Seth Woolley's Man Viewer

Manual for spigrp - man 5 spigrp

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

IPSEC_SPIGRP(5)                                                IPSEC_SPIGRP(5)



NAME
       ipsec_spigrp - list IPSEC Security Association groupings

SYNOPSIS
       ipsec(5,8) spigrp(5,8)

       cat /proc(5,n)/net/ipsec_spigrp


DESCRIPTION
       /proc(5,n)/net/ipsec_spigrp  is  a read-only file(1,n) that lists groups of IPSEC
       Security Associations (SAs).

       An entry in(1,8) the IPSEC extended routing table can  only  point  (via  an
       SAID) to one SA.  If more than one transform must be applied to a given
       type of packet, this can be accomplished by setting up several SAs with
       the  same destination address but potentially different SPIs and proto-
       cols, and grouping them with ipsec_spigrp(8).

       The SA groups are listed, one line per connection/group, as a  sequence
       of  SAs to be applied (or that should have been applied, in(1,8) the case of
       an incoming packet) from inside to outside the packet.  An SA is  iden-
       tified  by its SAID, which consists of protocol ("ah", "esp", "comp" or
       "tun"), SPI (with '.' for IPv4 or ':'  for  IPv6  prefixed  hexadecimal
       number ) and destination address (IPv4 dotted quad or IPv6 coloned hex)
       prefixed by '@', in(1,8) the format <proto><af><spi(5,8)>@<dest>.

EXAMPLES
       tun.3d0@192.168.2.110
              comp.3d0@192.168.2.110                esp.187a101b@192.168.2.110
              ah.187a101a@192.168.2.110

       is  a  group  of 3 SAs, destined for 192.168.2.110 with an IPv4-in-IPv4
       tunnel SA applied first with an SPI of 3d0 in(1,8) hexadecimal, followed  by
       a  Deflate compression header to compress the packet with CPI of 3d0 in(1,8)
       hexadecimal, followed by an Encapsulating Security  Payload  header  to
       encrypt  the  packet  with  SPI 187a101b in(1,8) hexadecimal, followed by an
       Authentication Header to authenticate the packet with SPI  187a101a  in(1,8)
       hexadecimal,  applied from inside to outside the packet.  This could be
       an incoming or outgoing group, depending on the address  of  the  local
       machine.


       tun:3d0@3049:1::2
              comp:3d0@3049:1::2 esp:187a101b@3049:1::2 ah:187a101a@3049:1::2

       is a group of 3 SAs, destined for 3049:1::2 with an IPv6-in-IPv6 tunnel
       SA applied first with an SPI of  3d0  in(1,8)  hexadecimal,  followed  by  a
       Deflate  compression  header  to compress the packet with CPI of 3d0 in(1,8)
       hexadecimal, followed by an Encapsulating Security  Payload  header  to
       encrypt  the  packet  with  SPI 187a101b in(1,8) hexadecimal, followed by an
       Authentication Header to authenticate the packet with SPI  187a101a  in(1,8)
       hexadecimal,  applied from inside to outside the packet.  This could be
       an incoming or outgoing group, depending on the address  of  the  local
       machine.


FILES
       /proc(5,n)/net/ipsec_spigrp, /usr/local/bin/ipsec(5,8)

SEE ALSO
       ipsec(5,8)(8),     ipsec_manual(8),     ipsec_tncfg(5),     ipsec_eroute(5),
       ipsec_spi(5), ipsec_klipsdebug(5),  ipsec_spigrp(8),  ipsec_version(5),
       ipsec_pf_key(5)

HISTORY
       Written  for  the Linux FreeS/WAN project <http://www.freeswan.org/> by
       Richard Guy Briggs.

BUGS
       :-)



                                  27 Jun 2000                  IPSEC_SPIGRP(5)

References for this manual (incoming links)