man ip.8 miss xfrm option

I was asked to at least mention the xfrm option in ip manual. I added all usage into ip.8 and try to write some basic information about xfrm. If someone want complete it, I'll be happy. Marcela Maslanova a16304c0cdbdbc8926b112743b4bd49069a50cd7 man/man8/ip.8 | 474 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 474 insertions(+), 0 deletions(-) Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
2008-02-22 16:16:03 +01:00 · 2008-02-22 16:16:03 +01:00 · ae9b671d51
parent 69cae645b2
commit ae9b671d51
1 changed files with 499 additions and 25 deletions
--- a/man/man8/ip.8
+++ b/man/man8/ip.8
@ -351,6 +351,313 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 .ti -8
 .BR "ip monitor" " [ " all " |"
 .IR LISTofOBJECTS " ]"
 .ti -8
 .BR "ip xfrm"
 .IR XFRM_OBJECT " { " COMMAND " }"
 .ti -8
 .IR XFRM_OBJECT " := { " state " | " policy " | " monitor " } "
 .ti -8
 .BR "ip xfrm state " { " add " | " update " } "
 .IR ID " [ "
 .IR XFRM_OPT " ] "
 .RB " [ " mode
 .IR MODE " ] "
 .br
 .RB " [ " reqid
 .IR REQID " ] "
 .RB " [ " seq
 .IR SEQ " ] "
 .RB " [ " replay-window
 .IR SIZE " ] "
 .br
 .RB " [ " flag
 .IR FLAG-LIST " ] "
 .RB " [ " encap
 .IR ENCAP " ] "
 .RB " [ " sel
 .IR SELECTOR " ] "
 .br
 .RB " [ "
 .IR LIMIT-LIST " ] "
 .ti -8
 .BR "ip xfrm state allocspi "
 .IR ID
 .RB " [ " mode
 .IR MODE " ] "
 .RB " [ " reqid
 .IR REQID " ] "
 .RB " [ " seq
 .IR SEQ " ] "
 .RB " [ " min
 .IR SPI
 .B max
 .IR SPI " ] "
 .ti -8
 .BR "ip xfrm state" " { " delete " | " get " } "
 .IR ID
 .ti -8
 .BR "ip xfrm state" " { " deleteall " | " list " } [ "
 .IR ID " ] "
 .RB " [ " mode
 .IR MODE " ] "
 .br
 .RB " [ " reqid
 .IR REQID " ] "
 .RB " [ " flag
 .IR FLAG_LIST " ] "
 .ti -8
 .BR "ip xfrm state flush" " [ " proto
 .IR XFRM_PROTO " ] "
 .ti -8
 .BR "ip xfrm state count"
 .ti -8
 .IR ID " := "
 .RB " [ " src
 .IR ADDR " ] "
 .RB " [ " dst
 .IR ADDR " ] "
 .RB " [ " proto
 .IR XFRM_PROTO " ] "
 .RB " [ " spi
 .IR SPI " ] "
 .ti -8
 .IR XFRM_PROTO " := "
 .RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
 .ti -8
 .IR MODE " := "
 .RB " [ " transport " | " tunnel " | " ro " | " beet " ] "
 .b (default=transport)
 .ti -8
 .IR FLAG-LIST " := "
 .RI " [ " FLAG-LIST " ] " FLAG
 .ti -8
 .IR FLAG " := "
 .RB " [ " noecn " | " decap-dscp " | " wildrecv " ] "
 .ti -8
 .IR ENCAP " := " ENCAP-TYPE " " SPORT " " DPORT " " OADDR
 .ti -8
 .IR ENCAP-TYPE " := "
 .B espinudp
 .RB " | "
 .B espinudp-nonike
 .ti -8
 .IR ALGO-LIST " := [ "
 .IR ALGO-LIST " ] | [ "
 .IR ALGO " ] "
 .ti -8
 .IR ALGO " := "
 .IR ALGO_TYPE
 .IR ALGO_NAME
 .IR ALGO_KEY
 .ti -8
 .IR ALGO_TYPE " := "
 .RB " [ " enc " | " auth " | " comp " ] "
 .ti -8
 .IR SELECTOR " := "
 .B src
 .IR ADDR "[/" PLEN "]"
 .B dst
 .IR ADDR "[/" PLEN "]"
 .RI " [ " UPSPEC " ] "
 .RB " [ " dev
 .IR DEV " ] "
 .ti -8
 .IR UPSPEC " := "
 .B proto
 .IR PROTO " [[ "
 .B sport
