diff options
Diffstat (limited to 'doc/manpage.d/ipsec_spigrp.8.html')
| -rw-r--r-- | doc/manpage.d/ipsec_spigrp.8.html | 280 |
1 files changed, 280 insertions, 0 deletions
diff --git a/doc/manpage.d/ipsec_spigrp.8.html b/doc/manpage.d/ipsec_spigrp.8.html new file mode 100644 index 000000000..2e96c0574 --- /dev/null +++ b/doc/manpage.d/ipsec_spigrp.8.html @@ -0,0 +1,280 @@ +Content-type: text/html + +<HTML><HEAD><TITLE>Manpage of IPSEC_SPIGRP</TITLE> +</HEAD><BODY> +<H1>IPSEC_SPIGRP</H1> +Section: Maintenance Commands (8)<BR>Updated: 21 Jun 2000<BR><A HREF="#index">Index</A> +<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> + + + + +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +ipsec spigrp - group/ungroup IPSEC Security Associations +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +<B>ipsec</B> + +<B>spigrp</B> + +<P> + +<B>ipsec</B> + +<B>spigrp</B> + +[ +<B>--label</B> + +label ] +af1 dst1 spi1 proto1 [ af2 dst2 spi2 proto2 [ af3 dst3 spi3 proto3 [ af4 dst4 spi4 proto4 ] ] ] +<P> + +<B>ipsec</B> + +<B>spigrp</B> + +[ +<B>--label</B> + +label ] +<B>--said</B> + +SA1 [ SA2 [ SA3 [ SA4 ] ] ] +<P> + +<B>ipsec</B> + +<B>spigrp</B> + +<B>--help</B> + +<P> + +<B>ipsec</B> + +<B>spigrp</B> + +<B>--version</B> + +<P> + +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +<I>Spigrp</I> + +groups IPSEC Security Associations (SAs) together or ungroups +previously grouped SAs. +An entry in the IPSEC extended +routing table can only point +(via a destination address, a Security Parameters Index (SPI) and +a protocol identifier) to one SA. +If more than one transform must be applied to a given type of packet, +this can be accomplished by setting up several SAs +with the same destination address but potentially different SPIs and protocols, +and grouping them with +<I>spigrp</I>. + +<P> + +The SAs to be grouped, +specified by destination address (DNS name lookup, IPv4 dotted quad or IPv6 coloned hex), SPI +('0x'-prefixed hexadecimal number) and protocol ("ah", "esp", "comp" or "tun"), +are listed from the inside transform to the +outside; +in other words, the transforms are applied in +the order of the command line and removed in the reverse +order. +The resulting SA group is referred to by its first SA (by +<I>af1</I>, + +<I>dst1</I>, + +<I>spi1</I> + +and +<I>proto1</I>). + +<P> + +The --said option indicates that the SA IDs are to be specified as +one argument each, in the format <proto><af><spi>@<dest>. The SA IDs must +all be specified as separate parameters without the --said option or +all as monolithic parameters after the --said option. +<P> + +The SAs must already exist and must not already +be part of a group. +<P> + +If +<I>spigrp</I> + +is invoked with only one SA specification, +it ungroups the previously-grouped set of SAs containing +the SA specified. +<P> + +The --label option identifies all responses from that command +invocation with a user-supplied label, provided as an argument to the +label option. This can be helpful for debugging one invocation of the +command out of a large number. +<P> + +The command form with no additional arguments lists the contents of +/proc/net/ipsec_spigrp. The format of /proc/net/ipsec_spigrp is +discussed in <A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5). +<A NAME="lbAE"> </A> +<H2>EXAMPLES</H2> + +<DL COMPACT> +<DT><B>ipsec spigrp inet gw2 0x113 tun inet gw2 0x115 esp inet gw2 0x116 ah</B> + +<DD> +groups 3 SAs together, all destined for +<B>gw2</B>, + +but with an IPv4-in-IPv4 tunnel SA applied first with SPI +<B>0x113</B>, + +then an ESP header to encrypt the packet with SPI +<B>0x115</B>, + +and finally an AH header to authenticate the packet with SPI +<B>0x116</B>. + +</DL> +<P> + +<DL COMPACT> +<DT><B>ipsec spigrp --said tun.113@gw2 esp.115@gw2 ah.116@gw2 </B> + +<DD> +groups 3 SAs together, all destined for +<B>gw2</B>, + +but with an IPv4-in-IPv4 tunnel SA applied first with SPI +<B>0x113</B>, + +then an ESP header to encrypt the packet with SPI +<B>0x115</B>, + +and finally an AH header to authenticate the packet with SPI +<B>0x116</B>. + +</DL> +<P> + +<DL COMPACT> +<DT><B>ipsec spigrp --said tun:<A HREF="mailto:233@3049">233@3049</A>:1::1 esp:<A HREF="mailto:235@3049">235@3049</A>:1::1 ah:<A HREF="mailto:236@3049">236@3049</A>:1::1 </B> + +<DD> +groups 3 SAs together, all destined for +<B>3049:1::1,</B> + +but with an IPv6-in-IPv6 tunnel SA applied first with SPI +<B>0x233</B>, + +then an ESP header to encrypt the packet with SPI +<B>0x235</B>, + +and finally an AH header to authenticate the packet with SPI +<B>0x236</B>. + +</DL> +<P> + +<DL COMPACT> +<DT><B>ipsec spigrp inet6 3049:1::1 0x233 tun inet6 3049:1::1 0x235 esp inet6 3049:1::1 0x236 ah</B> + +<DD> +groups 3 SAs together, all destined for +<B>3049:1::1,</B> + +but with an IPv6-in-IPv6 tunnel SA applied first with SPI +<B>0x233</B>, + +then an ESP header to encrypt the packet with SPI +<B>0x235</B>, + +and finally an AH header to authenticate the packet with SPI +<B>0x236</B>. + +</DL> +<P> + +<A NAME="lbAF"> </A> +<H2>FILES</H2> + +/proc/net/ipsec_spigrp, /usr/local/bin/ipsec +<A NAME="lbAG"> </A> +<H2>SEE ALSO</H2> + +<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.8.html">ipsec_tncfg</A>(8), <A HREF="ipsec_eroute.8.html">ipsec_eroute</A>(8), +<A HREF="ipsec_spi.8.html">ipsec_spi</A>(8), <A HREF="ipsec_klipsdebug.8.html">ipsec_klipsdebug</A>(8), <A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5) +<A NAME="lbAH"> </A> +<H2>HISTORY</H2> + +Written for the Linux FreeS/WAN project +<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>> +by Richard Guy Briggs. +<A NAME="lbAI"> </A> +<H2>BUGS</H2> + +Yes, it really is limited to a maximum of four SAs, +although admittedly it's hard to see why you would need more. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">EXAMPLES</A><DD> +<DT><A HREF="#lbAF">FILES</A><DD> +<DT><A HREF="#lbAG">SEE ALSO</A><DD> +<DT><A HREF="#lbAH">HISTORY</A><DD> +<DT><A HREF="#lbAI">BUGS</A><DD> +</DL> +<HR> +This document was created by +<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, +using the manual pages.<BR> +Time: 21:40:18 GMT, November 11, 2003 +</BODY> +</HTML> |