/ipsec +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5), +<A HREF="ipsec_spi.5.html">ipsec_spi</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5), +<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5) +<A NAME="lbAH"> </A> +<H2>HISTORY</H2> + +Written for the Linux FreeS/WAN project +<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>> +by Richard Guy Briggs. +<A NAME="lbAI"> </A> +<H2>BUGS</H2> + +:-) + + + + + + + + + + + + + + + + + + + + + + + +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">EXAMPLES</A><DD> +<DT><A HREF="#lbAF">FILES</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">HISTORY</A><DD> +<DT><A HREF="#lbAI">BUGS</A><DD> +</DL> +<HR> +This document was created by +<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, +using the manual pages.<BR> +Time: 21:40:18 GMT, November 11, 2003 +</BODY> +</HTML> |