{"id":3211,"date":"2022-12-20T16:43:50","date_gmt":"2022-12-20T19:43:50","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/ipxfrm-man8\/"},"modified":"2022-12-20T16:43:50","modified_gmt":"2022-12-20T19:43:50","slug":"ipxfrm-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/ipxfrm-man8\/","title":{"rendered":"IP−XFRM (man8)"},"content":{"rendered":"

IP\u2212XFRM<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

ip-xfrm \u2212 transform configuration<\/p>\n

SYNOPSIS <\/a> <\/h2>\n

ip<\/b> [ OPTIONS<\/i> ] xfrm<\/b> { COMMAND<\/i> | help<\/b> }<\/p>\n

ip xfrm<\/b> XFRM-OBJECT<\/i> { COMMAND<\/i> | help<\/b> }<\/p>\n

XFRM-OBJECT<\/i> := state<\/b> | policy<\/b> | monitor<\/b><\/p>\n

ip xfrm state<\/b> { add<\/b> | update<\/b> } ID<\/i> [ ALGO-LIST<\/i> ] [ mode<\/b> MODE<\/i> ] [ mark<\/b> MARK<\/i> [ mask<\/b> MASK<\/i> ] ] [ reqid<\/b> REQID<\/i> ] [ seq<\/b> SEQ<\/i> ] [ replay-window<\/b> SIZE<\/i> ] [ replay-seq<\/b> SEQ<\/i> ] [ replay-oseq<\/b> SEQ<\/i> ] [ replay-seq-hi<\/b> SEQ<\/i> ] [ replay-oseq-hi<\/b> SEQ<\/i> ] [ flag<\/b> FLAG-LIST<\/i> ] [ sel<\/b> SELECTOR<\/i> ] [ LIMIT-LIST<\/i> ] [ encap<\/b> ENCAP<\/i> ] [ coa<\/b> ADDR<\/i>[\/PLEN<\/i>] ] [ ctx<\/b> CTX<\/i> ] [ extra-flag<\/b> EXTRA-FLAG-LIST<\/i> ] [ output-mark<\/b> OUTPUT-MARK<\/i> [ mask<\/b> MASK<\/i> ] ] [ if_id<\/b> IF-ID<\/i> ] [ tfcpad<\/b> LENGTH<\/i> ]<\/p>\n

ip xfrm state allocspi<\/b> ID<\/i> [ mode<\/b> MODE<\/i> ] [ mark<\/b> MARK<\/i> [ mask<\/b> MASK<\/i> ] ] [ reqid<\/b> REQID<\/i> ] [ seq<\/b> SEQ<\/i> ] [ min<\/b> SPI<\/i> max<\/b> SPI<\/i> ]<\/p>\n

ip xfrm state<\/b> { delete<\/b> | get<\/b> } ID<\/i> [ mark<\/b> MARK<\/i> [ mask<\/b> MASK<\/i> ] ]<\/p>\n

ip<\/b> [ -4<\/b> | -6<\/b> ] xfrm state deleteall<\/b> [ ID<\/i> ] [ mode<\/b> MODE<\/i> ] [ reqid<\/b> REQID<\/i> ] [ flag<\/b> FLAG-LIST<\/i> ]<\/p>\n

ip<\/b> [ -4<\/b> | -6<\/b> ] xfrm state list<\/b> [ ID<\/i> ] [ nokeys<\/b> ] [ mode<\/b> MODE<\/i> ] [ reqid<\/b> REQID<\/i> ] [ flag<\/b> FLAG-LIST<\/i> ]<\/p>\n

ip xfrm state flush<\/b> [ proto<\/b> XFRM-PROTO<\/i> ]<\/p>\n

ip xfrm state count<\/b><\/p>\n

ID<\/i> := [ src<\/b> ADDR<\/i> ] [ dst<\/b> ADDR<\/i> ] [ proto<\/b> XFRM-PROTO<\/i> ] [ spi<\/b> SPI<\/i> ]<\/p>\n

