Can you add examples on ``ip xfrm``?

[StephenPCG]

There are few results googling ip xfrm. Can you provide some examples and explanations on it?

I find an example using ip xfrm to create an ipsec tunel, but without any further explanation on the commands.

[dmbaturin]

Oh man... We should document it indeed, it's much needed work, but it's this problem precisely: if we do it, we will be the first people ever to offer readable XRFM documentation. ;) "man ip-xfrm" is succint to the point of being useless, the Linux Routing HOWTO is silent about it. There is this document by Marek Andreansky who found how to create IPsec SAs and offered some explanation: http://is.muni.cz/th/207915/fi_b/iproute.pdf , but it's just a small part of XFRM.

In other words, it's going to be quite an undertake and I'm scared to do it alone. ;) If you want to join this work, it would be awesome.

[StephenPCG]

Oh, just realised I forgot to paste the link to the example I found, here it is: https://gist.github.com/vishvananda/7094676

I will try to find out more on ip xfrm by reading iproute2 source code, if I would find something helpful, I will come back :)