diff options
Diffstat (limited to 'doc/manpage.d/ipsec_eroute.8.html')
| -rw-r--r-- | doc/manpage.d/ipsec_eroute.8.html | 421 |
1 files changed, 0 insertions, 421 deletions
diff --git a/doc/manpage.d/ipsec_eroute.8.html b/doc/manpage.d/ipsec_eroute.8.html deleted file mode 100644 index 7489462d7..000000000 --- a/doc/manpage.d/ipsec_eroute.8.html +++ /dev/null @@ -1,421 +0,0 @@ -Content-type: text/html - -<HTML><HEAD><TITLE>Manpage of IPSEC_EROUTE</TITLE> -</HEAD><BODY> -<H1>IPSEC_EROUTE</H1> -Section: Maintenance Commands (8)<BR>Updated: 21 Jun 2000<BR><A HREF="#index">Index</A> -<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> - - - - -<A NAME="lbAB"> </A> -<H2>NAME</H2> - -ipsec eroute - manipulate IPSEC extended routing tables -<A NAME="lbAC"> </A> -<H2>SYNOPSIS</H2> - -<B>ipsec</B> - -<B>eroute</B> - -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--add</B> - -<B>--eraf (inet | inet6)</B> - -<B>--src</B> - -src/srcmaskbits|srcmask -<B>--dst</B> - -dst/dstmaskbits|dstmask -<SAID> -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--replace</B> - -<B>--eraf (inet | inet6)</B> - -<B>--src</B> - -src/srcmaskbits|srcmask -<B>--dst</B> - -dst/dstmaskbits|dstmask -<SAID> -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--del</B> - -<B>--eraf (inet | inet6)</B> - -<B>--src</B> - -src/srcmaskbits|srcmask -<B>--dst</B> - -dst/dstmaskbits|dstmask -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--clear</B> - -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--help</B> - -<P> - -<B>ipsec</B> - -<B>eroute</B> - -<B>--version</B> - -<P> - -Where <SAID> is -<B>--af</B> - -(inet | inet6) -<B>--edst</B> - -edst -<B>--spi</B> - -spi -<B>--proto</B> - -proto -OR -<B>--said</B> - -said -OR -<B>--said</B> - -<B>(%passthrough | %passthrough4 | %passthrough6)</B> - -<A NAME="lbAD"> </A> -<H2>DESCRIPTION</H2> - -<I>Eroute</I> - -manages the IPSEC extended routing tables, -which control what (if any) processing is applied -to non-encrypted packets arriving for IPSEC processing and forwarding. -The form with no additional arguments lists the contents of -/proc/net/ipsec_eroute. -The -<B>--add</B> - -form adds a table entry, the -<B>--replace</B> - -form replaces a table entry, while the -<B>--del</B> - -form deletes one. The -<B>--clear</B> - -form deletes the entire table. -<P> - -A table entry consists of: -<DL COMPACT> -<DT>+<DD> -source and destination addresses, -with masks, -for selection of packets -<DT>+<DD> -Security Association IDentifier, comprised of: -<DT>+<DD> -protocol -(<I>proto</I>), indicating (together with the -effective destination and the security parameters index) -which Security Association should be used to process the packet -<DT>+<DD> -address family -(<I>af</I>), -<DT>+<DD> -Security Parameters Index -(<I>spi</I>), indicating (together with the -effective destination and protocol) -which Security Association should be used to process the packet -(must be larger than or equal to 0x100) -<DT>+<DD> -effective destination -(<I>edst</I>), -where the packet should be forwarded after processing -(normally the other security gateway) -<DT>+<DD> -OR -<DT>+<DD> -SAID -(<I>said</I>), indicating -which Security Association should be used to process the packet -</DL> -<P> - -Addresses are written as IPv4 dotted quads or IPv6 coloned hex, -protocol is one of "ah", "esp", "comp" or "tun" and SPIs are -prefixed hexadecimal numbers where '.' represents IPv4 and ':' -stands for IPv6. -<P> - -SAIDs are written as "<A HREF="mailto:protoafSPI@address">protoafSPI@address</A>". There are also 5 -"magic" SAIDs which have special meaning: -<DL COMPACT> -<DT>+<DD> -<B>%drop</B> - -means that matches are to be dropped -<DT>+<DD> -<B>%reject</B> - -means that matches are to be dropped and an ICMP returned, if -possible to inform -<DT>+<DD> -<B>%trap</B> - -means that matches are to trigger an ACQUIRE message