XFRM-PROTO<\/i> := esp<\/b> | ah<\/b> | comp<\/b> | route2<\/b> | hao<\/b><\/p>\n

ALGO-LIST<\/i> := [ ALGO-LIST<\/i> ] ALGO<\/i><\/p>\n

ALGO<\/i> := { enc<\/b> | auth<\/b> } ALGO-NAME ALGO-KEYMAT<\/i> |
auth-trunc<\/b> ALGO-NAME ALGO-KEYMAT ALGO-TRUNC-LEN<\/i> |
aead<\/b> ALGO-NAME ALGO-KEYMAT ALGO-ICV-LEN<\/i> |
comp<\/b> ALGO-NAME<\/i><\/p>\n

MODE<\/i> := transport<\/b> | tunnel<\/b> | beet<\/b> | ro<\/b> | in_trigger<\/b><\/p>\n

FLAG-LIST<\/i> := [ FLAG-LIST<\/i> ] FLAG<\/i><\/p>\n

FLAG<\/i> := noecn<\/b> | decap-dscp<\/b> | nopmtudisc<\/b> | wildrecv<\/b> | icmp<\/b> | af-unspec<\/b> | align4<\/b> | esn<\/b><\/p>\n

SELECTOR<\/i> := [ src<\/b> ADDR<\/i>[\/PLEN<\/i>] ] [ dst<\/b> ADDR<\/i>[\/PLEN<\/i>] ] [ dev<\/b> DEV<\/i> ]
[ UPSPEC<\/i> ]<\/p>\n

UPSPEC<\/i> := proto<\/b> { PROTO<\/i> |
{ tcp<\/b> | udp<\/b> | sctp<\/b> | dccp<\/b> } [ sport<\/b> PORT<\/i> ] [ dport<\/b> PORT<\/i> ] |
{ icmp<\/b> | ipv6-icmp<\/b> | mobility-header<\/b> } [ type<\/b> NUMBER<\/i> ] [ code<\/b> NUMBER<\/i> ] |
gre<\/b> [ key<\/b> { DOTTED-QUAD<\/i> | NUMBER<\/i> } ] }<\/p>\n

LIMIT-LIST<\/i> := [ LIMIT-LIST<\/i> ] limit<\/b> LIMIT<\/i><\/p>\n

LIMIT<\/i> := { time-soft<\/b> | time-hard<\/b> | time-use-soft<\/b> | time-use-hard<\/b> } SECONDS<\/i> |
{ byte-soft<\/b> | byte-hard<\/b> } SIZE<\/i> |
{ packet-soft<\/b> | packet-hard<\/b> } COUNT<\/i><\/p>\n

ENCAP<\/i> := { espinudp<\/b> | espinudp-nonike<\/b> | espintcp<\/b> } SPORT DPORT OADDR<\/i><\/p>\n

EXTRA-FLAG-LIST<\/i> := [ EXTRA-FLAG-LIST<\/i> ] EXTRA-FLAG<\/i><\/p>\n

EXTRA-FLAG<\/i> := dont-encap-dscp<\/b> | oseq-may-wrap<\/b><\/p>\n

ip xfrm policy<\/b> { add<\/b> | update<\/b> } SELECTOR<\/i> dir<\/b> DIR<\/i> [ ctx<\/b> CTX<\/i> ] [ mark<\/b> MARK<\/i> [ mask<\/b> MASK<\/i> ] ] [ index<\/b> INDEX<\/i> ] [ ptype<\/b> PTYPE<\/i> ] [ action<\/b> ACTION<\/i> ] [ priority<\/b> PRIORITY<\/i> ] [ flag<\/b> FLAG-LIST<\/i> ] [ if_id<\/b> IF-ID<\/i> ] [ LIMIT-LIST<\/i> ] [ TMPL-LIST<\/i> ]<\/p>\n

