blob: 457c08caebbaafe0da678311ee0ce73ff7fd80da (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
.\" $OpenBSD: enc.4,v 1.14 2001/06/26 23:24:11 angelos Exp $
.\"
.Dd October 7, 1999
.Dt ENC 4
.Os
.Sh NAME
.Nm enc
.Nd Encapsulating Interface
.Sh SYNOPSIS
.Cd "pseudo-device enc 4"
.Sh DESCRIPTION
The
.Nm
interface is a software loopback mechanism that allows hosts or
firewalls to filter
.Xr ipsec 4
traffic using
.Xr pf 4 .
The
.Xr vpn 8
manpage shows an example of such a setup.
.Pp
The
.Nm
interface is a software loopback mechanism that allows an administrator
to see outgoing packets before they have been processed by
.Xr ipsec 4 ,
or incoming packets after they have been similarly processed, via
.Xr tcpdump 8 .
.Pp
The
.Dq enc0
interface inherits all IPsec traffic.
Thus all IPsec traffic can be filtered based on
.Dq enc0 ,
and all IPsec traffic could be seen by invoking
.Xr tcpdump 8
on the
.Dq enc0
interface.
.Sh EXAMPLES
To see all outgoing packets before they have been processed via
.Xr ipsec 4 ,
or all incoming packets after they have been similarly processed:
.Bd -literal
#> ifconfig enc0 up
#> tcpdump -i enc0
.Ed
.Sh SEE ALSO
.Xr bpf 4 ,
.Xr inet 4 ,
.Xr ipsec 4 ,
.Xr netintro 4 ,
.Xr pf 4 ,
.Xr tcpdump 8 ,
.Xr vpn 8
|
