« back to all changes in this revision
Viewing changes to man/man8/ip.8
- browse files at revision 19
- compare with another revision
- download diff
- download tarball
- view history from revision 19
- Committer: Bazaar Package Importer
- Author(s): Alexander Wirt, Andreas Henriksson, Justin B Rye, Alexander Wirt
- Date: 2008-05-11 11:18:29 UTC
- mfrom: (1.1.6 upstream)
- Revision ID: james.westby@ubuntu.com-20080511111829-rfewew7s6kiev0bh
Tags: 20080417-1
[ Andreas Henriksson ]
* New upstream release, v2.6.25 a.k.a. snapshot 20080417.
- Initial documentation for xfrm (Partially fixes #451337)
- Fixes manpage error caught by lintian!
* Fix typos (syntax error) in ip(8) manpage.
- Introduced by upstream, caught by lintian yet again!
* Don't ship useless headers in iproute-dev (Closes: #467557)
* Cherry-pick "Fix bad hash calculation because of signed address" from
upstream. (Closes: #480173)
[ Justin B Rye ]
* Update package description (Closes: #464521)
[ Alexander Wirt ]
* Fix typo in short package description.
* New upstream release, v2.6.25 a.k.a. snapshot 20080417.
- Initial documentation for xfrm (Partially fixes #451337)
- Fixes manpage error caught by lintian!
* Fix typos (syntax error) in ip(8) manpage.
- Introduced by upstream, caught by lintian yet again!
* Don't ship useless headers in iproute-dev (Closes: #467557)
* Cherry-pick "Fix bad hash calculation because of signed address" from
upstream. (Closes: #480173)
[ Justin B Rye ]
* Update package description (Closes: #464521)
[ Alexander Wirt ]
* Fix typo in short package description.
- files added:
- debian/README.Debian
- include/linux/hdlc
- include/netinet
- files removed:
- debian/man
- include/net
- files modified:
- COPYING
added
removed
man/man8/ip.8
13
13
14
14
.ti -8
15
15
.IR OBJECT " := { "
16
.BR link " | " addr " | " route " | " rule " | " neigh " | " tunnel " | "\
17
maddr " | " mroute " | " monitor " }"
16
.BR link " | " addr " | " addrlabel " | " route " | " rule " | " neigh " | "\
17
tunnel " | " maddr " | " mroute " | " monitor " }"
18
18
.sp
19
19
20
20
.ti -8
21
.IR OPTIONS " := { "
21
.IR OPTIONS " := { "
22
22
\fB\-V\fR[\fIersion\fR] |
23
23
\fB\-s\fR[\fItatistics\fR] |
24
24
\fB\-r\fR[\fIesolve\fR] |
46
46
.br
47
47
.B address
48
48
.IR LLADDR " |"
49
.B broadcast
49
.B broadcast
50
50
.IR LLADDR " |"
51
51
.br
52
52
.B mtu
57
57
.RI "[ " DEVICE " ]"
58
58
59
59
.ti -8
60
.BR "ip addr" " { " add " | " del " } "
60
.BR "ip addr" " { " add " | " del " } "
61
61
.IB IFADDR " dev " STRING
62
62
63
63
.ti -8
65
65
.IR STRING " ] [ "
66
66
.B scope
67
67
.IR SCOPE-ID " ] [ "
68
.B to
68
.B to
69
69
.IR PREFIX " ] [ " FLAG-LIST " ] [ "
70
70
.B label
71
71
.IR PATTERN " ]"
97
97
tentative " | " deprecated " ]"
98
98
99
99
.ti -8
100
.BR "ip addrlabel" " { " add " | " del " } " prefix
101
.BR PREFIX " [ "
102
.B dev
103
.IR DEV " ] [ "
104
.B label
105
.IR NUMBER " ]"
106
107
.ti -8
108
.BR "ip addrlabel" " { " list " | " flush " }"
109
110
.ti -8
100
111
.BR "ip route" " { "
