IPSEC_KLIPSDEBUG

NAME
SYNOPSIS
DESCRIPTION
EXAMPLES
FILES
SEE ALSO
HISTORY
BUGS

NAME

ipsec klipsdebug − set KLIPS (kernel IPSEC support) debug features and level

SYNOPSIS

ipsec klipsdebug

ipsec klipsdebug −−set flagname

ipsec klipsdebug −−clear flagname

ipsec klipsdebug −−all

ipsec klipsdebug −−none

ipsec klipsdebug −−help

ipsec klipsdebug −−version

DESCRIPTION

Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of /proc/net/ipsec_klipsdebug. The −−set form turns the specified flag on, while the −−clear form turns the specified flag off. The −−all form turns all flags on except verbose, while the −−none form turns all flags off.

The current flag names are:

tunnel

tunnelling code

tunnel-xmit

tunnelling transmit only code

pfkey

userspace communication code

xform

transform selection and manipulation code

eroute

eroute table manipulation code

spi

SA table manipulation code

radij

radij tree manipulation code

esp

encryptions transforms code

ah

authentication transforms code rcv receive code

ipcomp

ip compression transforms code

verbose

give even more information, BEWARE: a)this will print authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output

All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages. Beware that klipsdebug −−all produces a lot of output and the log file will grow quickly.

The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5).

EXAMPLES

klipsdebug −−all

turns on all KLIPS debugging except verbose.

klipsdebug −−clear tunnel

turns off only the tunnel debugging messages.

FILES

/proc/net/ipsec_klipsdebug, /usr/sbin/ipsec

SEE ALSO

ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)

HISTORY

Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

BUGS

It really ought to be possible to set or unset selective combinations of flags.