Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of IPSEC_TNCFG</TITLE>
</HEAD><BODY>
<H1>IPSEC_TNCFG</H1>
Section: File Formats (5)<BR>Updated: 27 Jun 2000<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>




<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

ipsec_tncfg - lists IPSEC virtual interfaces attached to real interfaces
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>ipsec</B>

<B>tncfg</B>

<P>

<B>cat</B>

<B>/proc/net/ipsec_tncfg</B>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>/proc/net/ipsec_tncfg</I>

is a read-only file which lists which IPSEC virtual interfaces are
attached to which real interfaces, through which packets will be
forwarded once processed by IPSEC.
<P>

Each line lists one ipsec I/F.
A table entry consists of:
<DL COMPACT>
<DT>+<DD>
an ipsec virtual I/F name
<DT>+<DD>
a visual and machine parsable separator '-&gt;', separatcation
<B>%default</B>

is a synonym for
<B>0.0.0.0/0</B>

or
<B>::/0</B>

in IPv4 or IPv6 respectively.
<P>

<I>Ttosubnet</I>

ANDs the mask with the address before returning,
so that any non-network bits in the address are turned off
(e.g.,
<B>10.1.2.3/24</B>

is synonymous with
<B>10.1.2.0/24</B>).

<I>Subnettot</I>

always generates the decimal-integer-bit-count
form of the mask,
with no leading zeros.
<P>

The
<I>srclen</I>

parameter of
<I>ttoaddr</I>

and
<I>ttosubnet</I>

specifies the length of the text string pointed to by
<I>src</I>;

it is an error for there to be anything else
(e.g., a terminating NUL) within that length.
As a convenience for cases where an entire NUL-terminated string is
to be converted,
a
<I>srclen</I>

value of
<B>0</B>

is taken to mean
<B>strlen(src)</B>.

<P>

The
<I>af</I>

parameter of
<I>ttoaddr</I>

and
<I>ttosubnet</I>

specifies the address family of interest.
It should be either
<B>AF_INET</B>

or
<B>AF_INET6</B>.

<P>

The
<I>dstlen</I>

parameter of
<I>addrtot</I>

and
<I>subnettot</I>

specifies the size of the
<I>dst</I>

parameter;
under no circumstances are more than
<I>dstlen</I>

bytes written to
<I>dst</I>.

A result which will not fit is truncated.
<I>Dstlen</I>

can be zero, in which case
<I>dst</I>

need not be valid and no result is written,
but the return value is unaffected;
in all other cases, the (possibly truncated) result is NUL-terminated.
The
<I>freeswan.h</I>

header file defines constants,
<B>ADDRTOT_BUF</B>

and
<B>SUBNETTOT_BUF</B>,

which are the sizes of buffers just large enough for worst-case results.
<P>

The
<I>format</I>

parameter of
<I>addrtot</I>

and
<I>subnettot</I>

specifies what format is to be used for the conversion.
The value
<B>0</B>

(not the character
<B>'0'</B>,

but a zero value)
specifies a reasonable default,
and is in fact the only format currently available in
<I>subnettot</I>.

<I>Addrtot</I>

also accepts format values
<B>'r'</B>

(signifying a text form suitable for DNS reverse lookups,
e.g.
<B>4.3.2.1.IN-ADDR.ARPA.</B>

for IPv4 and
RFC 2874 format for IPv6),
and
<B>'R'</B>

(signifying an alternate reverse-lookup form,
an error for IPv4 and RFC 1886 format for IPv6).
Reverse-lookup names always end with a ``.''.
<P>

The text-to-binary functions return NULL for success and
a pointer to a string-literal error message for failure;
see DIAGNOSTICS.
The binary-to-text functions return
<B>0</B>

for a failure, and otherwise
always return the size of buffer which would 
be needed to
accommodate the full conversion result, including terminating NUL;
it is the caller's responsibility to check this against the size of
the provided buf