 .IR PORT " ] "
 .RB " [ " dport
 .IR PORT " ] | "
 .br
 .RB " [ " type
 .IR NUMBER " ] "
 .RB " [ " code
 .IR NUMBER " ]] "
 .ti -8
 .IR LIMIT-LIST " := [ " LIMIT-LIST " ] |"
 .RB " [ "limit
 .IR LIMIT " ] "
 .ti -8
 .IR LIMIT " := "
 .RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
 .IR SECONDS " ] | "
 .RB "[ ["byte-soft "|" byte-hard "]"
 .IR SIZE " ] | "
 .br
 .RB " [ ["packet-soft "|" packet-hard "]"
 .IR COUNT " ] "
 .ti -8
 .BR "ip xfrm policy" " { " add " | " update " } " " dir "
 .IR DIR
 .IR SELECTOR " [ "
 .BR index
 .IR INDEX " ] "
 .br
 .RB " [ " ptype
 .IR PTYPE " ] "
 .RB " [ " action
 .IR ACTION " ] "
 .RB " [ " priority
 .IR PRIORITY " ] "
 .br
 .RI " [ " LIMIT-LIST " ] [ "
 .IR TMPL-LIST " ] "
 .ti -8
 .BR "ip xfrm policy" " { " delete " | " get " } " " dir "
 .IR DIR " [ " SELECTOR " | "
 .BR index
 .IR INDEX
 .RB " ] "
 .br
 .RB " [ " ptype
 .IR PTYPE " ] "
 .ti -8
 .BR "ip xfrm policy" " { " deleteall " | " list " } "
 .RB " [ " dir
 .IR DIR " ] [ "
 .IR SELECTOR " ] "
 .br
 .RB " [ " index
 .IR INDEX " ] "
 .RB " [ " action
 .IR ACTION " ] "
 .RB " [ " priority
 .IR PRIORITY " ] "
 .ti -8
 .B "ip xfrm policy flush"
 .RB " [ " ptype
 .IR PTYPE " ] "
 .ti -8
 .B "ip xfrm count"
 .ti -8
 .IR PTYPE " := "
 .RB " [ " main " | " sub " ] "
 .b (default=main)
 .ti -8
 .IR DIR " := "
 .RB " [ " in " | " out " | " fwd " ] "
 .ti -8
 .IR SELECTOR " := "
 .B src
 .IR ADDR "[/" PLEN "]"
 .B dst
 .IR ADDR "[/" PLEN] " [ " UPSPEC
 .RB " ] [ " dev
 .IR DEV " ] "
 .ti -8
 .IR UPSPEC " := "
 .B proto
 .IR PROTO " [ "
 .RB " [ " sport
 .IR PORT " ] "
 .RB " [ " dport
 .IR PORT " ] | "
 .br
 .RB " [ " type
 .IR NUMBER " ] "
 .RB " [ " code
 .IR NUMBER " ] ] "
 .ti -8
 .IR ACTION " := "
 .RB " [ " allow " | " block " ]"
 .b (default=allow)
 .ti -8
 .IR LIMIT-LIST " := "
 .RB " [ "
 .IR LIMIT-LIST " ] | "
 .RB " [ " limit
 .IR LIMIT " ] "
 .ti -8
 .IR LIMIT " := "
 .RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
 .IR SECONDS " ] | "
 .RB " [ [" byte-soft "|" byte-hard "]"
 .IR SIZE " ] | "
 .br [ "
 .RB "[" packet-soft "|" packet-hard "]"
 .IR NUMBER " ] "
 .ti -8
 .IR TMPL-LIST " := "
 .b " [ "
 .IR TMPL-LIST " ] | "
 .RB " [ " tmpl
 .IR TMPL " ] "
 .ti -8
 .IR TMPL " := "
 .IR ID " [ "
 .B mode
 .IR MODE " ] "
 .RB " [ " reqid
 .IR REQID " ] "
 .RB " [ " level
 .IR LEVEL " ] "
 .ti -8
 .IR ID " := "
 .RB " [ " src
 .IR ADDR " ] "
 .RB " [ " dst
 .IR ADDR " ] "
 .RB " [ " proto
 .IR XFRM_PROTO " ] "
 .RB " [ " spi
 .IR SPI " ] "
 .ti -8
 .IR XFRM_PROTO " := "
 .RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
 .ti -8
 .IR MODE " := "
 .RB " [ " transport " | " tunnel " | " beet " ] "
 .b (default=transport)
 .ti -8
 .IR LEVEL " := "
 .RB " [ " required " | " use " ] "
 .b (default=required)
 .ti -8
 .BR "ip xfrm monitor" " [ " all " | "
 .IR LISTofOBJECTS " ] "
 .in -8
 .ad b
@ -460,6 +767,10 @@ host addresses.