101
112
.BR list " | " flush " } "
102
113
.I SELECTOR
103
114
104
115
.ti -8
105
.B ip route get
116
.B ip route get
106
117
.IR ADDRESS " [ "
107
118
.BI from " ADDRESS " iif " STRING"
108
.RB " ] [ " oif
119
.RB " ] [ " oif
109
120
.IR STRING " ] [ "
110
121
.B tos
111
122
.IR TOS " ]"
267
278
.BR "ip tunnel" " { " add " | " change " | " del " | " show " }"
268
279
.RI "[ " NAME " ]"
269
280
.br
270
.RB "[ " mode " { " ipip " | " gre " | " sit " } ]"
271
.br
272
.RB "[ " remote
281
.RB "[ " mode
282
.IR MODE " ] [ "
283
.B remote
273
284
.IR ADDR " ] [ "
274
285
.B local
275
286
.IR ADDR " ]"
278
289
.IR KEY " ] [ "
279
290
.RB "[" i "|" o "]" csum " ] ]"
280
291
.br
292
.RB "[ " encaplimit
293
.IR ELIM " ]"
281
294
.RB "[ " ttl
282
.IR TTL " ] [ "
283
.B tos
295
.IR TTL " ]"
296
.br
297
.RB "[ " tos
284
298
.IR TOS " ] [ "
285
.RB "[" no "]" pmtudisc " ]"
299
.B flowlabel
300
.IR FLOWLABEL " ]"
286
301
.br
302
.RB "[ [" no "]" pmtudisc " ]"
287
303
.RB "[ " dev
288
304
.IR PHYS_DEV " ]"
305
.RB "[ " "dscp inherit" " ]"
306
307
.ti -8
308
.IR MODE " := "
309
.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " any " }"
289
310
290
311
.ti -8
291
312
.IR ADDR " := { " IP_ADDRESS " |"
296
317
.BR inherit " }"
297
318
298
319
.ti -8
320
.IR ELIM " := {
321
.BR none " | "
322
.IR 0 ".." 255 " }"
323
324
.ti -8
325
.ti -8
299
326
.IR TTL " := { " 1 ".." 255 " | "
300
327
.BR inherit " }"
301
328
324
351
.ti -8
325
352
.BR "ip monitor" " [ " all " |"
326
353
.IR LISTofOBJECTS " ]"
354
355
.ti -8
356
.BR "ip xfrm"
357
.IR XFRM_OBJECT " { " COMMAND " }"
358
359
.ti -8
360
.IR XFRM_OBJECT " := { " state " | " policy " | " monitor " } "
361
362
.ti -8
363
.BR "ip xfrm state " { " add " | " update " } "
364
.IR ID " [ "
365
.IR XFRM_OPT " ] "
366
.RB " [ " mode
367
.IR MODE " ] "
368
.br
369
.RB " [ " reqid
370
.IR REQID " ] "
371
.RB " [ " seq
372
.IR SEQ " ] "
373
.RB " [ " replay-window
374
.IR SIZE " ] "
375
.br
376
.RB " [ " flag
377
.IR FLAG-LIST " ] "
378
.RB " [ " encap
379
.IR ENCAP " ] "
380
.RB " [ " sel
381
.IR SELECTOR " ] "
382
.br
383
.RB " [ "
384
.IR LIMIT-LIST " ] "
385
386
.ti -8
387
.BR "ip xfrm state allocspi "
388
.IR ID
389
.RB " [ " mode
390
.IR MODE " ] "
391
.RB " [ " reqid
392
.IR REQID " ] "
393
.RB " [ " seq
394
.IR SEQ " ] "
395
.RB " [ " min
396
.IR SPI
397
.B max
398
.IR SPI " ] "
399
400
.ti -8
401
.BR "ip xfrm state" " { " delete " | " get " } "
402
.IR ID
403
404
.ti -8
405
.BR "ip xfrm state" " { " deleteall " | " list " } [ "
406
.IR ID " ] "
407
.RB " [ " mode
408
.IR MODE " ] "
409
.br
410
.RB " [ " reqid
411
.IR REQID " ] "
412
.RB " [ " flag
413
.IR FLAG_LIST " ] "
414
415
.ti -8
416
.BR "ip xfrm state flush" " [ " proto
417
.IR XFRM_PROTO " ] "
418
419
.ti -8
420
.BR "ip xfrm state count"
421
422
.ti -8
423
.IR ID " := "
424
.RB " [ " src
425
.IR ADDR " ] "
426
.RB " [ " dst
427
.IR ADDR " ] "
428
.RB " [ " proto
429
.IR XFRM_PROTO " ] "
430
.RB " [ " spi
431
.IR SPI " ] "
432
433
.ti -8
434
.IR XFRM_PROTO " := "
435
