]> git.saurik.com Git - apple/ipsec.git/blame - ipsec-tools/setkey/setkey.8
ipsec-164.9.tar.gz
[apple/ipsec.git] / ipsec-tools / setkey / setkey.8
CommitLineData
52b7d2ce
A
1.\" $NetBSD: setkey.8,v 1.17 2005/09/15 08:42:09 wiz Exp $
2.\"
3.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the project nor the names of its contributors
15.\" may be used to endorse or promote products derived from this software
16.\" without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.Dd March 19, 2004
31.Dt SETKEY 8
32.Os
33.\"
34.Sh NAME
35.Nm setkey
36.Nd manually manipulate the IPsec SA/SP database
37.\"
38.Sh SYNOPSIS
39.Nm setkey
40.Op Fl knrv
41.Ar file ...
42.Nm setkey
43.Op Fl knrv
44.Fl c
45.Nm setkey
46.Op Fl krv
47.Fl f Ar filename
48.Nm setkey
49.Op Fl aklPrv
50.Fl D
51.Nm setkey
52.Op Fl Pvp
53.Fl F
54.Nm setkey
55.Op Fl H
56.Fl x
57.Nm setkey
58.Op Fl ?V
59.\"
60.Sh DESCRIPTION
61.Nm
62adds, updates, dumps, or flushes
63Security Association Database (SAD) entries
64as well as Security Policy Database (SPD) entries in the kernel.
65.Pp
66.Nm
67takes a series of operations from standard input
68.Po
69if invoked with
70.Fl c
71.Pc
72or the file named
73.Ar filename
74.Po
75if invoked with
76.Fl f Ar filename
77.Pc .
78.Bl -tag -width Ds
79.It (no flag)
80Dump the SAD entries or SPD entries contained in the specified
81.Ar file .
82.It Fl ?
83Print short help.
84.It Fl a
85.Nm
86usually does not display dead SAD entries with
87.Fl D .
88If
89.Fl a
90is also specified, the dead SAD entries will be displayed as well.
91A dead SAD entry is one that has expired but remains in the
92system because it is referenced by some SPD entries.
93.It Fl D
94Dump the SAD entries.
95If
96.Fl P
97is also specified, the SPD entries are dumped.
98If
99.Fl p
100is specified, the ports are displayed.
101.It Fl F
102Flush the SAD entries.
103If
104.Fl P
105is also specified, the SPD entries are flushed.
106.It Fl H
107Add hexadecimal dump in
108.Fl x
109mode.
110.It Fl h
111On
112.Nx ,
113synonym for
114.Fl H .
115On other systems, synonym for
116.Fl ? .
117.It Fl k
118Use semantics used in kernel.
119Available only in Linux.
120See also
121.Fl r .
122.It Fl l
123Loop forever with short output on
124.Fl D .
125.It Fl n
126No action.
127The program will check validity of the input, but no changes to
128the SPD will be made.
129.It Fl r
130Use semantics described in IPsec RFCs.
131This mode is default.
132For details see section
133.Sx RFC vs Linux kernel semantics .
134Available only in Linux.
135See also
136.Fl k .
137.It Fl x
138Loop forever and dump all the messages transmitted to the
139.Dv PF_KEY
140socket.
141.Fl xx
142prints the unformatted timestamps.
143.It Fl V
144Print version string.
145.It Fl v
146Be verbose.
147The program will dump messages exchanged on the
148.Dv PF_KEY
149socket, including messages sent from other processes to the kernel.
150.El
151.Ss Configuration syntax
152With
153.Fl c
154or
155.Fl f
156on the command line,
157.Nm
158accepts the following configuration syntax.
159Lines starting with hash signs
160.Pq Sq #
161are treated as comment lines.
162.Bl -tag -width Ds
163.It Xo
164.Li add
165.Op Fl 46n
166.Ar src Ar dst Ar protocol Ar spi
167.Op Ar extensions
168.Ar algorithm ...
169.Li ;
170.Xc
171Add an SAD entry.
172.Li add
173can fail for multiple reasons, including when the key length does
174not match the specified algorithm.
175.\"
176.It Xo
177.Li get
178.Op Fl 46n
179.Ar src Ar dst Ar protocol Ar spi
180.Li ;
181.Xc
182Show an SAD entry.
183.\"
184.It Xo
185.Li delete
186.Op Fl 46n
187.Ar src Ar dst Ar protocol Ar spi
188.Li ;
189.Xc
190Remove an SAD entry.
