1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
Content-type: text/html
<HTML><HEAD><TITLE>Manpage of IPSEC_SPIGRP</TITLE>
</HEAD><BODY>
<H1>IPSEC_SPIGRP</H1>
Section: File Formats (5)<BR>Updated: 27 Jun 2000<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB"> </A>
<H2>NAME</H2>
ipsec_spigrp - list IPSEC Security Association groupings
<A NAME="lbAC"> </A>
<H2>SYNOPSIS</H2>
<B>ipsec</B>
<B>spigrp</B>
<P>
<B>cat</B>
<B>/proc/net/ipsec_spigrp</B>
<P>
<A NAME="lbAD"> </A>
<H2>DESCRIPTION</H2>
<I>/proc/net/ipsec_spigrp</I>
is a read-only file that lists groups of IPSEC Security Associations
(SAs).
<P>
An entry in the IPSEC extended routing table can only point (via an
SAID) to one SA. If more than one transform must be applied to a given
type of packet, this can be accomplished by setting up several SAs with
the same destination address but potentially different SPIs and
protocols, and grouping them with
<I><A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8)</I>.
<P>
The SA groups are listed, one line per connection/group, as a sequence
of SAs to be applied (or that should have been applied, in the case of
an incoming packet) from inside to outside the packet. An SA is
identified by its SAID, which consists of protocol ("ah", "esp", "comp" or
"tun"), SPI (with '.' for IPv4 or ':' for IPv6 prefixed hexadecimal number ) and destination address
(IPv4 dotted quad or IPv6 coloned hex) prefixed by '@', in the format <proto><af><spi>@<dest>.
<A NAME="lbAE"> </A>
<H2>EXAMPLES</H2>
<DL COMPACT>
<DT><B><A HREF="mailto:tun.3d0@192.168.2.110">tun.3d0@192.168.2.110</A></B>
<DD>
<B><A HREF="mailto:comp.3d0@192.168.2.110">comp.3d0@192.168.2.110</A></B>
<B><A HREF="mailto:esp.187a101b@192.168.2.110">esp.187a101b@192.168.2.110</A></B>
<B><A HREF="mailto:ah.187a101a@192.168.2.110">ah.187a101a@192.168.2.110</A> </B>
</DL>
<P>
is a group of 3 SAs, destined for
<B>192.168.2.110</B>
with an IPv4-in-IPv4 tunnel SA applied first with an SPI of
<B>3d0</B>
in hexadecimal, followed by a Deflate compression header to compress
the packet with CPI of
<B>3d0</B>
in hexadecimal, followed by an Encapsulating Security Payload header to
encrypt the packet with SPI
<B>187a101b</B>
in hexadecimal, followed by an Authentication Header to authenticate the
packet with SPI
<B>187a101a</B>
in hexadecimal, applied from inside to outside the packet. This could
be an incoming or outgoing group, depending on the address of the local
machine.
<P>
<DL COMPACT>
<DT><B>tun:<A HREF="mailto:3d0@3049">3d0@3049</A>:1::2</B>
<DD>
<B>comp:<A HREF="mailto:3d0@3049">3d0@3049</A>:1::2</B>
<B>esp:<A HREF="mailto:187a101b@3049">187a101b@3049</A>:1::2</B>
<B>ah:<A HREF="mailto:187a101a@3049">187a101a@3049</A>:1::2 </B>
</DL>
<P>
is a group of 3 SAs, destined for
<B>3049:1::2</B>
with an IPv6-in-IPv6 tunnel SA applied first with an SPI of
<B>3d0</B>
in hexadecimal, followed by a Deflate compression header to compress
the packet with CPI of
<B>3d0</B>
in hexadecimal, followed by an Encapsulating Security Payload header to
encrypt the packet with SPI
<B>187a101b</B>
in hexadecimal, followed by an Authentication Header to authenticate the
packet with SPI
<B>187a101a</B>
in hexadecimal, applied from inside to outside the packet. This could
be an incoming or outgoing group, depending on the address of the local
machine.
<P>
<A NAME="lbAF"> </A>
<H2>FILES</H2>
/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
<A NAME="lbAG"> </A>
<H2>SEE ALSO</H2>
<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5),
<A HREF="ipsec_spi.5.html">ipsec_spi</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5),
<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5)
<A NAME="lbAH"> </A>
<H2>HISTORY</H2>
Written for the Linux FreeS/WAN project
<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>>
by Richard Guy Briggs.
<A NAME="lbAI"> </A>
<H2>BUGS</H2>
:-)
<P>
<HR>
<A NAME="index"> </A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">EXAMPLES</A><DD>
<DT><A HREF="#lbAF">FILES</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">HISTORY</A><DD>
<DT><A HREF="#lbAI">BUGS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 21:40:18 GMT, November 11, 2003
</BODY>
</HTML>
|
