ipsec_klipsdebug(8) - Linux man page
Name
ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other stacks are not supported.
Synopsis
ipsec klipsdebug
- ipsec klipsdebug --set flagname
ipsec klipsdebug --clear flagname
ipsec klipsdebug --all
ipsec klipsdebug --none
ipsec klipsdebug --help
ipsec klipsdebug --version
Description
Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on, while the --clear form turns the specified flag off. The --all form turns all flags on except verbose, while the --none form turns all flags off.
The current flag names are:
tunnel
- tunnelling code
- tunnel-xmit
- tunnelling transmit only code
- pfkey
- userspace communication code
- xform
- transform selection and manipulation code
- eroute
- eroute table manipulation code
- spi
- SA table manipulation code
- radij
- radij tree manipulation code
- esp
- encryptions transforms code
- ah
- authentication transforms code rcv receive code
- ipcomp
- ip compression transforms code
- verbose
- give even more information, BEWARE: a)this will print authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output
- All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.
Beware that klipsdebug --all produces a lot of output and the log file will grow quickly.
The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5).
Examples
klipsdebug --all
- turns on all KLIPS debugging except verbose.
- klipsdebug --clear tunnel
- turns off only the tunnel debugging messages.
Files
/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
See Also
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)
History
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.
Bugs
It really ought to be possible to set or unset selective combinations of flags.