diff options
Diffstat (limited to 'doc/manpage.d/ipsec_eroute.5.html')
| -rw-r--r-- | doc/manpage.d/ipsec_eroute.5.html | 370 |
1 files changed, 0 insertions, 370 deletions
diff --git a/doc/manpage.d/ipsec_eroute.5.html b/doc/manpage.d/ipsec_eroute.5.html deleted file mode 100644 index 158b57015..000000000 --- a/doc/manpage.d/ipsec_eroute.5.html +++ /dev/null @@ -1,370 +0,0 @@ -Content-type: text/html - -<HTML><HEAD><TITLE>Manpage of IPSEC_EROUTE</TITLE> -</HEAD><BODY> -<H1>IPSEC_EROUTE</H1> -Section: File Formats (5)<BR>Updated: 20 Sep 2001<BR><A HREF="#index">Index</A> -<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> - - - - -<A NAME="lbAB"> </A> -<H2>NAME</H2> - -ipsec_eroute - list of existing eroutes -<A NAME="lbAC"> </A> -<H2>SYNOPSIS</H2> - -<B>ipsec</B> - -<B>eroute</B> - -<P> - -<B>cat</B> - -<B>/proc/net/ipsec_eroute</B> - -<A NAME="lbAD"> </A> -<H2>DESCRIPTION</H2> - -<I>/proc/net/ipsec_eroute</I> - -lists the IPSEC extended routing tables, -which control what (if any) processing is applied -to non-encrypted packets arriving for IPSEC processing and forwarding. -At this point it is a read-only file. -<P> - -A table entry consists of: -<DL COMPACT> -<DT>+<DD> -packet count, -<DT>+<DD> -source address with mask, -<DT>+<DD> -a '->' separator for visual and automated parsing between src and dst -<DT>+<DD> -destination address with mask -<DT>+<DD> -a '=>' separator for visual and automated parsing between selection -criteria and SAID to use -<DT>+<DD> -SAID (Security Association IDentifier), comprised of: -<DT>+<DD> -protocol -(<I>proto</I>), -<DT>+<DD> -address family -(<I>af</I>), -where '.' stands for IPv4 and ':' for IPv6 -<DT>+<DD> -Security Parameters Index -(<I>SPI</I>), -<DT>+<DD> -effective destination -(<I>edst</I>), -where the packet should be forwarded after processing -(normally the other security gateway) -together indicate which Security Association should be used to process -the packet, -<DT>+<DD> -source identity text string with no whitespace, in parens, -<DT>+<DD> -destination identity text string with no whitespace, in parens -</DL> -<P> - -Addresses are written as IPv4 dotted quads or IPv6 coloned hex, -protocol is one of "ah", "esp", "comp" or "tun" -and -SPIs are prefixed hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6 -<P> - -SAIDs are written as "<A HREF="mailto:protoafSPI@edst">protoafSPI@edst</A>". There are also 5 -"magic" SAIDs which have special meaning: -<DL COMPACT> -<DT>+<DD> -<B>%drop</B> - -means that matches are to be dropped -<DT>+<DD> -<B>%reject</B> - -means that matches are to be dropped and an ICMP returned, if -possible to inform -<DT>+<DD> -<B>%trap</B> - -means that matches are to trigger an ACQUIRE message to the Key -Management daemon(s) and a hold eroute will be put in place to -prevent subsequent packets also triggering ACQUIRE messages. -<DT>+<DD> -<B>%hold</B> - -means that matches are to stored until the eroute is replaced or -until that eroute gets reaped -<DT>+<DD> -<B>%pass</B> - -means that matches are to allowed to pass without IPSEC processing -<BR> - - -</DL> -<A NAME="lbAE"> </A> -<H2>EXAMPLES</H2> - -<P> - -<B>1867 172.31.252.0/24 -> 0.0.0.0/0 => <A HREF="mailto:tun.130@192.168.43.1">tun.130@192.168.43.1</A> </B> - -<BR> - -<B> ()<TT> </TT>()</B> - -<P> - -means that 1,867 packets have been sent to an<BR> -<B>eroute</B> - -that has been set up to protect traffic between the subnet -<B>172.31.252.0</B> - -with a subnet mask of -<B>24</B> - -bits and the default address/mask represented by an address of -<B>0.0.0.0</B> - -with a subnet mask of -<B>0</B> - -bits using the local machine as a security gateway on this end of the -tunnel and the machine -<B>192.168.43.1</B> - -on the other end of the tunnel with a Security Association IDentifier of -<B><A HREF="mailto:tun0x130@192.168.43.1">tun0x130@192.168.43.1</A></B> - -which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a -Security Parameters Index of -<B>130</B> - -in hexadecimal with no identies defined for either end. -<P> - -<B>125 3049:1::/64 -> 0:0/0 => tun:<A HREF="mailto:130@3058">130@3058</A>:4::5<TT> </TT>()<TT> </TT>()</B> - -<P> - -means that 125 packets have been sent to an<BR> -<B>eroute</B> - -that has been set up to protect traffic between the subnet -<B>3049:1::</B> - -with a subnet