ip xfrm policy<\/b> { delete<\/b> | get<\/b> } { SELECTOR<\/i> | index<\/b> INDEX<\/i> } dir<\/b> DIR<\/i> [ ctx<\/b> CTX<\/i> ] [ mark<\/b> MARK<\/i> [ mask<\/b> MASK<\/i> ] ] [ ptype<\/b> PTYPE<\/i> ] [ if_id<\/b> IF-ID<\/i> ]<\/p>\n

ip<\/b> [ -4<\/b> | -6<\/b> ] xfrm policy<\/b> { deleteall<\/b> | list<\/b> } [ nosock<\/b> ] [ SELECTOR<\/i> ] [ dir<\/b> DIR<\/i> ] [ index<\/b> INDEX<\/i> ] [ ptype<\/b> PTYPE<\/i> ] [ action<\/b> ACTION<\/i> ] [ priority<\/b> PRIORITY<\/i> ] [ flag<\/b> FLAG-LIST<\/i>]<\/p>\n

ip xfrm policy flush<\/b> [ ptype<\/b> PTYPE<\/i> ]<\/p>\n

ip xfrm policy count<\/b><\/p>\n

ip xfrm policy set<\/b> [ hthresh4<\/b> LBITS RBITS<\/i> ] [ hthresh6<\/b> LBITS RBITS<\/i> ]<\/p>\n

SELECTOR<\/i> := [ src<\/b> ADDR<\/i>[\/PLEN<\/i>] ] [ dst<\/b> ADDR<\/i>[\/PLEN<\/i>] ] [ dev<\/b> DEV<\/i> ] [ UPSPEC<\/i> ]<\/p>\n

UPSPEC<\/i> := proto<\/b> { PROTO<\/i> |
{ tcp<\/b> | udp<\/b> | sctp<\/b> | dccp<\/b> } [ sport<\/b> PORT<\/i> ] [ dport<\/b> PORT<\/i> ] |
{ icmp<\/b> | ipv6-icmp<\/b> | mobility-header<\/b> } [ type<\/b> NUMBER<\/i> ] [ code<\/b> NUMBER<\/i> ] |
gre<\/b> [ key<\/b> { DOTTED-QUAD<\/i> | NUMBER<\/i> } ] }<\/p>\n

DIR<\/i> := in<\/b> | out<\/b> | fwd<\/b><\/p>\n

PTYPE<\/i> := main<\/b> | sub<\/b><\/p>\n

ACTION<\/i> := allow<\/b> | block<\/b><\/p>\n

FLAG-LIST<\/i> := [ FLAG-LIST<\/i> ] FLAG<\/i><\/p>\n

FLAG<\/i> := localok<\/b> | icmp<\/b><\/p>\n

LIMIT-LIST<\/i> := [ LIMIT-LIST<\/i> ] limit<\/b> LIMIT<\/i><\/p>\n

LIMIT<\/i> := { time-soft<\/b> | time-hard<\/b> | time-use-soft<\/b> | time-use-hard<\/b> } SECONDS<\/i> |
{ byte-soft<\/b> | byte-hard<\/b> } SIZE<\/i> |
{ packet-soft<\/b> | packet-hard<\/b> } COUNT<\/i><\/p>\n

TMPL-LIST<\/i> := [ TMPL-LIST<\/i> ] tmpl<\/b> TMPL<\/i><\/p>\n

TMPL<\/i> := ID<\/i> [ mode<\/b> MODE<\/i> ] [ reqid<\/b> REQID<\/i> ] [ level<\/b> LEVEL<\/i> ]<\/p>\n

ID<\/i> := [ src<\/b> ADDR<\/i> ] [ dst<\/b> ADDR<\/i> ] [ proto<\/b> XFRM-PROTO<\/i> ] [ spi<\/b> SPI<\/i> ]<\/p>\n

XFRM-PROTO<\/i> := esp<\/b> | ah<\/b> | comp<\/b> | route2<\/b> | hao<\/b><\/p>\n

