1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_EROUTE</TITLE>
6 Section: File Formats (5)<BR>Updated: 26 Jun 2000<BR><A HREF="#index">Index</A>
7 <A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
12 <A NAME="lbAB"> </A>
15 ipsec_eroute - list of existing eroutes
16 <A NAME="lbAC"> </A>
27 <B>/proc/net/ipsec_eroute</B>
29 <A NAME="lbAD"> </A>
32 <I>/proc/net/ipsec_eroute</I>
34 lists the IPSEC extended routing tables,
35 which control what (if any) processing is applied
36 to non-encrypted packets arriving for IPSEC processing and forwarding.
37 At this point it is a read-only file.
40 A table entry consists of:
45 source address with mask,
47 a '->' separator for visual and automated parsing between src and dst
49 destination address with mask
51 a '=>' separator for visual and automated parsing between selection
52 criteria and SAID to use
54 SAID (Security Association IDentifier), comprised of:
61 where '.' stands for IPv4 and ':' for IPv6
63 Security Parameters Index
68 where the packet should be forwarded after processing
69 (normally the other security gateway)
70 together indicate which Security Association should be used to process the packet
74 Addresses are written as IPv4 dotted quads or IPv6 coloned hex,
75 protocol is one of "ah", "esp", "comp" or "tun"
77 SPIs are prefixed hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6
80 SAIDs are written as "<A HREF="mailto:protoafSPI@edst">protoafSPI@edst</A>". There are also 5
81 "magic" SAIDs which have special meaning:
86 means that matches are to be dropped
90 means that matches are to be dropped and an ICMP returned, if
95 means that matches are to trigger an ACQUIRE message to the Key
96 Management daemon(s) and a hold eroute will be put in place to
97 prevent subsequent packets also triggering ACQUIRE messages.
101 means that matches are to stored until the eroute is replaced or
102 until that eroute gets reaped
106 means that matches are to allowed to pass without IPSEC processing
111 <A NAME="lbAE"> </A>
116 <B>1867 172.31.252.0/24 -> 0.0.0.0/0 => <A HREF="mailto:tun.130@192.168.43.1">tun.130@192.168.43.1</A></B>
120 means that 1,867 packets have been sent to an
123 that has been set up to protect traffic between the subnet
126 with a subnet mask of
129 bits and the default address/mask represented by an address of
132 with a subnet mask of
135 bits using the local machine as a security gateway on this end of the
136 tunnel and the machine
139 on the other end of the tunnel with a Security Association IDentifier of
140 <B><A HREF="mailto:tun0x130@192.168.43.1">tun0x130@192.168.43.1</A></B>
142 which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a
143 Security Parameters Index of
149 <B>125 3049:1::/64 -> 0:0/0 => tun:<A HREF="mailto:130@3058">130@3058</A>:4::5</B>
153 means that 125 packets have been sent to an
156 that has been set up to protect traffic between the subnet
159 with a subnet mask of
162 bits and the default address/mask represented by an address of
165 with a subnet mask of
168 bits using the local machine as a security gateway on this end of the
169 tunnel and the machine
172 on the other end of the tunnel with a Security Association IDentifier of
173 <B>tun:<A HREF="mailto:130@3058">130@3058</A>:4::5</B>
175 which means that it is a tunnel mode connection with a
176 Security Parameters Index of
182 <B>42 192.168.6.0/24 -> 192.168.7.0/24 => %passthrough</B>
186 means that 42 packets have been sent to an
189 that has been set up to pass the traffic from the subnet
192 with a subnet mask of
198 with a subnet mask of
201 bits without any IPSEC processing.
204 <B>2112 192.168.8.55/32 -> 192.168.9.47/24 => %hold</B>
208 means that 2112 packets have been sent to an
211 that has been set up to hold the traffic from the host
217 until a key exchange from a Key Management daemon
218 succeeds and puts in an SA or fails and puts in a pass
219 or drop eroute depending on the default configuration.
222 <B>2001 192.168.2.110/32 -> 192.168.2.120/32 => </B>
226 <B> <A HREF="mailto:esp.e6de@192.168.2.120">esp.e6de@192.168.2.120</A></B>
230 means that 2001 packets have been sent to an
233 that has been set up to protect traffic between the host
242 as a security gateway on this end of the
243 connection and the machine
246 on the other end of the connection with a Security Association IDentifier of
247 <B><A HREF="mailto:esp.e6de@192.168.2.120">esp.e6de@192.168.2.120</A></B>
249 which means that it is a transport mode connection with a Security
253 in hexadecimal using Encapsuation Security Payload protocol (50,
257 <B>1984 3049:1::110/128 -> 3049:1::120/128 => </B>
261 <B> ah:<A HREF="mailto:f5ed@3049">f5ed@3049</A>:1::120</B>
265 means that 1984 packets have been sent to an
268 that has been set up to authenticate traffic between the host
277 as a security gateway on this end of the
278 connection and the machine
281 on the other end of the connection with a Security Association IDentifier of
282 <B>ah:<A HREF="mailto:f5ed@3049">f5ed@3049</A>:1::120</B>
284 which means that it is a transport mode connection with a Security
288 in hexadecimal using Authentication Header protocol (51,
290 <A NAME="lbAF"> </A>
293 /proc/net/ipsec_eroute, /usr/local/bin/ipsec
294 <A NAME="lbAG"> </A>
297 <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_tncfg.5.html">ipsec_tncfg</A>(5), <A HREF="ipsec_spi.5.html">ipsec_spi</A>(5),
298 <A HREF="ipsec_spigrp.5.html">ipsec_spigrp</A>(5), <A HREF="ipsec_klipsdebug.5.html">ipsec_klipsdebug</A>(5), <A HREF="ipsec_eroute.8.html">ipsec_eroute</A>(8), <A HREF="ipsec_version.5.html">ipsec_version</A>(5),
299 <A HREF="ipsec_pf_key.5.html">ipsec_pf_key</A>(5)
300 <A NAME="lbAH"> </A>
303 Written for the Linux FreeS/WAN project
304 <<A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>>
305 by Richard Guy Briggs.
338 <A NAME="index"> </A><H2>Index</H2>
340 <DT><A HREF="#lbAB">NAME</A><DD>
341 <DT><A HREF="#lbAC">SYNOPSIS</A><DD>
342 <DT><A HREF="#lbAD">DESCRIPTION</A><DD>
343 <DT><A HREF="#lbAE">EXAMPLES</A><DD>
344 <DT><A HREF="#lbAF">FILES</A><DD>
345 <DT><A HREF="#lbAG">SEE ALSO</A><DD>
346 <DT><A HREF="#lbAH">HISTORY</A><DD>
349 This document was created by
350 <A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
351 using the manual pages.<BR>
352 Time: 05:09:31 GMT, June 19, 2001