Man Linux: Main Page and Category List

NAME

       ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other
       stacks are not supported.

SYNOPSIS

       ipsec klipsdebug
             ipsec klipsdebug --set flagname
             ipsec klipsdebug --clear flagname
             ipsec klipsdebug --all
             ipsec klipsdebug --none
             ipsec klipsdebug --help
             ipsec klipsdebug --version

DESCRIPTION

       Klipsdebug sets and clears flags that control various parts of the
       debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The
       form with no additional arguments lists the present contents of
       /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on,
       while the --clear form turns the specified flag off. The --all form
       turns all flags on except verbose, while the --none form turns all
       flags off.

       The current flag names are:

       tunnel
           tunnelling code

       tunnel-xmit
           tunnelling transmit only code

       pfkey
           userspace communication code

       xform
           transform selection and manipulation code

       eroute
           eroute table manipulation code

       spi
           SA table manipulation code

       radij
           radij tree manipulation code

       esp
           encryptions transforms code

       ah
           authentication transforms code rcv receive code

       ipcomp
           ip compression transforms code

       verbose
           give even more information, BEWARE: a)this will print
           authentication and encryption keys in the logs b)this will probably
           trample the 4k kernel printk buffer giving inaccurate output

       All Klips debug output appears as kernel.info messages to syslogd(8).
       Most systems are set up to log these messages to /var/log/messages.
       Beware that klipsdebug --all produces a lot of output and the log file
       will grow quickly.

       The file format for /proc/net/ipsec_klipsdebug is discussed in
       ipsec_klipsdebug(5).

EXAMPLES

       klipsdebug --all
           turns on all KLIPS debugging except verbose.

       klipsdebug --clear tunnel
           turns off only the tunnel debugging messages.

FILES

       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
       ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by
       Richard Guy Briggs.

BUGS

       It really ought to be possible to set or unset selective combinations
       of flags.

[FIXME: source]                   02/25/2010