.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
436
437
.ti -8
438
.IR MODE " := "
439
.RB " [ " transport " | " tunnel " | " ro " | " beet " ] "
440
.B (default=transport)
441
442
.ti -8
443
.IR FLAG-LIST " := "
444
.RI " [ " FLAG-LIST " ] " FLAG
445
446
.ti -8
447
.IR FLAG " := "
448
.RB " [ " noecn " | " decap-dscp " | " wildrecv " ] "
449
450
.ti -8
451
.IR ENCAP " := " ENCAP-TYPE " " SPORT " " DPORT " " OADDR
452
453
.ti -8
454
.IR ENCAP-TYPE " := "
455
.B espinudp
456
.RB " | "
457
.B espinudp-nonike
458
459
.ti -8
460
.IR ALGO-LIST " := [ "
461
.IR ALGO-LIST " ] | [ "
462
.IR ALGO " ] "
463
464
.ti -8
465
.IR ALGO " := "
466
.IR ALGO_TYPE
467
.IR ALGO_NAME
468
.IR ALGO_KEY
469
470
.ti -8
471
.IR ALGO_TYPE " := "
472
.RB " [ " enc " | " auth " | " comp " ] "
473
474
.ti -8
475
.IR SELECTOR " := "
476
.B src
477
.IR ADDR "[/" PLEN "]"
478
.B dst
479
.IR ADDR "[/" PLEN "]"
480
.RI " [ " UPSPEC " ] "
481
.RB " [ " dev
482
.IR DEV " ] "
483
484
.ti -8
485
.IR UPSPEC " := "
486
.B proto
487
.IR PROTO " [[ "
488
.B sport
489
.IR PORT " ] "
490
.RB " [ " dport
491
.IR PORT " ] | "
492
.br
493
.RB " [ " type
494
.IR NUMBER " ] "
495
.RB " [ " code
496
.IR NUMBER " ]] "
497
498
.ti -8
499
.IR LIMIT-LIST " := [ " LIMIT-LIST " ] |"
500
.RB " [ "limit
501
.IR LIMIT " ] "
502
503
.ti -8
504
.IR LIMIT " := "
505
.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
506
.IR SECONDS " ] | "
507
.RB "[ ["byte-soft "|" byte-hard "]"
508
.IR SIZE " ] | "
509
.br
510
.RB " [ ["packet-soft "|" packet-hard "]"
511
.IR COUNT " ] "
512
513
.ti -8
514
.BR "ip xfrm policy" " { " add " | " update " } " " dir "
515
.IR DIR
516
.IR SELECTOR " [ "
517
.BR index
518
.IR INDEX " ] "
519
.br
520
.RB " [ " ptype
521
.IR PTYPE " ] "
522
.RB " [ " action
523
.IR ACTION " ] "
524
.RB " [ " priority
525
.IR PRIORITY " ] "
526
.br
527
.RI " [ " LIMIT-LIST " ] [ "
528
.IR TMPL-LIST " ] "
529
530
.ti -8
531
.BR "ip xfrm policy" " { " delete " | " get " } " " dir "
532
.IR DIR " [ " SELECTOR " | "
533
.BR index
534
.IR INDEX
535
.RB " ] "
536
.br
537
.RB " [ " ptype
538
.IR PTYPE " ] "
539
540
.ti -8
541
.BR "ip xfrm policy" " { " deleteall " | " list " } "
542
.RB " [ " dir
543
.IR DIR " ] [ "
544
.IR SELECTOR " ] "
545
.br
546
.RB " [ " index
547
.IR INDEX " ] "
548
.RB " [ " action
549
.IR ACTION " ] "
550
.RB " [ " priority
551
.IR PRIORITY " ] "
552
553
.ti -8
554
.B "ip xfrm policy flush"
555
.RB " [ " ptype
556
.IR PTYPE " ] "
557
558
.ti -8
559
.B "ip xfrm count"
560
561
.ti -8
562
.IR PTYPE " := "
563
.RB " [ " main " | " sub " ] "
564
.B (default=main)
565
566
.ti -8
567
.IR DIR " := "
568
.RB " [ " in " | " out " | " fwd " ] "
569
570
.ti -8
571
.IR SELECTOR " := "
572
.B src
573
.IR ADDR "[/" PLEN "]"
574
.B dst
575
.IR ADDR "[/" PLEN] " [ " UPSPEC
576
.RB " ] [ " dev
577
.IR DEV " ] "
578
579
.ti -8
580
.IR UPSPEC " := "
581
.B proto
582
.IR PROTO " [ "
583
.RB " [ " sport
584
.IR PORT " ] "
585
.RB " [ " dport
586
.IR PORT " ] | "
587
.br
588
.RB " [ " type
589
.IR NUMBER " ] "