191.\"
192.It Xo
193.Li deleteall
194.Op Fl 46n
195.Ar src Ar dst Ar protocol
196.Li ;
197.Xc
198Remove all SAD entries that match the specification.
199.\"
200.It Xo
201.Li flush
202.Op Ar protocol
203.Li ;
204.Xc
205Clear all SAD entries matched by the options.
206.Fl F
207on the command line achieves the same functionality.
208.\"
209.It Xo
210.Li dump
211.Op Ar protocol
212.Li ;
213.Xc
214Dumps all SAD entries matched by the options.
215.Fl D
216on the command line achieves the same functionality.
217.\"
218.It Xo
219.Li spdadd
220.Op Fl 46n
221.Ar src_range Ar dst_range Ar upperspec Ar policy
222.Li ;
223.Xc
224Add an SPD entry.
225.\"
226.It Xo
227.Li spdadd tagged
228.Ar tag Ar policy
229.Li ;
230.Xc
231Add an SPD entry based on a PF tag.
232.Ar tag
233must be a string surrounded by double quotes.
234.\"
235.It Xo
236.Li spddelete
237.Op Fl 46n
238.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
239.Li ;
240.Xc
241Delete an SPD entry.
242.\"
243.It Xo
244.Li spdflush
245.Li ;
246.Xc
247Clear all SPD entries.
248.Fl FP
249on the command line achieves the same functionality.
250.\"
251.It Xo
252.Li spddump
253.Li ;
254.Xc
255Dumps all SPD entries.
256.Fl DP
257on the command line achieves the same functionality.
258.El
259.\"
260.Pp
261Meta-arguments are as follows:
262.Pp
263.Bl -tag -compact -width Ds
264.It Ar src
265.It Ar dst
266Source/destination of the secure communication is specified as
267an IPv4/v6 address, and an optional port number between square
268brackets.
269.Nm
270can resolve a FQDN into numeric addresses.
271If the FQDN resolves into multiple addresses,
272.Nm
273will install multiple SAD/SPD entries into the kernel
274by trying all possible combinations.
275.Fl 4 ,
276.Fl 6 ,
277and
278.Fl n
279restrict the address resolution of FQDN in certain ways.
280.Fl 4
281and
282.Fl 6
283restrict results into IPv4/v6 addresses only, respectively.
284.Fl n
285avoids FQDN resolution and requires addresses to be numeric addresses.
286.\"
287.Pp
288.It Ar protocol
289.Ar protocol
290is one of following:
291.Bl -tag -width Fl -compact
292.It Li esp
293ESP based on rfc2406
294.It Li esp-old
295ESP based on rfc1827
296.It Li ah
297AH based on rfc2402
298.It Li ah-old
299AH based on rfc1826
300.It Li ipcomp
301IPComp
302.It Li tcp
303TCP-MD5 based on rfc2385
304.El
305.\"
306.Pp
307.It Ar spi
308Security Parameter Index
309.Pq SPI
310for the SAD and the SPD.
311.Ar spi
312must be a decimal number, or a hexadecimal number with a
313.Dq Li 0x
314prefix.
315SPI values between 0 and 255 are reserved for future use by IANA
316and cannot be used.
317TCP-MD5 associations must use 0x1000 and therefore only have per-host
318granularity at this time.
319.\"
320.Pp
321.It Ar extensions
322take some of the following:
323.Bl -tag -width Fl -compact
324.\"
325.It Fl m Ar mode
326Specify a security protocol mode for use.
327.Ar mode
328is one of following:
329.Li transport , tunnel ,
330or
331.Li any .
332The default value is
333.Li any .
334.\"
335.It Fl r Ar size
336Specify window size of bytes for replay prevention.
337.Ar size
338must be decimal number in 32-bit word.
339If
340.Ar size
341is zero or not specified, replay checks don't take place.
342.\"
343.It Fl u Ar id
344Specify the identifier of the policy entry in the SPD.
345See
346.Ar policy .
347.\"
348.It Fl f Ar pad_option
349defines the content of the ESP padding.
350.Ar pad_option
351is one of following:
352.Bl -tag -width random-pad -compact
353.It Li zero-pad
354All the paddings are zero.
355.It Li random-pad
356A series of randomized values are used.
357.It Li seq-pad
358A series of sequential increasing numbers started from 1 are used.
359.El
360.\"
361.It Fl f Li nocyclic-seq
362Don't allow cyclic sequence numbers.
363.\"
364.It Fl lh Ar time
365.It Fl ls Ar time
366Specify hard/soft life time duration of the SA measured in seconds.