MODE<\/i> := transport<\/b> | tunnel<\/b> | beet<\/b> | ro<\/b> | in_trigger<\/b><\/p>\n

LEVEL<\/i> := required<\/b> | use<\/b><\/p>\n

ip xfrm monitor<\/b> [ all-nsid<\/b> ] [ nokeys<\/b> ] [ all<\/b>
| LISTofXFRM-OBJECTS<\/i> ]<\/p>\n

LISTofXFRM-OBJECTS<\/i> := [ LISTofXFRM-OBJECTS<\/i> ] XFRM-OBJECT<\/i><\/p>\n

XFRM-OBJECT<\/i> := acquire<\/b> | expire<\/b> | SA<\/b> | policy<\/b> | aevent<\/b> | report<\/b><\/p>\n

DESCRIPTION <\/a> <\/h2>\n

xfrm is an IP framework for transforming packets (such as encrypting their payloads). This framework is used to implement the IPsec protocol suite (with the state<\/b> object operating on the Security Association Database, and the policy<\/b> object operating on the Security Policy Database). It is also used for the IP Payload Compression Protocol and features of Mobile IPv6.<\/p>\n\n\n\n\n\n\n\n\n
<\/td>\n<\/td>\n <\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n <\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n <\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n <\/td>\n <\/td>\n<\/tr>\n
<\/td>\n<\/td>\n <\/td>\n <\/td>\n<\/tr>\n<\/table>\n

\"Image<\/p>\n\n\n
<\/td>\n\n

ID<\/i><\/p>\n<\/td>\n

<\/td>\n\n

is specified by a source address, destination address, transform protocol XFRM-PROTO<\/i>, and\/or Security Parameter Index SPI<\/i>. (For IP Payload Compression, the Compression Parameter Index or CPI is used for SPI<\/i>.)<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

XFRM-PROTO<\/i><\/p>\n

specifies a transform protocol: IPsec Encapsulating Security Payload (esp<\/b>), IPsec Authentication Header (ah<\/b>), IP Payload Compression (comp<\/b>), Mobile IPv6 Type 2 Routing Header (route2<\/b>), or Mobile IPv6 Home Address Option (hao<\/b>).<\/p>\n

ALGO-LIST<\/i><\/p>\n

contains one or more algorithms to use. Each algorithm ALGO<\/i> is specified by:<\/p>\n\n\n\n\n\n\n
<\/td>\n\n

\u2022<\/p>\n<\/td>\n

<\/td>\n\n

the algorithm type: encryption (enc<\/b>), authentication (auth<\/b> or auth-trunc<\/b>), authenticated encryption with associated data (aead<\/b>), or compression (comp<\/b>)<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

\u2022<\/p>\n<\/td>\n

<\/td>\n\n

the algorithm name ALGO-NAME<\/i> (see below)<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

\u2022<\/p>\n<\/td>\n

<\/td>\n\n

(for all except comp<\/b>) the keying material ALGO-KEYMAT<\/i>, which may include both a key and a salt or nonce value; refer to the corresponding RFC<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

\u2022<\/p>\n<\/td>\n

<\/td>\n\n

(for auth-trunc<\/b> only) the truncation length ALGO-TRUNC-LEN<\/i> in bits<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

\u2022<\/p>\n<\/td>\n

<\/td>\n\n

(for aead<\/b> only) the Integrity Check Value length ALGO-ICV-LEN<\/i> in bits<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

Encryption algorithms include ecb(cipher_null)<\/b>, cbc(des)<\/b>, cbc(des3_ede)<\/b>, cbc(cast5)<\/b>, cbc(blowfish)<\/b>, cbc(aes)<\/b>, cbc(serpent)<\/b>, cbc(camellia)<\/b>, cbc(twofish)<\/b>, and rfc3686(ctr(aes))<\/b>.<\/p>\n

