|
ipsec klipsdebug − set KLIPS (kernel IPSEC support) debug features and level |
|
ipsec klipsdebug ipsec klipsdebug −−set flagname ipsec klipsdebug −−clear flagname ipsec klipsdebug −−all ipsec klipsdebug −−none ipsec klipsdebug −−help ipsec klipsdebug −−version |
|
Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of /proc/net/ipsec_klipsdebug. The −−set form turns the specified flag on, while the −−clear form turns the specified flag off. The −−all form turns all flags on except verbose, while the −−none form turns all flags off. The current flag names are: |
|
tunnel |
tunnelling code |
|
tunnel-xmit |
|
tunnelling transmit only code |
|
pfkey |
userspace communication code |
||
|
xform |
transform selection and manipulation code |
||
|
eroute |
eroute table manipulation code |
||
|
spi |
SA table manipulation code |
||
|
radij |
radij tree manipulation code |
||
|
esp |
encryptions transforms code |
||
|
ah |
authentication transforms code rcv receive code |
||
|
ipcomp |
ip compression transforms code |
||
|
verbose |
give even more information, BEWARE: a)this will print authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output |
|
All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages. Beware that klipsdebug −−all produces a lot of output and the log file will grow quickly. The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5). |
|
klipsdebug −−all |
|
turns on all KLIPS debugging except verbose. |
|
klipsdebug −−clear tunnel |
|
turns off only the tunnel debugging messages. |
|
/proc/net/ipsec_klipsdebug, /usr/sbin/ipsec |
|
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5) |
|
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. |
|
It really ought to be possible to set or unset selective combinations of flags. |