Content-type: text/html

<HTML><HEAD><TITLE>Manpage of IPSEC_EROUTE</TITLE>
</HEAD><BODY>
<H1>IPSEC_EROUTE</H1>
Section: File Formats (5)<BR>Updated: 26 Jun 2000<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>




<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

ipsec_eroute - list of existing eroutes
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>ipsec</B>

<B>eroute</B>

<P>

<B>cat</B>

<B>/proc/net/ipsec_eroute</B>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>/proc/net/ipsec_eroute</I>

lists the IPSEC extended routing tables,
which control what (if any) processing is applied
to non-encrypted packets arriving for IPSEC processing and forwarding.
At this point it is a read-only file.
<P>

A table entry consists of:
<DL COMPACT>
<DT>+<DD>
source address with mask,
<DT>+<DD>
a '-&gt;' separator for visual and automated parsing between src and dst
<DT>+<DD>
destination address with mask
<DT>+<DD>
a '=&gt;' separator for visual and automated parsing between selection
criteria and SAID to use
<DT>+<DD>
SAID (Security Association IDentifier), comprised of:
<DT>+<DD>
protocol
(<I>proto</I>),
<DT>+<DD>
Security Parameters Index
(<I>SPI</I>),
<DT>+<DD>
effective destination
(<I>edst</I>),
where the packet should be forwarded after processing
(normally the other security gateway)
together indicate which Security Association should be used to process the packet
</DL>
<P>

Addresses are written as IPv4 dotted quads,
protocol is one of &quot;ah&quot;, &quot;esp&quot; or &quot;tun&quot;
and
SPIs are '0x'-prefixed hexadecimal numbers
<P>

SAIDs are written as &quot;<A HREF="mailto:proto0xSPI@edst">proto0xSPI@edst</A>&quot;.
<BR>


<A NAME="lbAE">&nbsp;</A>
<H2>EXAMPLES</H2>

<P>

<B>172.31.252.0/24    -&gt; 0.0.0.0/0          =&gt; <A HREF="mailto:tun0x130@192.168.43.1">tun0x130@192.168.43.1</A></B>

<P>

means that an
<B>eroute</B>

has been set up to protect traffic between the subnet
<B>172.31.252.0</B>

with a subnet mask of
<B>24</B>

bits and the default address/mask represented by an address of
<B>0.0.0.0</B>

with a subnet mask of
<B>0</B>

bits using the local machine as a security gateway on this end of the
tunnel and the machine
<B>192.168.43.1</B>

on the other end of the tunnel with a Security Association IDentifier of
<B><A HREF="mailto:tun0x130@192.168.43.1">tun0x130@192.168.43.1</A></B>

which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a
Security Parameters Index of
<B>130</B>

in hexadecimal.
<P>

<B>192.168.6.0/24     -&gt; 192.168.7.0/24     =&gt; %passthrough</B>

<P>

means that an
<B>eroute</B>

has been set up to pass the traffic from the subnet
<B>192.168.6.0</B>

with a subnet mask of
<B>24</B>

bits and to subnet
<B>192.168.7.0</B>

with a subnet mask of
<B>24</B>

bits without any IPSEC processing.
<P>

<B>192.168.2.110/32   -&gt; 192.168.2.120/32   =&gt; </B>

<BR>

<B>        <A HREF="mailto:esp0xe6de@192.168.2.120">esp0xe6de@192.168.2.120</A></B>

<P>

means that an
<B>eroute</B>

has been set up to protect traffic between the host
<B>192.168.2.110</B>

and the host
<B>192.168.2.120</B>

using
<B>192.168.2.110</B>

as a security gateway on this end of the
connection and the machine
<B>192.168.2.120</B>

on the other end of the connection with a Security Association IDentifier of
<B><A HREF="mailto:esp0xe6de@192.168.2.120">esp0xe6de@192.168.2.120</A></B>

which means that it is a transport mode connection with a Security
Parameters Index of
<B>e6de</B>

in hexadecimal using Encapsuation Security Payload protocol (50,
IPPROTO_ESP).
<A NAME="lbAF">&nbsp;</A>
<H2>FILES</H2>

/proc/net/ipsec_eroute, /usr/local/bin/ipsec
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>

<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_spi.5.html">ipsec_spi</A>(5),
<A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_eroute.8.html">ipsec_eroute</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5),
<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5)
<A NAME="lbAH">&nbsp;</A>
<H2>HISTORY</H2>

Written for the Linux FreeS/WAN project
&lt;<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>&gt;
by Richard Guy Briggs.















<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">EXAMPLES</A><DD>
<DT><A HREF="#lbAF">FILES</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">HISTORY</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 02:46:47 GMT, July 02, 2000
</BODY>
</HTML>