Authentication algorithms include digest_null<\/b>, hmac(md5)<\/b>, hmac(sha1)<\/b>, hmac(sha256)<\/b>, hmac(sha384)<\/b>, hmac(sha512)<\/b>, hmac(rmd160)<\/b>, and xcbc(aes)<\/b>.<\/p>\n

Authenticated encryption with associated data (AEAD) algorithms include rfc4106(gcm(aes))<\/b>, rfc4309(ccm(aes))<\/b>, and rfc4543(gcm(aes))<\/b>.<\/p>\n

Compression algorithms include deflate<\/b>, lzs<\/b>, and lzjh<\/b>.<\/p>\n\n\n
<\/td>\n\n

MODE<\/i><\/p>\n<\/td>\n

<\/td>\n\n

specifies a mode of operation for the transform protocol. IPsec and IP Payload Compression modes are transport<\/b>, tunnel<\/b>, and (for IPsec ESP only) Bound End-to-End Tunnel (beet<\/b>). Mobile IPv6 modes are route optimization (ro<\/b>) and inbound trigger (in_trigger<\/b>).<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

FLAG-LIST<\/i><\/p>\n

contains one or more of the following optional flags: noecn<\/b>, decap-dscp<\/b>, nopmtudisc<\/b>, wildrecv<\/b>, icmp<\/b>, af-unspec<\/b>, align4<\/b>, or esn<\/b>.<\/p>\n

SELECTOR<\/i><\/p>\n

selects the traffic that will be controlled by the policy, based on the source address, the destination address, the network device, and\/or UPSPEC<\/i>.<\/p>\n\n\n
<\/td>\n\n

UPSPEC<\/i><\/p>\n<\/td>\n

<\/td>\n\n

selects traffic by protocol. For the tcp<\/b>, udp<\/b>, sctp<\/b>, or dccp<\/b> protocols, the source and destination port can optionally be specified. For the icmp<\/b>, ipv6-icmp<\/b>, or mobility-header<\/b> protocols, the type and code numbers can optionally be specified. For the gre<\/b> protocol, the key can optionally be specified as a dotted-quad or number. Other protocols can be selected by name or number PROTO<\/i>.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

LIMIT-LIST<\/i><\/p>\n

sets limits in seconds, bytes, or numbers of packets.<\/p>\n\n\n\n
<\/td>\n\n

ENCAP<\/i><\/p>\n<\/td>\n

<\/td>\n\n

encapsulates packets with protocol espinudp<\/b>, espinudp-nonike<\/b>, or espintcp<\/b>, using source port SPORT<\/i>, destination port DPORT<\/i> , and original address OADDR<\/i>.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

MARK<\/i><\/p>\n<\/td>\n

<\/td>\n\n

used to match xfrm policies and states<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

OUTPUT-MARK<\/i><\/p>\n

used to set the output mark to influence the routing of the packets emitted by the state<\/p>\n\n\n
<\/td>\n\n

IF-ID<\/i><\/p>\n<\/td>\n

<\/td>\n\n

xfrm interface identifier used to in both xfrm policies and states<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

\"Image<\/p>\n\n\n
<\/td>\n\n

nosock<\/b><\/p>\n<\/td>\n

<\/td>\n\n

filter (remove) all socket policies from the output.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

SELECTOR<\/i><\/p>\n

selects the traffic that will be controlled by the policy, based on the source address, the destination address, the network device, and\/or UPSPEC<\/i>.<\/p>\n\n\n\n\n\n\n
<\/td>\n\n

UPSPEC<\/i><\/p>\n<\/td>\n

<\/td>\n\n

selects traffic by protocol. For the tcp<\/b>, udp<\/b>, sctp<\/b>, or dccp<\/b> protocols, the source and destination port can optionally be specified. For the icmp<\/b>, ipv6-icmp<\/b>, or mobility-header<\/b> protocols, the type and code numbers can optionally be specified. For the gre<\/b> protocol, the key can optionally be specified as a dotted-quad or number. Other protocols can be selected by name or number PROTO<\/i>.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

