Document setsa flag.

1 files changed, 30 insertions, 1 deletions

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index d4b3990f701..f671b5aa943 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ifconfig.8,v 1.30 1999/12/08 23:53:13 aaron Exp $
+.\"	$OpenBSD: ifconfig.8,v 1.31 1999/12/27 03:25:19 angelos Exp $
 .\"	$NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -145,6 +145,35 @@ for example,
 The following parameters may be set with
 .Nm ifconfig :
 .Bl -tag -width dest_addressxx
+.It Cm setsa
+Bind an
+.Xr ipsec 4
+Security Association (SA) to an
+.Xr enc 4
+interface. The interface can then be used in conjunction with the
+.Xr bridge 4
+to establish virtual Local Area Networks (LANs). The SA is specified
+as
+.Ar address/SPI/protocol ,
+where
+.Ar address
+is an IPv4 or IPv6 address,
+.Ar SPI 
+is a hexadecimal number, and
+.Ar protocol
+is a decimal number identifying the security protocol (typically 50
+for ESP, 51 for AH, or 4 for IP-in-IP). The SA must exist for the
+operation to be successfully completed. Typically, such SAs would be
+established via
+.Xr ipsecadm 1 .
+If the
+.Ar 0.0.0.0/0/0
+or
+.Ar ::/0/0
+SA is specified, any existing binding between the corresponding
+.Xr enc 4
+interface and an SA is cleared (in fact, just the SPI and the protocol
+part of the SA have to be set to zero).
 .It Cm alias
 Establish an additional network address for this interface.
 This is sometimes useful when changing network numbers, and