to the Key -Management daemon(s) and a hold eroute will be put in place to -prevent subsequent packets also triggering ACQUIRE messages. -<DT>+<DD> -<B>%hold</B> - -means that matches are to stored until the eroute is replaced or -until that eroute gets reaped -<DT>+<DD> -<B>%pass</B> - -means that matches are to allowed to pass without IPSEC processing -</DL> -<P> - -The format of /proc/net/ipsec_eroute is listed in <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5). -<BR> - - -<A NAME="lbAE"> </A> -<H2>EXAMPLES</H2> - -<P> - -<B>ipsec eroute --add --eraf inet --src 192.168.0.1/32 \</B> - -<BR> - -<B> --dst 192.168.2.0/24 --af inet --edst 192.168.0.2 \</B> - -<BR> - -<B> --spi 0x135 --proto tun</B> - -<P> - -sets up an -<B>eroute</B> - -on a Security Gateway to protect traffic between the host -<B>192.168.0.1</B> - -and the subnet -<B>192.168.2.0</B> - -with -<B>24</B> - -bits of subnet mask via Security Gateway -<B>192.168.0.2</B> - -using the Security Association with address -<B>192.168.0.2</B>, - -Security Parameters Index -<B>0x135</B> - -and protocol -<B>tun</B> - -(50, IPPROTO_ESP). -<P> - -<B>ipsec eroute --add --eraf inet6 --src 3049:1::1/128 \</B> - -<BR> - -<B> --dst 3049:2::/64 --af inet6 --edst 3049:1::2 \</B> - -<BR> - -<B> --spi 0x145 --proto tun</B> - -<P> - -sets up an -<B>eroute</B> - -on a Security Gateway to protect traffic between the host -<B>3049:1::1</B> - -and the subnet -<B>3049:2::</B> - -with -<B>64</B> - -bits of subnet mask via Security Gateway -<B>3049:1::2</B> - -using the Security Association with address -<B>3049:1::2</B>, - -Security Parameters Index -<B>0x145</B> - -and protocol -<B>tun</B> - -(50, IPPROTO_ESP). -<P> - -<B>ipsec eroute --replace --eraf inet --src company.com/24 \</B> - -<BR> - -<B> --dst <A HREF="ftp://ftp.ngo.org">ftp.ngo.org</A>/32 --said <A HREF="mailto:tun.135@gw.ngo.org">tun.135@gw.ngo.org</A></B> - -<P> - -replaces an -<B>eroute</B> - -on a Security Gateway to protect traffic between the subnet -<B>company.com</B> - -with -<B>24</B> - -bits of subnet mask and the host -<B><A HREF="ftp://ftp.ngo.org">ftp.ngo.org</A></B> - -via Security Gateway -<B>gw.ngo.org</B> - -using the Security Association with Security Association ID -<B><A HREF="mailto:tun0x135@gw.ngo.org">tun0x135@gw.ngo.org</A></B> - -<P> - -<B>ipsec eroute --del --eraf inet --src company.com/24 \</B> - -<BR> - -<B> --dst <A HREF="http://www.ietf.org">www.ietf.org</A>/32 --said %passthrough4</B> - -<P> - -deletes an -<B>eroute</B> - -on a Security Gateway that allowed traffic between the subnet -<B>company.com</B> - -with -<B>24</B> - -bits of subnet mask and the host -<B><A HREF="http://www.ietf.org">www.ietf.org</A></B> - -to pass in the clear, unprocessed. -<A NAME="lbAF"> </A> -<H2>FILES</H2> - -/proc/net/ipsec_eroute, /usr/local/bin/ipsec -<A NAME="lbAG"> </A> -<H2>SEE ALSO</H2> - -<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.8.html">ipsec_tncfg</A>(8), <A HREF="ipsec_spi.8.html">ipsec_spi</A>(8), -<A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8), <A HREF="ipsec_klipsdebug.8.html">ipsec_klipsdebug</A>(8), <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5) -<A NAME="lbAH"> </A> -<H2>HISTORY</H2> - -Written for the Linux FreeS/WAN project -<<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>> -by Richard Guy Briggs. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<P> - -<HR> -<A NAME="index"> </A><H2>Index</H2> -<DL> -<DT><A HREF="#lbAB">NAME</A><DD> -<DT><A HREF="#lbAC">SYNOPSIS</A><DD> -<DT><A HREF="#lbAD">DESCRIPTION</A><DD> -<DT><A HREF="#lbAE">EXAMPLES</A><DD> -<DT><A HREF="#lbAF">FILES</A><DD> -<DT><A HREF="#lbAG">SEE ALSO</A><DD> -<DT><A HREF="#lbAH">HISTORY</A><DD> -</DL> -<HR> -This document was created by -<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, -using the manual pages.<BR> -Time: 21:40:17 GMT, November 11, 2003 -</BODY> -</HTML> |