367.\"
368.It Fl bh Ar bytes
369.It Fl bs Ar bytes
370Specify hard/soft life time duration of the SA measured in bytes transported.
371.El
372.\"
373.Pp
374.It Ar algorithm
375.Bl -tag -width Fl -compact
376.It Fl E Ar ealgo Ar key
377Specify an encryption algorithm
378.Ar ealgo
379for ESP.
380.It Xo
381.Fl E Ar ealgo Ar key
382.Fl A Ar aalgo Ar key
383.Xc
384Specify an encryption algorithm
385.Ar ealgo ,
386as well as a payload authentication algorithm
387.Ar aalgo ,
388for ESP.
389.It Fl A Ar aalgo Ar key
390Specify an authentication algorithm for AH.
391.It Fl C Ar calgo Op Fl R
392Specify a compression algorithm for IPComp.
393If
394.Fl R
395is specified, the
396.Ar spi
397field value will be used as the IPComp CPI
398.Pq compression parameter index
399on wire as-is.
400If
401.Fl R
402is not specified,
403the kernel will use well-known CPI on wire, and
404.Ar spi
405field will be used only as an index for kernel internal usage.
406.El
407.Pp
408.Ar key
409must be a double-quoted character string, or a series of hexadecimal
410digits preceded by
411.Dq Li 0x .
412.Pp
413Possible values for
414.Ar ealgo ,
415.Ar aalgo ,
416and
417.Ar calgo
418are specified in the
419.Sx Algorithms
420sections.
421.\"
422.Pp
423.It Ar src_range
424.It Ar dst_range
425These select the communications that should be secured by IPsec.
426They can be an IPv4/v6 address or an IPv4/v6 address range, and
427may be accompanied by a TCP/UDP port specification.
428This takes the following form:
429.Bd -literal -offset
430.Ar address
431.Ar address/prefixlen
432.Ar address[port]
433.Ar address/prefixlen[port]
434.Ed
435.Pp
436.Ar prefixlen
437and
438.Ar port
439must be decimal numbers.
440The square brackets around
441.Ar port
442are really necessary,
443they are not man page meta-characters.
444For FQDN resolution, the rules applicable to
445.Ar src
446and
447.Ar dst
448apply here as well.
449.\"
450.Pp
451.It Ar upperspec
452Upper-layer protocol to be used.
453You can use one of the words in
454.Pa /etc/protocols
455as
456.Ar upperspec ,
457or
458.Li icmp6 ,
459.Li ip4 ,
460or
461.Li any .
462.Li any
463stands for
464.Dq any protocol .
465You can also use the protocol number.
466You can specify a type and/or a code of ICMPv6 when the
467upper-layer protocol is ICMPv6.
468The specification can be placed after
469.Li icmp6 .
470A type is separated from a code by single comma.
471A code must always be specified.
472When a zero is specified, the kernel deals with it as a wildcard.
473Note that the kernel can not distinguish a wildcard from an ICPMv6
474type of zero.
475For example, the following means that the policy doesn't require IPsec
476for any inbound Neighbor Solicitation.
477.Dl spdadd ::/0 ::/0 icmp6 135,0 -P in none ;
478.Pp
479.Em Note :
480.Ar upperspec
481does not work against forwarding case at this moment,
482as it requires extra reassembly at the forwarding node
483.Pq not implemented at this moment .
484There are many protocols in
485.Pa /etc/protocols ,
486but all protocols except of TCP, UDP, and ICMP may not be suitable
487to use with IPsec.
488You have to consider carefully what to use.
489.\"
490.Pp
491.It Ar policy
492.Ar policy
493is in one of the following three formats:
494.Bd -literal -offset indent
495.It Fl P Ar direction [priority specification] Li discard
496.It Fl P Ar direction [priority specification] Li none
497.It Xo Fl P Ar direction [priority specification] Li ipsec
498.Ar protocol/mode/src-dst/level Op ...
499.Xc
500.Ed
501.Pp
502You must specify the direction of its policy as
503.Ar direction .
504Either
505.Ar out ,
506.Ar in ,
507or
508.Ar fwd
509can be used.
510.Pp
511.Ar priority specification
512is used to control the placement of the policy within the SPD.
513Policy position is determined by
514a signed integer where higher priorities indicate the policy is placed
515closer to the beginning of the list and lower priorities indicate the
516policy is placed closer to the end of the list.
517Policies with equal priorities are added at the end of groups
518of such policies.