mask of -<B>64</B> - -bits and the default address/mask represented by an address of -<B>0:0</B> - -with a subnet mask of -<B>0</B> - -bits using the local machine as a security gateway on this end of the -tunnel and the machine -<B>3058:4::5</B> - -on the other end of the tunnel with a Security Association IDentifier of -<B>tun:<A HREF="mailto:130@3058">130@3058</A>:4::5</B> - -which means that it is a tunnel mode connection with a -Security Parameters Index of -<B>130</B> - -in hexadecimal with no identies defined for either end. -<P> - -<B>42 192.168.6.0/24 -> 192.168.7.0/24 => %passthrough</B> - -<P> - -means that 42 packets have been sent to an -<B>eroute</B> - -that has been set up to pass the traffic from the subnet -<B>192.168.6.0</B> - -with a subnet mask of -<B>24</B> - -bits and to subnet -<B>192.168.7.0</B> - -with a subnet mask of -<B>24</B> - -bits without any IPSEC processing with no identies defined for either end. -<P> - -<B>2112 192.168.8.55/32 -> 192.168.9.47/24 => %hold<TT> </TT>(east)<TT> </TT>()</B> - -<P> - -means that 2112 packets have been sent to an<BR> -<B>eroute</B> - -that has been set up to hold the traffic from the host -<B>192.168.8.55</B> - -and to host -<B>192.168.9.47</B> - -until a key exchange from a Key Management daemon -succeeds and puts in an SA or fails and puts in a pass -or drop eroute depending on the default configuration with the local client -defined as "east" and no identy defined for the remote end. -<P> - -<B>2001 192.168.2.110/32 -> 192.168.2.120/32 => </B> - -<BR> - -<B> <A HREF="mailto:esp.e6de@192.168.2.120">esp.e6de@192.168.2.120</A><TT> </TT>()<TT> </TT>()</B> - -<P> - -means that 2001 packets have been sent to an<BR> -<B>eroute</B> - -that has been set up to protect traffic between the host -<B>192.168.2.110</B> - -and the host -<B>192.168.2.120</B> - -using -<B>192.168.2.110</B> - -as a security gateway on this end of the -connection and the machine -<B>192.168.2.120</B> - -on the other end of the connection with a Security Association IDentifier of -<B><A HREF="mailto:esp.e6de@192.168.2.120">esp.e6de@192.168.2.120</A></B> - -which means that it is a transport mode connection with a Security -Parameters Index of -<B>e6de</B> - -in hexadecimal using Encapsuation Security Payload protocol (50, -IPPROTO_ESP) with no identies defined for either end. -<P> - -<B>1984 3049:1::110/128 -> 3049:1::120/128 => </B> - -<BR> - -<B> ah:<A HREF="mailto:f5ed@3049">f5ed@3049</A>:1::120<TT> </TT>()<TT> </TT>()</B> - -<P> - -means that 1984 packets have been sent to an<BR> -<B>eroute</B> - -that has been set up to authenticate traffic between the host -<B>3049:1::110</B> - -and the host -<B>3049:1::120</B> - -using -<B>3049:1::110</B> - -as a security gateway on this end of the -connection and the machine -<B>3049:1::120</B> - -on the other end of the connection with a Security Association IDentifier of -<B>ah:<A HREF="mailto:f5ed@3049">f5ed@3049</A>:1::120</B> - -which means that it is a transport mode connection with a Security -Parameters Index of -<B>f5ed</B> - -in hexadecimal using Authentication Header protocol (51, -IPPROTO_AH) with no identies defined for either end. -<A NAME="lbAF"> </A> -<H2>FILES</H2> - -/proc/net/ipsec_eroute, /usr/local/bin/ipsec -<A NAME="lbAG"> </A> -<H2>SEE ALSO</H2> - -<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_spi.5.html">ipsec_spi</A>(5), -<A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_eroute.8.html">ipsec_eroute</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5), -<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5) -<A NAME="lbAH"> </A> -<H2>HISTORY</H2> - -Written for the Linux FreeS/WAN project -<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>> -by Richard Guy Briggs. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<P> - -<HR> -<A NAME="index"> </A><H2>Index</H2> -<DL> -<DT><A HREF="#lbAB">NAME</A><DD> -<DT><A HREF="#lbAC">SYNOPSIS</A><DD> -<DT><A HREF="#lbAD">DESCRIPTION</A><DD> -<DT><A HREF="#lbAE">EXAMPLES</A><DD> -<DT><A HREF="#lbAF">FILES</A><DD> -<DT><A HREF="#lbAG">SEE ALSO</A><DD> -<DT><A HREF="#lbAH">HISTORY</A><DD> -</DL> -<HR> -This document was created by -<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, -using the manual pages.<BR> -Time: 21:40:17 GMT, November 11, 2003 -</BODY> -</HTML> |