590
.RB " [ " code
591
.IR NUMBER " ] ] "
592
593
.ti -8
594
.IR ACTION " := "
595
.RB " [ " allow " | " block " ]"
596
.B (default=allow)
597
598
.ti -8
599
.IR LIMIT-LIST " := "
600
.RB " [ "
601
.IR LIMIT-LIST " ] | "
602
.RB " [ " limit
603
.IR LIMIT " ] "
604
605
.ti -8
606
.IR LIMIT " := "
607
.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
608
.IR SECONDS " ] | "
609
.RB " [ [" byte-soft "|" byte-hard "]"
610
.IR SIZE " ] | "
611
.br [ "
612
.RB "[" packet-soft "|" packet-hard "]"
613
.IR NUMBER " ] "
614
615
.ti -8
616
.IR TMPL-LIST " := "
617
.B " [ "
618
.IR TMPL-LIST " ] | "
619
.RB " [ " tmpl
620
.IR TMPL " ] "
621
622
.ti -8
623
.IR TMPL " := "
624
.IR ID " [ "
625
.B mode
626
.IR MODE " ] "
627
.RB " [ " reqid
628
.IR REQID " ] "
629
.RB " [ " level
630
.IR LEVEL " ] "
631
632
.ti -8
633
.IR ID " := "
634
.RB " [ " src
635
.IR ADDR " ] "
636
.RB " [ " dst
637
.IR ADDR " ] "
638
.RB " [ " proto
639
.IR XFRM_PROTO " ] "
640
.RB " [ " spi
641
.IR SPI " ] "
642
643
.ti -8
644
.IR XFRM_PROTO " := "
645
.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
646
647
.ti -8
648
.IR MODE " := "
649
.RB " [ " transport " | " tunnel " | " beet " ] "
650
.B (default=transport)
651
652
.ti -8
653
.IR LEVEL " := "
654
.RB " [ " required " | " use " ] "
655
.B (default=required)
656
657
.ti -8
658
.BR "ip xfrm monitor" " [ " all " | "
659
.IR LISTofOBJECTS " ] "
660
327
661
.in -8
328
662
.ad b
329
663
348
682
or
349
683
.B link
350
684
,enforce the protocol family to use. If the option is not present,
351
the protocol family is guessed from other arguments. If the rest
685
the protocol family is guessed from other arguments. If the rest
352
686
of the command line does not give enough information to guess the
353
687
family,
354
688
.B ip
379
713
.BR "\-o" , " \-oneline"
380
714
output each record on a single line, replacing line feeds
381
715
with the
382
.B '\'
383
character. This is convenient when you want to count records
716
.B '\e\'
717
character. This is convenient when you want to count records
384
718
with
385
719
.BR wc (1)
386
720
or to
404
738
.TP
405
739
.B address
406
740
- protocol (IP or IPv6) address on a device.
741
742
.TP
743
.B addrlabel
744
- label configuration for protocol address selection.
745
407
746
.TP
408
747
.B neighbour
409
748
- ARP or NDISC cache entry.
428
767
.B tunnel
429
768
- tunnel over IP.
430
769
770
.TP
771
.B xfrm
772
- framework for IPsec protocol.
773
431
774
.PP
432
775
The names of all objects may be written in full or
433
776
abbreviated form, f.e.
506
849
507
850
.TP
508
851
.BI txqueuelen " NUMBER"
509
.TP
852
.TP
510
853
.BI txqlen " NUMBER"
511
854
change the transmit queue length of the device.
512
855
513
856
.TP
514
857
.BI mtu " NUMBER"
515
change the
858
change the
516
859
.I MTU
517
860
of the device.
518
861
708
1051
also dumps all the deleted addresses in the format described in the
709
1052
previous subsection.
710
1053
1054
.SH ip addrlabel - protocol address label management.