519.Pp
520Priority can only
521be specified when setkey has been compiled against kernel headers that
522support policy priorities (Linux \*[Gt]= 2.6.6).
523If the kernel does not support priorities, a warning message will
524be printed the first time a priority specification is used.
525Policy priority takes one of the following formats:
526.Bl -tag -width "discard"
527.It Xo
528.Ar {priority,prio} offset
529.Xc
530.Ar offset
531is an integer in the range from \-2147483647 to 214783648.
532.It Xo
533.Ar {priority,prio} base {+,\-} offset
534.Xc
535.Ar base
536is either
537.Li low (\-1073741824) ,
538.Li def (0) ,
539or
540.Li high (1073741824)
541.Pp
542.Ar offset
543is an unsigned integer.
544It can be up to 1073741824 for
545positive offsets, and up to 1073741823 for negative offsets.
546.El
547.Pp
548.Li discard
549means the packet matching indexes will be discarded.
550.Li none
551means that IPsec operation will not take place onto the packet.
552.Li ipsec
553means that IPsec operation will take place onto the packet.
554.Pp
555The
556.Ar protocol/mode/src-dst/level
557part specifies the rule how to process the packet.
558Either
559.Li ah ,
560.Li esp ,
561or
562.Li ipcomp
563must be used as
564.Ar protocol .
565.Ar mode
566is either
567.Li transport
568or
569.Li tunnel .
570If
571.Ar mode
572is
573.Li tunnel ,
574you must specify the end-point addresses of the SA as
575.Ar src
576and
577.Ar dst
578with
579.Sq -
580between these addresses, which is used to specify the SA to use.
581If
582.Ar mode
583is
584.Li transport ,
585both
586.Ar src
587and
588.Ar dst
589can be omitted.
590.Ar level
591is to be one of the following:
592.Li default , use , require ,
593or
594.Li unique .
595If the SA is not available in every level, the kernel will
596ask the key exchange daemon to establish a suitable SA.
597.Li default
598means the kernel consults the system wide default for the protocol
599you specified, e.g. the
600.Li esp_trans_deflev
601sysctl variable, when the kernel processes the packet.
602.Li use
603means that the kernel uses an SA if it's available,
604otherwise the kernel keeps normal operation.
605.Li require
606means SA is required whenever the kernel sends a packet matched
607with the policy.
608.Li unique
609is the same as
610.Li require ;
611in addition, it allows the policy to match the unique out-bound SA.
612You just specify the policy level
613.Li unique ,
614.Xr racoon 8
615will configure the SA for the policy.
616If you configure the SA by manual keying for that policy,
617you can put a decimal number as the policy identifier after
618.Li unique
619separated by a colon
620.Sq \&:
621like:
622.Li unique:number
623in order to bind this policy to the SA.
624.Li number
625must be between 1 and 32767.
626It corresponds to
627.Ar extensions Fl u
628of the manual SA configuration.
629When you want to use SA bundle, you can define multiple rules.
630For example, if an IP header was followed by an AH header followed
631by an ESP header followed by an upper layer protocol header, the
632rule would be:
633.Dl esp/transport//require ah/transport//require ;
634The rule order is very important.
635.Pp
636When NAT-T is enabled in the kernel, policy matching for ESP over
637UDP packets may be done on endpoint addresses and port
638(this depends on the system.
639System that do not perform the port check cannot support
640multiple endpoints behind the same NAT).
641When using ESP over UDP, you can specify port numbers in the endpoint
642addresses to get the correct matching.
643Here is an example:
644.Bd -literal -offset
645spdadd 10.0.11.0/24[any] 10.0.11.33/32[any] any -P out ipsec
646 esp/tunnel/192.168.0.1[4500]-192.168.1.2[30000]/require ;
647
648.Ed
649These ports must be left unspecified (which defaults to 0) for
650anything other than ESP over UDP.
651They can be displayed in SPD dump using
652.Nm
653.Fl DPp .
654.Pp
655Note that
656.Dq Li discard
657and
658.Dq Li none
659are not in the syntax described in
660.Xr ipsec_set_policy 3 .
661There are a few differences in the syntax.
662See
663.Xr ipsec_set_policy 3
664for detail.
665.El
666.\"
667.Ss Algorithms
668The following list shows the supported algorithms.
669.Sy protocol
670and
671.Sy algorithm
672are almost orthogonal.
