ipsec_klipsdebug(5) - Linux man page

Name

ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and level

Synopsis

ipsec klipsdebug

cat/proc/net/ipsec_klipsdebug

Description

/proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output of KLIPS and MAST, two of the IPsec stacks supported by Openswan. At this point it is a read-only file.

A table entry consists of:

a KLIPS debug variable
+: a '=' separator for visual and automated parsing between the variable name and its current value
+: hexadecimal bitmap of variable's flags.
The variable names roughly describe the scope of the debugging variable. Currently, no flags are documented or individually accessible yet except tunnel-xmit.
The variable names are:
tunnel: tunnelling code
netlink: userspace communication code (obsolete)
xform: transform selection and manipulation code
eroute: eroute table manipulation code
spi: SA table manipulation code
radij: radij tree manipulation code
esp: encryptions transforms code
ah: authentication transforms code
rcv: receive code
ipcomp: ip compression transforms code
verbose: give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output
All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.

Examples

debug_tunnel=00000010.

debug_netlink=00000000.

debug_xform=00000000.

debug_eroute=00000000.

debug_spi=00000000.

debug_radij=00000000.

debug_esp=00000000.

debug_ah=00000000.

debug_rcv=00000000.

debug_pfkey=ffffffff.

means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has been set and everything else is not set.

Files

/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

History

Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

Referenced By

ipsec_eroute(5), ipsec_ipsec_spi(5), ipsec_klipsdebug(8), ipsec_pf_key(8), ipsec_spi(5), ipsec_spigrp(5), ipsec_tncfg(5)