Content-type: text/html

<HTML><HEAD><TITLE>Manpage of IPSEC_SPIGRP</TITLE>
</HEAD><BODY>
<H1>IPSEC_SPIGRP</H1>
Section: File Formats (5)<BR>Updated: 27 Jun 2000<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>




<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

ipsec_spigrp - list IPSEC Security Association groupings
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>ipsec</B>

<B>spigrp</B>

<P>

<B>cat</B>

<B>/proc/net/ipsec_spigrp</B>

<P>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>/proc/net/ipsec_spigrp</I>

is a read-only file that lists groups of IPSEC Security Associations
(SAs).
<P>

An entry in the IPSEC extended routing table can only point (via an
SAID) to one SA.  If more than one transform must be applied to a given
type of packet, this can be accomplished by setting up several SAs with
the same destination address but potentially different SPIs and
protocols, and grouping them with
<I><A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8)</I>.

<P>

The SA groups are listed, one line per connection/group, as a sequence
of SAs to be applied (or that should have been applied, in the case of
an incoming packet) from inside to outside the packet.  An SA is
identified by its SAID, which consists of protocol (&quot;ah&quot;, &quot;esp&quot; or
&quot;tun&quot;), SPI ('0x'-prefixed hexadecimal number) and destination address
(IPv4 dotted quad) prefixed by '@', in the format &lt;proto&gt;&lt;spi&gt;@&lt;dest&gt;.
<A NAME="lbAE">&nbsp;</A>
<H2>EXAMPLES</H2>

<DL COMPACT>
<DT><B><A HREF="mailto:tun0x3d0@192.168.2.110">tun0x3d0@192.168.2.110</A></B>

<DD>
<B><A HREF="mailto:esp0x187a101b@192.168.2.110">esp0x187a101b@192.168.2.110</A></B>

<B><A HREF="mailto:ah0x187a101a@192.168.2.110">ah0x187a101a@192.168.2.110</A> </B>

</DL>
<P>

is a group of 3 SAs, destined for 
<B>192.168.2.110</B>

with an IP-in-IP tunnel SA applied first with an SPI of
<B>3d0</B>

in hexadecimal, followed by an Encapsulating Security Payload header to
encrypt the packet with SPI
<B>187a101b</B>

in hexadecimal, followed by an Authentication Header to authenticate the
packet with SPI
<B>187a101a</B>

in hexadecimal, applied from inside to outside the packet.  This could
be an incoming or outgoing group, depending on the address of the local
machine.
<P>

<A NAME="lbAF">&nbsp;</A>
<H2>FILES</H2>

/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>

<A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_eroute.5.html">ipsec_eroute</A>(5),
<A HREF="ipsec_spi.5.html">ipsec_spi</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_spigrp.8.html">ipsec_spigrp</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5),
<A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5)
<A NAME="lbAH">&nbsp;</A>
<H2>HISTORY</H2>

Written for the Linux FreeS/WAN project
&lt;<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>&gt;
by Richard Guy Briggs.
<A NAME="lbAI">&nbsp;</A>
<H2>BUGS</H2>

:-)














<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">EXAMPLES</A><DD>
<DT><A HREF="#lbAF">FILES</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">HISTORY</A><DD>
<DT><A HREF="#lbAI">BUGS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 02:46:48 GMT, July 02, 2000
</BODY>
</HTML>