15
15
.IR OBJECT " := { "
16
.BR link " | " addr " | " route " | " rule " | " neigh " | " tunnel " | "\
17
maddr " | " mroute " | " monitor " }"
16
.BR link " | " addr " | " addrlabel " | " route " | " rule " | " neigh " | "\
17
tunnel " | " maddr " | " mroute " | " monitor " }"
22
22
\fB\-V\fR[\fIersion\fR] |
23
23
\fB\-s\fR[\fItatistics\fR] |
24
24
\fB\-r\fR[\fIesolve\fR] |
325
352
.BR "ip monitor" " [ " all " |"
326
353
.IR LISTofOBJECTS " ]"
357
.IR XFRM_OBJECT " { " COMMAND " }"
360
.IR XFRM_OBJECT " := { " state " | " policy " | " monitor " } "
363
.BR "ip xfrm state " { " add " | " update " } "
373
.RB " [ " replay-window
387
.BR "ip xfrm state allocspi "
401
.BR "ip xfrm state" " { " delete " | " get " } "
405
.BR "ip xfrm state" " { " deleteall " | " list " } [ "
416
.BR "ip xfrm state flush" " [ " proto
420
.BR "ip xfrm state count"
434
.IR XFRM_PROTO " := "
435
.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
439
.RB " [ " transport " | " tunnel " | " ro " | " beet " ] "
440
.B (default=transport)
444
.RI " [ " FLAG-LIST " ] " FLAG
448
.RB " [ " noecn " | " decap-dscp " | " wildrecv " ] "
451
.IR ENCAP " := " ENCAP-TYPE " " SPORT " " DPORT " " OADDR
454
.IR ENCAP-TYPE " := "
460
.IR ALGO-LIST " := [ "
461
.IR ALGO-LIST " ] | [ "
472
.RB " [ " enc " | " auth " | " comp " ] "
477
.IR ADDR "[/" PLEN "]"
479
.IR ADDR "[/" PLEN "]"
480
.RI " [ " UPSPEC " ] "
499
.IR LIMIT-LIST " := [ " LIMIT-LIST " ] |"
505
.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
507
.RB "[ ["byte-soft "|" byte-hard "]"
510
.RB " [ ["packet-soft "|" packet-hard "]"
514
.BR "ip xfrm policy" " { " add " | " update " } " " dir "
527
.RI " [ " LIMIT-LIST " ] [ "
531
.BR "ip xfrm policy" " { " delete " | " get " } " " dir "
532
.IR DIR " [ " SELECTOR " | "
541
.BR "ip xfrm policy" " { " deleteall " | " list " } "
554
.B "ip xfrm policy flush"
563
.RB " [ " main " | " sub " ] "
568
.RB " [ " in " | " out " | " fwd " ] "
573
.IR ADDR "[/" PLEN "]"
575
.IR ADDR "[/" PLEN] " [ " UPSPEC
595
.RB " [ " allow " | " block " ]"
599
.IR LIMIT-LIST " := "
601
.IR LIMIT-LIST " ] | "
607
.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]"
609
.RB " [ [" byte-soft "|" byte-hard "]"
612
.RB "[" packet-soft "|" packet-hard "]"
618
.IR TMPL-LIST " ] | "
644
.IR XFRM_PROTO " := "
645
.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] "
649
.RB " [ " transport " | " tunnel " | " beet " ] "
650
.B (default=transport)
654
.RB " [ " required " | " use " ] "
655
.B (default=required)
658
.BR "ip xfrm monitor" " [ " all " | "
659
.IR LISTofOBJECTS " ] "
708
1051
also dumps all the deleted addresses in the format described in the
709
1052
previous subsection.
1054
.SH ip addrlabel - protocol address label management.
1056
IPv6 address label is used for address selection
1057
described in RFC 3484. Precedence is managed by userspace,
1058
and only label is stored in kernel.
1060
.SS ip addrlabel add - add an address label
1061
the command adds an address label entry to the kernel.
1063
.BI prefix " PREFIX"
1066
the outgoing interface.
1069
the label for the prefix.
1070
0xffffffff is reserved.
1071
.SS ip addrlabel del - delete an address label
1072
the command deletes an address label entry in the kernel.
1074
coincide with the arguments of
1076
but label is not required.
1077
.SS ip addrlabel list - list address labels
1078
the command show contents of address labels.
1079
.SS ip addrlabel flush - flush address labels
1080
the commoand flushes the contents of address labels and it does not restore default settings.
711
1081
.SH ip neighbour - neighbour/arp tables management.
1072
1442
specified the units are raw values passed directly to the
1073
1443
routing code to maintain compatability with previous releases.
1074
1444
Otherwise if a suffix of s, sec or secs is used to specify
1075
seconds; ms, msec or msecs to specify milliseconds; us, usec
1076
or usecs to specify microseconds; ns, nsec or nsecs to specify
1077
nanoseconds; j, hz or jiffies to specify jiffies, the value is
1445
seconds; ms, msec or msecs to specify milliseconds; us, usec
1446
or usecs to specify microseconds; ns, nsec or nsecs to specify
1447
nanoseconds; j, hz or jiffies to specify jiffies, the value is
1078
1448
converted to what the routing code expects.
1082
1452
.BI rttvar " TIME " "(2.3.15+ only)"
1083
the initial RTT variance estimate. Values are specified as with
1453
the initial RTT variance estimate. Values are specified as with
1570
1940
priority value.
1941
The options preference and order are synonyms with priority.
1573
1944
.BI table " TABLEID"
1574
1945
the routing table identifier to lookup if the rule selector matches.
1946
It is also possible to use lookup instead of table.
