IPSEC_KLIPSDEBUG(8)

NAME

ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other
stacks are not supported.

SYNOPSIS

ipsec klipsdebug
      ipsec klipsdebug --set flagname
      ipsec klipsdebug --clear flagname
      ipsec klipsdebug --all
      ipsec klipsdebug --none
      ipsec klipsdebug --help
      ipsec klipsdebug --version

DESCRIPTION

Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of
/proc/net/ipsec_klipsdebug. The --set form turns the specified flag on, while the --clear form turns the specified flag off. The --all form turns all flags on except verbose, while the --none form turns all flags off.

The current flag names are:

tunnel
tunnelling code
tunnel-xmit
tunnelling transmit only code
pfkey
userspace communication code
xform
transform selection and manipulation code
eroute
eroute table manipulation code
spi
SA table manipulation code
radij
radij tree manipulation code
esp
encryptions transforms code
ah
authentication transforms code rcv receive code
ipcomp
ip compression transforms code
verbose
give even more information, BEWARE: a)this will print
authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output
All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.
Beware that klipsdebug --all produces a lot of output and the log file will grow quickly.
The file format for /proc/net/ipsec_klipsdebug is discussed in
ipsec_klipsdebug(5).

EXAMPLES

klipsdebug --all
turns on all KLIPS debugging except verbose.
klipsdebug --clear tunnel
turns off only the tunnel debugging messages.

FILES

/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

SEE ALSO

ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)

HISTORY

Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

BUGS

It really ought to be possible to set or unset selective combinations
of flags.

[FIXME: source] 02/25/2010 IPSEC_KLIPSDEBUG(8)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout