Merge branch 'main' into next

[mirror_iproute2.git] / man / man8 / ip-xfrm.8

diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index a0bbef555f9bf520e2098d12f56cc57c8aa60924..4fa31651175529bf319d18898db0567533c273ea 100644 (file)
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -59,6 +59,10 @@ ip-xfrm \- transform configuration
 .IR CTX " ]"
 .RB "[ " extra-flag
 .IR EXTRA-FLAG-LIST " ]"
+.RB "[ " output-mark
+.IR OUTPUT-MARK " ]"
+.RB "[ " if_id
+.IR IF-ID " ]"
 
 .ti -8
 .B "ip xfrm state allocspi"
@@ -87,7 +91,7 @@ ip-xfrm \- transform configuration
 .IR MASK " ] ]"
 
 .ti -8
-.BR "ip xfrm state" " { " deleteall " | " list " } ["
+.BR ip " [ " -4 " | " -6 " ] " "xfrm state deleteall" " ["
 .IR ID " ]"
 .RB "[ " mode
 .IR MODE " ]"
@@ -96,6 +100,17 @@ ip-xfrm \- transform configuration
 .RB "[ " flag
 .IR FLAG-LIST " ]"
 
+.ti -8
+.BR ip " [ " -4 " | " -6 " ] " "xfrm state list" " ["
+.IR ID " ]"
+.RB "[ " nokeys " ]"
+.RB "[ " mode
+.IR MODE " ]"
+.RB "[ " reqid
+.IR REQID " ]"
+.RB "[ " flag
+.IR FLAG-LIST " ]"
+
 .ti -8
 .BR "ip xfrm state flush" " [ " proto
 .IR XFRM-PROTO " ]"
@@ -194,7 +209,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR ENCAP " :="
-.RB "{ " espinudp " | " espinudp-nonike " }"
+.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }"
 .IR SPORT " " DPORT " " OADDR
 
 .ti -8
@@ -202,7 +217,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR EXTRA-FLAG " := "
-.B dont-encap-dscp
+.BR dont-encap-dscp " | " oseq-may-wrap
 
 .ti -8
 .BR "ip xfrm policy" " { " add " | " update " }"
@@ -225,6 +240,8 @@ ip-xfrm \- transform configuration
 .IR PRIORITY " ]"
 .RB "[ " flag
 .IR FLAG-LIST " ]"
+.RB "[ " if_id
+.IR IF-ID " ]"
 .RI "[ " LIMIT-LIST " ] [ " TMPL-LIST " ]"
 
 .ti -8
@@ -242,9 +259,12 @@ ip-xfrm \- transform configuration
 .IR MASK " ] ]"
 .RB "[ " ptype
 .IR PTYPE " ]"
+.RB "[ " if_id
+.IR IF-ID " ]"
 
 .ti -8
-.BR "ip xfrm policy" " { " deleteall " | " list " }"
+.BR ip " [ " -4 " | " -6 " ] " "xfrm policy" " { " deleteall " | " list " }"
+.RB "[ " nosock " ]"
 .RI "[ " SELECTOR " ]"
 .RB "[ " dir
 .IR DIR " ]"
@@ -378,6 +398,8 @@ ip-xfrm \- transform configuration
 .BR "ip xfrm monitor" " ["
 .BI all-nsid
 ] [
+.BI nokeys
+] [
 .BI all
  |
 .IR LISTofXFRM-OBJECTS " ]"
@@ -532,10 +554,23 @@ sets limits in seconds, bytes, or numbers of packets.
 .TP
 .I ENCAP
 encapsulates packets with protocol
-.BR espinudp " or " espinudp-nonike ","
+.BR espinudp ", " espinudp-nonike ", or " espintcp ","
 .RI "using source port " SPORT ", destination port "  DPORT
 .RI ", and original address " OADDR "."
 
+.TP
+.I MARK
+used to match xfrm policies and states
+
+.TP
+.I OUTPUT-MARK
+used to set the output mark to influence the routing
+of the packets emitted by the state
+
+.TP
+.I IF-ID
+xfrm interface identifier used to in both xfrm policies and states
+
 .sp
 .PP
 .TS
@@ -549,6 +584,10 @@ ip xfrm policy list        print out the list of xfrm policies
 ip xfrm policy flush   flush policies
 .TE
 
+.TP
+.BR nosock
+filter (remove) all socket policies from the output.
+
 .TP
 .IR SELECTOR
 selects the traffic that will be controlled by the policy, based on the source