NAME
ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and
level
SYNOPSIS
ipsec klipsdebug
cat/proc/net/ipsec_klipsdebug
DESCRIPTION
/proc/net/ipsec_klipsdebug lists flags that control various parts of
the debugging output of KLIPS and MAST, two of the IPsec stacks
supported by Openswan. At this point it is a read-only file.
A table entry consists of:
+
a KLIPS debug variable
+
a ´=´ separator for visual and automated parsing between the
variable name and its current value
+
hexadecimal bitmap of variable´s flags.
The variable names roughly describe the scope of the debugging
variable. Currently, no flags are documented or individually accessible
yet except tunnel-xmit.
The variable names are:
tunnel
tunnelling code
netlink
userspace communication code (obsolete)
xform
transform selection and manipulation code
eroute
eroute table manipulation code
spi
SA table manipulation code
radij
radij tree manipulation code
esp
encryptions transforms code
ah
authentication transforms code
rcv
receive code
ipcomp
ip compression transforms code
verbose
give even more information, beware this will probably trample the
4k kernel printk buffer giving inaccurate output
All KLIPS debug output appears as kernel.info messages to syslogd(8).
Most systems are set up to log these messages to /var/log/messages.
EXAMPLES
debug_tunnel=00000010.
debug_netlink=00000000.
debug_xform=00000000.
debug_eroute=00000000.
debug_spi=00000000.
debug_radij=00000000.
debug_esp=00000000.
debug_ah=00000000.
debug_rcv=00000000.
debug_pfkey=ffffffff.
means that one tunnel flag has been set (tunnel-xmit), full pfkey
sockets debugging has been set and everything else is not set.
FILES
/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
ipsec_pf_key(5)
HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by
Richard Guy Briggs.
[FIXME: source] 02/25/2010