1IPSEC_KLIPSDEBUG(8) IPSEC_KLIPSDEBUG(8)
2
3
4
6 ipsec klipsdebug - set KLIPS and MAST debug features and level. Other
7 stacks are not supported.
8
10 ipsec klipsdebug
11 ipsecklipsdebug --set flagname
12 ipsecklipsdebug --clear flagname
13 ipsecklipsdebug --all
14 ipsecklipsdebug --none
15 ipsecklipsdebug --help
16 ipsecklipsdebug --version
17
18
20 Klipsdebug sets and clears flags that control various parts of the de‐
21 bugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The
22 form with no additional arguments lists the present contents of
23 /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on,
24 while the --clear form turns the specified flag off. The --all form
25 turns all flags on except verbose, while the --none form turns all
26 flags off.
27
28
29 The current flag names are:
30
31
32 tunnel tunnelling code
33
34
35 tunnel-xmit
36 tunnelling transmit only code
37
38
39 pfkey userspace communication code
40
41
42 xform transform selection and manipulation code
43
44
45 eroute eroute table manipulation code
46
47
48 spi SA table manipulation code
49
50
51 radij radij tree manipulation code
52
53
54 esp encryptions transforms code
55
56
57 ah authentication transforms code rcv receive code
58
59
60 ipcomp ip compression transforms code
61
62
63 verbose
64 give even more information, BEWARE: a)this will print authenti‐
65 cation and encryption keys in the logs b)this will probably
66 trample the 4k kernel printk buffer giving inaccurate output
67
68
69 All Klips debug output appears as kernel.info messages to syslogd(8).
70 Most systems are set up to log these messages to /var/log/messages. Be‐
71 ware that klipsdebug --all produces a lot of output and the log file
72 will grow quickly.
73
74
75 The file format for /proc/net/ipsec_klipsdebug is discussed in
76 ipsec_klipsdebug(5).
77
78
80 klipsdebug --all
81 turns on all KLIPS debugging except verbose.
82
83
84 klipsdebug --clear tunnel
85 turns off only the tunnel debugging messages.
86
87
89 /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
90
91
93 ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
94 ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)
95
96
98 Written for the Linux FreeS/WAN project <http://www.freeswan.org/:
99 http://www.freeswan.org/> by Richard Guy Briggs.
100
101
103 It really ought to be possible to set or unset selective combinations
104 of flags.
105
106
107
108
109 IPSEC_KLIPSDEBUG(8)