1055
1056
IPv6 address label is used for address selection
1057
described in RFC 3484. Precedence is managed by userspace,
1058
and only label is stored in kernel.
1059
1060
.SS ip addrlabel add - add an address label
1061
the command adds an address label entry to the kernel.
1062
.TP
1063
.BI prefix " PREFIX"
1064
.TP
1065
.BI dev " DEV"
1066
the outgoing interface.
1067
.TP
1068
.BI label " NUMBER"
1069
the label for the prefix.
1070
0xffffffff is reserved.
1071
.SS ip addrlabel del - delete an address label
1072
the command deletes an address label entry in the kernel.
1073
.B Arguments:
1074
coincide with the arguments of
1075
.B ip addrlabel add
1076
but label is not required.
1077
.SS ip addrlabel list - list address labels
1078
the command show contents of address labels.
1079
.SS ip addrlabel flush - flush address labels
1080
the commoand flushes the contents of address labels and it does not restore default settings.
711
1081
.SH ip neighbour - neighbour/arp tables management.
712
1082
713
1083
.B neighbour
940
1310
tables identified by a number in the range from 1 to 255 or by
941
1311
name from the file
942
1312
.B /etc/iproute2/rt_tables
943
. By default all normal routes are inserted into the
1313
By default all normal routes are inserted into the
944
1314
.B main
945
1315
table (ID 254) and the kernel only uses this table when calculating routes.
946
1316
1072
1442
specified the units are raw values passed directly to the
1073
1443
routing code to maintain compatability with previous releases.
1074
1444
Otherwise if a suffix of s, sec or secs is used to specify
1075
seconds; ms, msec or msecs to specify milliseconds; us, usec
1076
or usecs to specify microseconds; ns, nsec or nsecs to specify
1077
nanoseconds; j, hz or jiffies to specify jiffies, the value is
1445
seconds; ms, msec or msecs to specify milliseconds; us, usec
1446
or usecs to specify microseconds; ns, nsec or nsecs to specify
1447
nanoseconds; j, hz or jiffies to specify jiffies, the value is
1078
1448
converted to what the routing code expects.
1079
1449
1080
1450
1081
1451
.TP
1082
1452
.BI rttvar " TIME " "(2.3.15+ only)"
1083
the initial RTT variance estimate. Values are specified as with
1453
the initial RTT variance estimate. Values are specified as with
1084
1454
.BI rtt
1085
1455
above.
1086
1456
1389
1759
1390
1760
.TP
1391
1761
.B connected
1392
if no source address
1762
if no source address
1393
1763
.RB "(option " from ")"
1394
1764
was given, relookup the route with the source set to the preferred
1395
1765
address received from the first lookup.
1568
1938
set
1569
1939
.I unique
1570
1940
priority value.
1941
The options preference and order are synonyms with priority.
1571
1942
1572
1943
.TP
1573
1944
.BI table " TABLEID"
1574
1945
the routing table identifier to lookup if the rule selector matches.
1946
It is also possible to use lookup instead of table.
1575
1947
1576
1948
.TP
1577
1949
.BI realms " FROM/TO"
1578
1950
Realms to select if the rule matched and the routing table lookup
1579
succeeded. Realm
1951
succeeded. Realm
1580
1952
.I TO
1581
1953
is only used if the route did not select any realm.
1582
1954
1583
1955
.TP
1584
1956
.BI nat " ADDRESS"
1585
1957
The base of the IP address block to translate (for source addresses).
1586
The
1958
The
1587
1959
.I ADDRESS
1588
1960
may be either the start of the block of NAT addresses (selected by NAT
1589
1961
routes) or a local host address (or even zero).
1590
1962
In the last case the router does not translate the packets, but
1591
1963
masquerades them to this address.
1964
Using map-to instead of nat means the same thing.
1592
1965
1593
1966
.B Warning:
1594
1967
Changes to the RPDB made with these commands do not become active
1601
1974
1602
1975
.SS ip rule show - list rules
1603
1976
This command has no arguments.
1977
The options list or lst are synonyms with show.
1604
1978
1605
1979
.SH ip maddress - multicast addresses management
1606
1980
1659
2033
1660
2034
.SH ip tunnel - tunnel configuration
1661
2035
.B tunnel
1662
objects are tunnels, encapsulating packets in IPv4 packets and then
2036
objects are tunnels, encapsulating packets in IP packets and then
1663
2037
sending them over the IP infrastructure.