 .B tunnel
 - tunnel over IP.
 .TP
 .B xfrm
 - framework for IPsec protocol.
 .PP
 The names of all objects may be written in full or
 abbreviated form, f.e.
@ -1915,6 +2226,169 @@ at any time.
 It prepends the history with the state snapshot dumped at the moment
 of starting.
 .SH ip xfrm - setting xfrm
 xfrm is an IP framework, which can transform format of the datagrams,
 .br
 i.e. encrypt the packets with some algorithm. xfrm policy and xfrm state
 are associated through templates
 .IR TMPL_LIST "."
 This framework is used as a part of IPsec protocol.
 .SS ip xfrm state add - add new state into xfrm
 .SS ip xfrm state update - update existing xfrm state
 .SS ip xfrm state allocspi - allocate SPI value
 .TP
 .I MODE
 is set as default to
 .BR transport ","
 but it could be set to
 .BR tunnel "," ro " or " beet "."
 .TP
 .I FLAG-LIST
 contains one or more flags.
 .TP
 .I FLAG
 could be set to
 .BR noecn ", " decap-dscp " or " wildrecv "."
 .TP
 .I ENCAP
 encapsulation is set to encapsulation type
 .IR ENCAP-TYPE ", source port " SPORT ", destination port "  DPORT " and " OADDR "."
 .TP
 .I ENCAP-TYPE
 could be set to
 .BR espinudp " or " espinudp-nonike "."
 .TP
 .I ALGO-LIST
 contains one or more algorithms
 .I ALGO
 which depend on the type of algorithm set by
 .IR ALGO_TYPE "."
 It can be used these algoritms
 .BR enc ", " auth " or " comp "."
 .SS ip xfrm policy add - add a new policy
 .SS ip xfrm policy update - update an existing policy
 .SS ip xfrm policy delete - delete existing policy
 .SS ip xfrm policy get - get existing policy
 .SS ip xfrm policy deleteall - delete all existing xfrm policy
 .SS ip xfrm policy list - print out the list of xfrm policy
 .SS ip xfrm policy flush - flush policies
 It can be flush
 .BR all
 policies or only those specified with
 .BR ptype "."
 .TP
 .BI dir " DIR "
 directory could be one of these:
 .BR "inp", " out " or " fwd".
 .TP
 .IR SELECTOR
 selects for which addresses will be set up the policy. The selector
 is defined by source and destination address.
 .TP
 .IR UPSPEC
 is defined by source port
 .BR sport ", "
 destination port
 .BR dport ", " type
 as number and
 .B code
 also number.
 .TP
 .BI dev " DEV "
 specify network device.
 .TP
 .BI index " INDEX "
 the number of indexed policy.
 .TP
 .BI ptype " PTYPE "
 type is set as default on
 .BR "main" ,
 could be switch on
 .BR "sub" .
 .TP
 .BI action " ACTION "
 is set as default on
 .BR "allow".
 It could be switch on
 .BR "block".
 .TP
 .BI priority " PRIORITY "
 priority is a number. Default priority is set on zero.
 .TP
 .IR LIMIT-LIST
 limits are set in seconds, bytes or numbers of packets.
 .TP
 .IR TMPL-LIST
 template list is based on
 .IR ID ","
 .BR mode ", " reqid " and " level ". "
 .TP
 .IR ID
 is specified by source address, destination address,
 .I proto
 and value of
 .IR spi "."
 .TP
 .IR XFRM_PROTO
 values:
 .BR esp ", " ah ", " comp ", " route2 " or " hao "."
 .TP
 .IR MODE
 is set as default on
 .BR transport ","
 but it could be set on
 .BR tunnel " or " beet "."
 .TP
 .IR LEVEL
 is set as default on
 .BR required
 and the other choice is
 .BR use "."
 .TP
 .IR UPSPEC
 is specified by
 .BR sport ", "
 .BR dport ", " type
 and
 .B code
 (NUMBER).
 .SS ip xfrm monitor - is used for listing all objects or defined group of them.
 The
 .B xfrm monitor
 can monitor the policies for all objects or defined group of them.
 .SH HISTORY
 .B ip
 was written by Alexey N. Kuznetsov and added in Linux 2.2.