ipsec_policy(8) Openswan IPSec ipsec_policy(8)NAMEipsec_policy - show ipsec policy information
SYNOPSIS
# detect what stack is used
ipsec policy --detect-stack
# display policy information
ipsec policy [ --all | [ --inbound | --outbound | --forward ] ] \
[ --stack=name ] [ --read=file ] [ --debug ]
# provide usage information
ipsec policy --usage
ipsec policy --help
DESCRIPTION
policy displays the incoming, outgoing, and forwarding packet policies
of the system. It is a wrapper around eixsting klips and netkey data,
but presented in a less terse form.
OPTIONS--detect-stack
Only display the stack that Openswan is using. Possible results
are.
klips
KLIPS is the Openswan ipsec kernel module. This stack type
indicates that KLIPS is not running in mast mode (see next
option), but rather in the default mode. In this mode, KLIPS
outgoing packet policy is dicated by eroutes. See the
ipsec_eroute man page for further details.
mast
This is a mode of the Openswan ipsec kernel module, KLIPS. In
this mode outgoing packet routing policies are dictated by
iptalbles, and Linux kernel policy routing. This mode is
selected by using "protostack=mast" setting in ipsec.conf.
netkey
This stack indicates that Openswan is controlling the Linux
kernel built-in ipsec functionally.
--all
Show inbound, outbound, and forward policites. This is the
default.
--inbound --in
Show only inbound policy.
--outbound --out
Show only outbound policy.
--forward --fwd
Show only forward policy.
--stack=<name>
Skip autodetection and force read policy from this stack. See help
on --detect-stack (above) for valid options and their descriptions.
--read=<file>
This option overrides what file would be read to gather the policy
information. It could be used to read policy information from a
snapshot obtained from a running system.
In the case of the klips or mast stack, this file is the output of
the /proc/net/ipsec/spi/all file.
--help
Output help.
--debug
Output debug info.
FILES
/proc/net/ipsec/spi/all
SEE ALSOipsec(8), ipsec_eroute(8), ipsec_manual(8)HISTORY
Designed for the Openswan project <http://www.openswan.org> by Bart
Trojanowski.
BUGS
Does not support netkey yet.
2.6.32 2010-12-17 ipsec_policy(8)