ipsec_policy

Langue: en

Version: 2010-09-27 (fedora - 01/12/10)

Section: 8 (Commandes administrateur)

Sommaire

NAME

ipsec_policy - show ipsec policy information

SYNOPSIS

     # detect what stack is used
     ipsec policy --detect-stack
 
     # display policy information
     ipsec policy [ --all | [ --inbound | --outbound | --forward ] ] \
                  [ --stack=name ] [ --read=file ] [ --debug ]
 
     # provide usage information
     ipsec policy --usage
     ipsec policy --help

DESCRIPTION

policy displays the incoming, outgoing, and forwarding packet policies of the system. It is a wrapper around eixsting klips and netkey data, but presented in a less terse form.

OPTIONS

--detect-stack
Only display the stack that Openswan is using. Possible results are.
klips
KLIPS is the Openswan ipsec kernel module. This stack type indicates that KLIPS is not running in mast mode (see next option), but rather in the default mode. In this mode, KLIPS outgoing packet policy is dicated by eroutes. See the ipsec_eroute man page for further details.
mast
This is a mode of the Openswan ipsec kernel module, KLIPS. In this mode outgoing packet routing policies are dictated by iptalbles, and Linux kernel policy routing. This mode is selected by using "protostack=mast" setting in ipsec.conf.
netkey
This stack indicates that Openswan is controlling the Linux kernel built-in ipsec functionally.
--all
Show inbound, outbound, and forward policites. This is the default.
--inbound --in
Show only inbound policy.
--outbound --out
Show only outbound policy.
--forward --fwd
Show only forward policy.
--stack=<name>
Skip autodetection and force read policy from this stack. See help on --detect-stack (above) for valid options and their descriptions.
--read=<file>
This option overrides what file would be read to gather the policy information. It could be used to read policy information from a snapshot obtained from a running system.

In the case of the klips or mast stack, this file is the output of the /proc/net/ipsec/spi/all file.

--help
Output help.
--debug
Output debug info.

FILES

    /proc/net/ipsec/spi/all

SEE ALSO

ipsec(8), ipsec_eroute(8), ipsec_manual(8)

HISTORY

Designed for the Openswan project <http://www.openswan.org> by Bart Trojanowski.

BUGS

Does not support netkey yet.