673These authentication algorithms can be used as
674.Ar aalgo
675in
676.Fl A Ar aalgo
677of the
678.Ar protocol
679parameter:
680.Pp
681.Bd -literal -offset indent
682algorithm keylen (bits)
683hmac-md5 128 ah: rfc2403
684 128 ah-old: rfc2085
685hmac-sha1 160 ah: rfc2404
686 160 ah-old: 128bit ICV (no document)
687keyed-md5 128 ah: 96bit ICV (no document)
688 128 ah-old: rfc1828
689keyed-sha1 160 ah: 96bit ICV (no document)
690 160 ah-old: 128bit ICV (no document)
691null 0 to 2048 for debugging
692hmac-sha256 256 ah: 96bit ICV
693 (draft-ietf-ipsec-ciph-sha-256-00)
694 256 ah-old: 128bit ICV (no document)
695hmac-sha384 384 ah: 96bit ICV (no document)
696 384 ah-old: 128bit ICV (no document)
697hmac-sha512 512 ah: 96bit ICV (no document)
698 512 ah-old: 128bit ICV (no document)
699hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
700 ah-old: 128bit ICV (no document)
701aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
702 128 ah-old: 128bit ICV (no document)
703tcp-md5 8 to 640 tcp: rfc2385
704.Ed
705.Pp
706These encryption algorithms can be used as
707.Ar ealgo
708in
709.Fl E Ar ealgo
710of the
711.Ar protocol
712parameter:
713.Pp
714.Bd -literal -offset indent
715algorithm keylen (bits)
716des-cbc 64 esp-old: rfc1829, esp: rfc2405
7173des-cbc 192 rfc2451
718null 0 to 2048 rfc2410
719blowfish-cbc 40 to 448 rfc2451
720cast128-cbc 40 to 128 rfc2451
721des-deriv 64 ipsec-ciph-des-derived-01
7223des-deriv 192 no document
723rijndael-cbc 128/192/256 rfc3602
724twofish-cbc 0 to 256 draft-ietf-ipsec-ciph-aes-cbc-01
725aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
726.Ed
727.Pp
728Note that the first 128 bits of a key for
729.Li aes-ctr
730will be used as AES key, and the remaining 32 bits will be used as nonce.
731.Pp
732These compression algorithms can be used as
733.Ar calgo
734in
735.Fl C Ar calgo
736of the
737.Ar protocol
738parameter:
739.Pp
740.Bd -literal -offset indent
741algorithm
742deflate rfc2394
743.Ed
744.\"
745.Ss RFC vs Linux kernel semantics
746The Linux kernel uses the
747.Ar fwd
748policy instead of the
749.Ar in
750policy for packets what are forwarded through that particular box.
751.Pp
752In
753.Ar kernel
754mode,
755.Nm
756manages and shows policies and SAs exactly as they are stored in the kernel.
757.Pp
758In
759.Ar RFC
760mode,
761.Nm
762.Bl -item
763.It
764creates
765.Ar fwd
766policies for every
767.Ar in
768policy inserted
769.It
770(not implemented yet) filters out all
771.Ar fwd
772policies
773.El
774.Sh RETURN VALUES
775The command exits with 0 on success, and non-zero on errors.
776.\"
777.Sh EXAMPLES
778.Bd -literal -offset
779add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
780 -E des-cbc 0x3ffe05014819ffff ;
781
782add -6 myhost.example.com yourhost.example.com ah 123456
783 -A hmac-sha1 "AH SA configuration!" ;
784
785add 10.0.11.41 10.0.11.33 esp 0x10001
786 -E des-cbc 0x3ffe05014819ffff
787 -A hmac-md5 "authentication!!" ;
788
789get 3ffe:501:4819::1 3ffe:501:481d::1 ah 123456 ;
790
791flush ;
792
793dump esp ;
794
795spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
796 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
797
798add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
799.Ed
800.\"
801.Sh SEE ALSO
802.Xr ipsec_set_policy 3 ,
803.Xr racoon 8 ,
804.Xr sysctl 8
805.Rs
806.%T "Changed manual key configuration for IPsec"
807.%O "http://www.kame.net/newsletter/19991007/"
808.%D "October 1999"
809.Re
810.\"
811.Sh HISTORY
812The
813.Nm
814command first appeared in the WIDE Hydrangea IPv6 protocol stack
815kit.
816The command was completely re-designed in June 1998.
817.\"
818.Sh BUGS
819.Nm
820should report and handle syntax errors better.
821.Pp
822For IPsec gateway configuration,
823.Ar src_range
824and
825.Ar dst_range
826with TCP/UDP port numbers does not work, as the gateway does not
827reassemble packets
828.Pq it cannot inspect upper-layer headers .