1IPSEC_KLIPSDEBUG(8)                                        IPSEC_KLIPSDEBUG(8)
2
3
4

NAME

6       ipsec  klipsdebug  - set KLIPS and MAST debug features and level. Other
7       stacks are not supported.
8

SYNOPSIS

10       ipsec klipsdebug
11              ipsecklipsdebug --set flagname
12              ipsecklipsdebug --clear flagname
13              ipsecklipsdebug --all
14              ipsecklipsdebug --none
15              ipsecklipsdebug --help
16              ipsecklipsdebug --version
17
18

DESCRIPTION

20       Klipsdebug sets and clears flags that control various parts of the  de‐
21       bugging  output  of  Klips (the kernel portion of FreeS/WAN IPSEC). The
22       form with  no  additional  arguments  lists  the  present  contents  of
23       /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on,
24       while the --clear form turns the specified flag  off.  The  --all  form
25       turns  all  flags  on  except  verbose, while the --none form turns all
26       flags off.
27
28
29       The current flag names are:
30
31
32       tunnel tunnelling code
33
34
35       tunnel-xmit
36              tunnelling transmit only code
37
38
39       pfkey  userspace communication code
40
41
42       xform  transform selection and manipulation code
43
44
45       eroute eroute table manipulation code
46
47
48       spi    SA table manipulation code
49
50
51       radij  radij tree manipulation code
52
53
54       esp    encryptions transforms code
55
56
57       ah     authentication transforms code rcv receive code
58
59
60       ipcomp ip compression transforms code
61
62
63       verbose
64              give even more information, BEWARE: a)this will print  authenti‐
65              cation  and  encryption  keys  in  the logs b)this will probably
66              trample the 4k kernel printk buffer giving inaccurate output
67
68
69       All Klips debug output appears as kernel.info messages  to  syslogd(8).
70       Most systems are set up to log these messages to /var/log/messages. Be‐
71       ware that klipsdebug  --all produces a lot of output and the  log  file
72       will grow quickly.
73
74
75       The   file   format  for  /proc/net/ipsec_klipsdebug  is  discussed  in
76       ipsec_klipsdebug(5).
77
78

EXAMPLES

80       klipsdebug --all
81              turns on all KLIPS debugging except verbose.
82
83
84       klipsdebug --clear tunnel
85              turns off only the tunnel debugging messages.
86
87

FILES

89       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
90
91

SEE ALSO

93       ipsec(8),     ipsec_manual(8),     ipsec_tncfg(8),     ipsec_eroute(8),
94       ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)
95
96

HISTORY

98       Written  for  the  Linux  FreeS/WAN  project <http://www.freeswan.org/:
99       http://www.freeswan.org/> by Richard Guy Briggs.
100
101

BUGS

103       It really ought to be possible to set or unset  selective  combinations
104       of flags.
105
106
107
108
109                                                           IPSEC_KLIPSDEBUG(8)
Impressum