1577
1949
.BI realms " FROM/TO"
1578
1950
Realms to select if the rule matched and the routing table lookup
1581
1953
is only used if the route did not select any realm.
1584
1956
.BI nat " ADDRESS"
1585
1957
The base of the IP address block to translate (for source addresses).
1588
1960
may be either the start of the block of NAT addresses (selected by NAT
1589
1961
routes) or a local host address (or even zero).
1590
1962
In the last case the router does not translate the packets, but
1591
1963
masquerades them to this address.
1964
Using map-to instead of nat means the same thing.
1594
1967
Changes to the RPDB made with these commands do not become active
1660
2034
.SH ip tunnel - tunnel configuration
1662
objects are tunnels, encapsulating packets in IPv4 packets and then
2036
objects are tunnels, encapsulating packets in IP packets and then
1663
2037
sending them over the IP infrastructure.
2038
The encapulating (or outer) address family is specified by the
2040
option. The default is IPv4.
1665
2042
.SS ip tunnel add - add a new tunnel
1666
2043
.SS ip tunnel change - change an existing tunnel
1674
2051
.BI mode " MODE"
1675
set the tunnel mode. Three modes are currently available:
1676
.BR ipip ", " sit " and " gre "."
2052
set the tunnel mode. Available modes depend on the encapsulating address family.
2054
Modes for IPv4 encapsulation available:
2055
.BR ipip ", " sit ", " isatap " and " gre "."
2057
Modes for IPv6 encapsulation available:
2058
.BR ip6ip6 ", " ipip6 " and " any "."
1679
2061
.BI remote " ADDRESS"
1691
2073
on tunneled packets.
1693
2075
is a number in the range 1--255. 0 is a special value
1694
meaning that packets inherit the TTL value.
1695
The default value is:
2076
meaning that packets inherit the TTL value.
2077
The default value for IPv4 tunnels is:
1696
2078
.BR "inherit" .
2079
The default value for IPv6 tunnels is:
1701
2086
.BI dsfield " T"
2089
set a fixed TOS (or traffic class in IPv6)
1704
2091
on tunneled packets.
1705
2092
The default value is:
1706
2093
.BR "inherit" .
1710
2097
bind the tunnel to the device
1712
2099
so that tunneled packets will only be routed via this device and will
1764
2151
flag requires that all input packets are serialized.
1767
flag is equivalent to the combination
2154
flag is equivalent to the combination
1768
2155
.BR "iseq oseq" .
1769
2156
.B It isn't work. Don't use it.
2161
.RB ( " only IPv6 tunnels " )
2162
Inherit DS field between inner and outer header.
2166
.BI encaplim " ELIM"
2167
.RB ( " only IPv6 tunnels " )
2168
set a fixed encapsulation limit. Default is 4.
2172
.BI flowlabel " FLOWLABEL"
2173
.RB ( " only IPv6 tunnels " )
2174
set a fixed flowlabel.
1771
2176
.SS ip tunnel show - list tunnels
1772
2177
This command has no arguments.
1821
2226
It prepends the history with the state snapshot dumped at the moment
2229
.SH ip xfrm - setting xfrm
2230
xfrm is an IP framework, which can transform format of the datagrams,
2232
i.e. encrypt the packets with some algorithm. xfrm policy and xfrm state
2233
are associated through templates
2235
This framework is used as a part of IPsec protocol.
2237
.SS ip xfrm state add - add new state into xfrm
2239
.SS ip xfrm state update - update existing xfrm state
2241
.SS ip xfrm state allocspi - allocate SPI value
2245
is set as default to
2247
but it could be set to
2248
.BR tunnel "," ro " or " beet "."
2252
contains one or more flags.
2257
.BR noecn ", " decap-dscp " or " wildrecv "."
2261
encapsulation is set to encapsulation type
2262
.IR ENCAP-TYPE ", source port " SPORT ", destination port " DPORT " and " OADDR "."
2267
.BR espinudp " or " espinudp-nonike "."
2271
contains one or more algorithms
2273
which depend on the type of algorithm set by
2275
It can be used these algoritms
2276
.BR enc ", " auth " or " comp "."
2278
.SS ip xfrm policy add - add a new policy
2280
.SS ip xfrm policy update - update an existing policy
2282
.SS ip xfrm policy delete - delete existing policy
2284
.SS ip xfrm policy get - get existing policy
2286
.SS ip xfrm policy deleteall - delete all existing xfrm policy
2288
.SS ip xfrm policy list - print out the list of xfrm policy
2290
.SS ip xfrm policy flush - flush policies
2293
policies or only those specified with
2298
directory could be one of these:
2299
.BR "inp", " out " or " fwd".
2303
selects for which addresses will be set up the policy. The selector
2304
is defined by source and destination address.
2308
is defined by source port
2318
specify network device.
2322
the number of indexed policy.
2326
type is set as default on
2332
.BI action " ACTION "
2333
is set as default on
2335
It could be switch on
2339
.BI priority " PRIORITY "
2340
priority is a number. Default priority is set on zero.
2344
limits are set in seconds, bytes or numbers of packets.
2348
template list is based on
2350
.BR mode ", " reqid " and " level ". "
2354
is specified by source address, destination address,
2362
.BR esp ", " ah ", " comp ", " route2 " or " hao "."
2366
is set as default on
2368
but it could be set on
2369
.BR tunnel " or " beet "."
2373
is set as default on
2375
and the other choice is
2387
.SS ip xfrm monitor - is used for listing all objects or defined group of them.
2390
can monitor the policies for all objects or defined group of them.
1826
2394
was written by Alexey N. Kuznetsov and added in Linux 2.2.