blob: 8d2d4f681344ed69454ea1956c59993594d9e791 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
.\" $OpenBSD: enc.4,v 1.12 2001/05/30 03:24:16 millert Exp $
.\"
.Dd October 7, 1999
.Dt ENC 4
.Os
.Sh NAME
.Nm enc
.Nd Encapsulating Interface
.Sh SYNOPSIS
.Cd "pseudo-device enc 4"
.Sh DESCRIPTION
.\"XXX - replace with ipfw when it is in-tree
.\"The
.\".Nm
.\"interface is a software loopback mechanism that allows hosts or
.\"firewalls to filter
.\".Xr ipsec 4
.\"traffic using
.\".Xr ipf 5 .
.\"The
.\".Xr vpn 8
.\"manpage shows an example of such a setup.
.\".Pp
.\"The other use of the
.\"XXX
The
.Nm
interface is a software loopback mechanism that allows an administrator
to see outgoing packets before they have been processed by
.Xr ipsec 4 ,
or incoming packets after they have been similarly processed, via
.Xr tcpdump 8 .
.Pp
The
.Dq enc0
interface inherits all IPsec traffic.
Thus all IPsec traffic can be filtered based on
.Dq enc0 ,
and all IPsec traffic could be seen by invoking
.Xr tcpdump 8
on the
.Dq enc0
interface.
.Sh EXAMPLES
To see all outgoing packets before they have been processed via
.Xr ipsec 4 ,
or all incoming packets after they have been similarly processed:
.Bd -literal
#> ifconfig enc0 up
#> tcpdump -i enc0
.Ed
.Sh SEE ALSO
.Xr tcpdump 8 ,
.Xr bpf 4 ,
.Xr inet 4 ,
.Xr ipsec 4 ,
.Xr netintro 4 ,
.\".Xr ipf 5 ,
.Xr vpn 8
|
