xref: /freebsd/share/man/man4/enc.4 (revision bdea400f3ba20dd0ffcaef20d68912f7041d9eeb) 
1bdea400fSAndrew Thompson.\"	$OpenBSD: enc.4,v 1.22 2006/05/26 08:51:29 jmc Exp $
2bdea400fSAndrew Thompson.\"
3bdea400fSAndrew Thompson.\" Copyright (c) 1999 Angelos D. Keromytis
4bdea400fSAndrew Thompson.\" All rights reserved.
5bdea400fSAndrew Thompson.\"
6bdea400fSAndrew Thompson.\" Redistribution and use in source and binary forms, with or without
7bdea400fSAndrew Thompson.\" modification, are permitted provided that the following conditions
8bdea400fSAndrew Thompson.\" are met:
9bdea400fSAndrew Thompson.\"
10bdea400fSAndrew Thompson.\" 1. Redistributions of source code must retain the above copyright
11bdea400fSAndrew Thompson.\"    notice, this list of conditions and the following disclaimer.
12bdea400fSAndrew Thompson.\" 2. Redistributions in binary form must reproduce the above copyright
13bdea400fSAndrew Thompson.\"    notice, this list of conditions and the following disclaimer in the
14bdea400fSAndrew Thompson.\"    documentation and/or other materials provided with the distribution.
15bdea400fSAndrew Thompson.\" 3. All advertising materials mentioning features or use of this software
16bdea400fSAndrew Thompson.\"    must display the following acknowledgement:
17bdea400fSAndrew Thompson.\"	This product includes software developed by Angelos D. Keromytis.
18bdea400fSAndrew Thompson.\" 4. The name of the author may not be used to endorse or promote products
19bdea400fSAndrew Thompson.\"    derived from this software without specific prior written permission.
20bdea400fSAndrew Thompson.\"
21bdea400fSAndrew Thompson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22bdea400fSAndrew Thompson.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23bdea400fSAndrew Thompson.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24bdea400fSAndrew Thompson.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25bdea400fSAndrew Thompson.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26bdea400fSAndrew Thompson.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27bdea400fSAndrew Thompson.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28bdea400fSAndrew Thompson.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29bdea400fSAndrew Thompson.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30bdea400fSAndrew Thompson.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31bdea400fSAndrew Thompson.\"
32bdea400fSAndrew Thompson.\" $FreeBSD$
33bdea400fSAndrew Thompson.\"
34bdea400fSAndrew Thompson.Dd June 16, 2006
35bdea400fSAndrew Thompson.Dt ENC 4
36bdea400fSAndrew Thompson.Os
37bdea400fSAndrew Thompson.Sh NAME
38bdea400fSAndrew Thompson.Nm enc
39bdea400fSAndrew Thompson.Nd Encapsulating Interface
40bdea400fSAndrew Thompson.Sh SYNOPSIS
41bdea400fSAndrew Thompson.Cd "device enc"
42bdea400fSAndrew Thompson.Sh DESCRIPTION
43bdea400fSAndrew ThompsonThe
44bdea400fSAndrew Thompson.Nm
45bdea400fSAndrew Thompsoninterface is a software loopback mechanism that allows hosts or
46bdea400fSAndrew Thompsonfirewalls to filter
47bdea400fSAndrew Thompson.Xr fast_ipsec 4
48bdea400fSAndrew Thompsontraffic using any firewall package that hooks in via the
49bdea400fSAndrew Thompson.Xr pfil 9
50bdea400fSAndrew Thompsonframework.
51bdea400fSAndrew Thompson.Pp
52bdea400fSAndrew ThompsonThe
53bdea400fSAndrew Thompson.Nm
54bdea400fSAndrew Thompsoninterface allows an administrator
55bdea400fSAndrew Thompsonto see outgoing packets before they have been processed by
56bdea400fSAndrew Thompson.Xr fast_ipsec 4 ,
57bdea400fSAndrew Thompsonor incoming packets after they have been similarly processed, via
58bdea400fSAndrew Thompson.Xr tcpdump 8 .
59bdea400fSAndrew Thompson.Pp
60bdea400fSAndrew ThompsonThe
61bdea400fSAndrew Thompson.Dq enc0
62bdea400fSAndrew Thompsoninterface inherits all IPsec traffic.
63bdea400fSAndrew ThompsonThus all IPsec traffic can be filtered based on
64bdea400fSAndrew Thompson.Dq enc0 ,
65bdea400fSAndrew Thompsonand all IPsec traffic could be seen by invoking
66bdea400fSAndrew Thompson.Xr tcpdump 8
67bdea400fSAndrew Thompsonon the
68bdea400fSAndrew Thompson.Dq enc0
69bdea400fSAndrew Thompsoninterface.
70bdea400fSAndrew Thompson.Sh EXAMPLES
71bdea400fSAndrew ThompsonTo see all outgoing packets before they have been processed via
72bdea400fSAndrew Thompson.Xr fast_ipsec 4 ,
73bdea400fSAndrew Thompsonor all incoming packets after they have been similarly processed:
74bdea400fSAndrew Thompson.Pp
75bdea400fSAndrew Thompson.Dl # tcpdump -i enc0
76bdea400fSAndrew Thompson.Sh SEE ALSO
77bdea400fSAndrew Thompson.Xr bpf 4 ,
78bdea400fSAndrew Thompson.Xr fast_ipsec 4 ,
79bdea400fSAndrew Thompson.Xr ipf 4 ,
80bdea400fSAndrew Thompson.Xr ipfw 4 ,
81bdea400fSAndrew Thompson.Xr pf 4 ,
82bdea400fSAndrew Thompson.Xr tcpdump 8
83