DIR<\/i><\/p>\n<\/td>\n

<\/td>\n\n

selects the policy direction as in<\/b>, out<\/b>, or fwd<\/b>.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

CTX<\/i><\/p>\n<\/td>\n

<\/td>\n\n

sets the security context.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

PTYPE<\/i><\/p>\n<\/td>\n

<\/td>\n\n

can be main<\/b> (default) or sub<\/b>.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

ACTION<\/i><\/p>\n<\/td>\n

<\/td>\n\n

can be allow<\/b> (default) or block<\/b>.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

PRIORITY<\/i><\/p>\n

is a number that defaults to zero.<\/p>\n

FLAG-LIST<\/i><\/p>\n

contains one or both of the following optional flags: local<\/b> or icmp<\/b>.<\/p>\n

LIMIT-LIST<\/i><\/p>\n

sets limits in seconds, bytes, or numbers of packets.<\/p>\n

TMPL-LIST<\/i><\/p>\n

is a template list specified using ID<\/i>, MODE<\/i>, REQID<\/i>, and\/or LEVEL<\/i>.<\/p>\n\n\n
<\/td>\n\n

ID<\/i><\/p>\n<\/td>\n

<\/td>\n\n

is specified by a source address, destination address, transform protocol XFRM-PROTO<\/i>, and\/or Security Parameter Index SPI<\/i>. (For IP Payload Compression, the Compression Parameter Index or CPI is used for SPI<\/i>.)<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

XFRM-PROTO<\/i><\/p>\n

specifies a transform protocol: IPsec Encapsulating Security Payload (esp<\/b>), IPsec Authentication Header (ah<\/b>), IP Payload Compression (comp<\/b>), Mobile IPv6 Type 2 Routing Header (route2<\/b>), or Mobile IPv6 Home Address Option (hao<\/b>).<\/p>\n\n\n\n
<\/td>\n\n

MODE<\/i><\/p>\n<\/td>\n

<\/td>\n\n

specifies a mode of operation for the transform protocol. IPsec and IP Payload Compression modes are transport<\/b>, tunnel<\/b>, and (for IPsec ESP only) Bound End-to-End Tunnel (beet<\/b>). Mobile IPv6 modes are route optimization (ro<\/b>) and inbound trigger (in_trigger<\/b>).<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

LEVEL<\/i><\/p>\n<\/td>\n

<\/td>\n\n

can be required<\/b> (default) or use<\/b>.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

\"Image<\/p>\n

Use one or more -s options to display more details, including policy hash table information.<\/p>\n

\"Image<\/p>\n

Security policies whose address prefix lengths are greater than or equal policy hash table thresholds are hashed. Others are stored in the policy_inexact chained list.<\/p>\n\n\n\n
<\/td>\n\n

LBITS<\/i><\/p>\n<\/td>\n

<\/td>\n\n

specifies the minimum local address prefix length of policies that are stored in the Security Policy Database hash table.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n\n

RBITS<\/i><\/p>\n<\/td>\n

<\/td>\n\n

specifies the minimum remote address prefix length of policies that are stored in the Security Policy Database hash table.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

\"Image<\/p>\n

The xfrm objects to monitor can be optionally specified.<\/p>\n

If the all-nsid<\/b> option is set, the program listens to all network namespaces that have a nsid assigned into the network namespace were the program is running. A prefix is displayed to show the network namespace where the message originates. Example:<\/p>\n

[nsid 1]Flushed state proto 0<\/p>\n

AUTHOR <\/a> <\/h2>\n

Manpage revised by David Ward
Manpage revised by Christophe Gouault
Manpage revised by Nicolas Dichtel <\/p>\n

\n","protected":false},"excerpt":{"rendered":"

ip-xfrm \u2212 transform configuration <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,352,4],"class_list":["post-3211","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-ip-xfrm","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3211"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3211\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}