2038
The encapulating (or outer) address family is specified by the
2039
.B -f
2040
option. The default is IPv4.
1664
2041
1665
2042
.SS ip tunnel add - add a new tunnel
1666
2043
.SS ip tunnel change - change an existing tunnel
1672
2049
1673
2050
.TP
1674
2051
.BI mode " MODE"
1675
set the tunnel mode. Three modes are currently available:
1676
.BR ipip ", " sit " and " gre "."
2052
set the tunnel mode. Available modes depend on the encapsulating address family.
2053
.br
2054
Modes for IPv4 encapsulation available:
2055
.BR ipip ", " sit ", " isatap " and " gre "."
2056
.br
2057
Modes for IPv6 encapsulation available:
2058
.BR ip6ip6 ", " ipip6 " and " any "."
1677
2059
1678
2060
.TP
1679
2061
.BI remote " ADDRESS"
1686
2068
1687
2069
.TP
1688
2070
.BI ttl " N"
1689
set a fixed TTL
2071
set a fixed TTL
1690
2072
.I N
1691
2073
on tunneled packets.
1692
2074
.I N
1693
2075
is a number in the range 1--255. 0 is a special value
1694
meaning that packets inherit the TTL value.
1695
The default value is:
2076
meaning that packets inherit the TTL value.
2077
The default value for IPv4 tunnels is:
1696
2078
.BR "inherit" .
2079
The default value for IPv6 tunnels is:
2080
.BR "64" .
2081
1697
2082
1698
2083
.TP
1699
2084
.BI tos " T"
1700
2085
.TP
1701
2086
.BI dsfield " T"
1702
set a fixed TOS
2087
.TP
2088
.BI tclass " T"
2089
set a fixed TOS (or traffic class in IPv6)
1703
2090
.I T
1704
2091
on tunneled packets.
1705
2092
The default value is:
1706
2093
.BR "inherit" .
1707
2094
1708
2095
.TP
1709
.BI dev " NAME"
2096
.BI dev " NAME"
1710
2097
bind the tunnel to the device
1711
2098
.I NAME
1712
2099
so that tunneled packets will only be routed via this device and will
1736
2123
The
1737
2124
.BR ikey " and " okey
1738
2125
parameters set different keys for input and output.
1739
2126
1740
2127
.TP
1741
2128
.BR csum ", " icsum ", " ocsum
1742
2129
.RB ( " only GRE tunnels " )
1743
2130
generate/require checksums for tunneled packets.
1744
The
2131
The
1745
2132
.B ocsum
1746
2133
flag calculates checksums for outgoing packets.
1747
2134
The
1764
2151
flag requires that all input packets are serialized.
1765
2152
The
1766
2153
.B seq
1767
flag is equivalent to the combination
2154
flag is equivalent to the combination
1768
2155
.BR "iseq oseq" .
1769
2156
.B It isn't work. Don't use it.
1770
2157
2158
.TP
2159
.RP
2160
.BI dscp inherit
2161
.RB ( " only IPv6 tunnels " )
2162
Inherit DS field between inner and outer header.
2163
2164
.TP
2165
.RP
2166
.BI encaplim " ELIM"
2167
.RB ( " only IPv6 tunnels " )
2168
set a fixed encapsulation limit. Default is 4.
2169
2170
.TP
2171
.RP
2172
.BI flowlabel " FLOWLABEL"
2173
.RB ( " only IPv6 tunnels " )
2174
set a fixed flowlabel.
2175
1771
2176
.SS ip tunnel show - list tunnels
1772
2177
This command has no arguments.
1773
2178
1821
2226
It prepends the history with the state snapshot dumped at the moment
1822
2227
of starting.
1823
2228
2229
.SH ip xfrm - setting xfrm
2230
xfrm is an IP framework, which can transform format of the datagrams,
2231
.br
2232
i.e. encrypt the packets with some algorithm. xfrm policy and xfrm state
2233
are associated through templates
2234
.IR TMPL_LIST "."
2235
This framework is used as a part of IPsec protocol.
2236
2237
.SS ip xfrm state add - add new state into xfrm
2238
2239
.SS ip xfrm state update - update existing xfrm state
2240
2241
.SS ip xfrm state allocspi - allocate SPI value
2242
2243
.TP
2244
.I MODE
2245
is set as default to
2246
.BR transport ","
2247
but it could be set to
2248
.BR tunnel "," ro " or " beet "."
2249
2250
.TP
2251
.I FLAG-LIST
2252
contains one or more flags.
2253
2254
.TP
2255
.I FLAG
2256
could be set to
2257
.BR noecn ", " decap-dscp " or " wildrecv "."
2258
2259
.TP
2260
.I ENCAP
2261
encapsulation is set to encapsulation type
2262
.IR ENCAP-TYPE ", source port " SPORT ", destination port " DPORT " and " OADDR "."
2263
2264
.TP
2265
.I ENCAP-TYPE
2266
could be set to
2267
.BR espinudp " or " espinudp-nonike "."
2268
2269
.TP
2270
.I ALGO-LIST
2271
contains one or more algorithms
2272
.I ALGO
2273
which depend on the type of algorithm set by
2274
.IR ALGO_TYPE "."
2275
It can be used these algoritms
2276
.BR enc ", " auth " or " comp "."
2277
2278
.SS ip xfrm policy add - add a new policy
2279
2280
.SS ip xfrm policy update - update an existing policy
2281
2282
.SS ip xfrm policy delete - delete existing policy
2283
2284
.SS ip xfrm policy get - get existing policy
2285
2286
.SS ip xfrm policy deleteall - delete all existing xfrm policy
2287
2288
.SS ip xfrm policy list - print out the list of xfrm policy
2289
2290
.SS ip xfrm policy flush - flush policies
2291
It can be flush
2292
.BR all
2293
policies or only those specified with
2294
.BR ptype "."
2295
2296
.TP
2297
.BI dir " DIR "
2298
directory could be one of these:
2299
.BR "inp", " out " or " fwd".
2300
2301
.TP
2302
.IR SELECTOR
2303
selects for which addresses will be set up the policy. The selector
2304
is defined by source and destination address.
2305
2306
.TP
2307
.IR UPSPEC
2308
is defined by source port
2309
.BR sport ", "
2310
destination port
2311
.BR dport ", " type
2312
as number and
2313
.B code
2314
also number.
2315
2316
.TP
2317
.BI dev " DEV "
2318
specify network device.
2319
2320
.TP
2321
.BI index " INDEX "
2322
the number of indexed policy.
2323
2324
.TP
2325
.BI ptype " PTYPE "
2326
type is set as default on
2327
.BR "main" ,
2328
could be switch on
2329
.BR "sub" .
2330
2331
.TP
2332
.BI action " ACTION "
2333
is set as default on
2334
.BR "allow".
2335
It could be switch on
2336
.BR "block".
2337
2338
.TP
2339
.BI priority " PRIORITY "
2340
priority is a number. Default priority is set on zero.
2341
2342
.TP
2343
.IR LIMIT-LIST
2344
limits are set in seconds, bytes or numbers of packets.
2345
2346
.TP
2347
.IR TMPL-LIST
2348
template list is based on
2349
.IR ID ","
2350
.BR mode ", " reqid " and " level ". "
2351
2352
.TP
2353
.IR ID
2354
is specified by source address, destination address,
2355
.I proto
2356
and value of
2357
.IR spi "."
2358
2359
.TP
2360
.IR XFRM_PROTO
2361
values:
2362
.BR esp ", " ah ", " comp ", " route2 " or " hao "."
2363
2364
.TP
2365
.IR MODE
2366
is set as default on
2367
.BR transport ","
2368
but it could be set on
2369
.BR tunnel " or " beet "."
2370
2371
.TP
2372
.IR LEVEL
2373
is set as default on
2374
.BR required
2375
and the other choice is
2376
.BR use "."
2377
2378
.TP
2379
.IR UPSPEC
2380
is specified by
2381
.BR sport ", "
2382
.BR dport ", " type
2383
and
2384
.B code
2385
(NUMBER).
2386
2387
.SS ip xfrm monitor - is used for listing all objects or defined group of them.
2388
The
2389
.B xfrm monitor
2390
can monitor the policies for all objects or defined group of them.
2391
1824
2392
.SH HISTORY
1825
2393
.B ip
1826
2394
was written by Alexey N. Kuznetsov and added in Linux 2.2.
Loggerhead is a web-based interface for Breezy
Version: 2.0.1