1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
.TH IPSEC_KLIPSDEBUG 5 "26 Jun 2000"
.\"
.\" RCSID $Id: klipsdebug.5,v 1.1 2004/03/15 20:35:28 as Exp $
.\"
.SH NAME
ipsec_klipsdebug \- list KLIPS (kernel IPSEC support) debug features and level
.SH SYNOPSIS
.B ipsec
.B klipsdebug
.PP
.B cat
.B /proc/net/ipsec_klipsdebug
.SH DESCRIPTION
.I /proc/net/ipsec_klipsdebug
lists flags that control various parts of the debugging output of Klips
(the kernel portion of FreeS/WAN IPSEC).
At this point it is a read-only file.
.PP
A table entry consists of:
.IP + 3
a KLIPS debug variable
.IP +
a '=' separator for visual and automated parsing between the variable
name and its current value
.IP +
hexadecimal bitmap of variable's flags.
.PP
The variable names roughly describe the scope of the debugging variable.
Currently, no flags are documented or individually accessible yet except
tunnel-xmit.
.ne 5
.PP
The variable names are:
.TP 8
.B tunnel
tunnelling code
.TP
.B netlink
userspace communication code (obsolete)
.TP
.B xform
transform selection and manipulation code
.TP
.B eroute
eroute table manipulation code
.TP
.B spi
SA table manipulation code
.TP
.B radij
radij tree manipulation code
.TP
.B esp
encryptions transforms code
.TP
.B ah
authentication transforms code
.TP
.B rcv
receive code
.TP
.B ipcomp
ip compression transforms code
.TP
.B verbose
give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output
.PP
All KLIPS debug output appears as
.B kernel.info
messages to
.IR syslogd (8).
Most systems are set up
to log these messages to
.IR /var/log/messages .
.PP
.SH EXAMPLES
.LP
.B debug_tunnel=00000010.
.br
.B debug_netlink=00000000.
.br
.B debug_xform=00000000.
.br
.B debug_eroute=00000000.
.br
.B debug_spi=00000000.
.br
.B debug_radij=00000000.
.br
.B debug_esp=00000000.
.br
.B debug_ah=00000000.
.br
.B debug_rcv=00000000.
.br
.B debug_pfkey=ffffffff.
.LP
means that one
.B tunnel
flag has been set (tunnel-xmit),
full
.B pfkey
sockets debugging has been set and everything else is not set.
.LP
.SH FILES
/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
.SH "SEE ALSO"
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
ipsec_pf_key(5)
.SH HISTORY
Written for the Linux FreeS/WAN project
<http://www.freeswan.org/>
by Richard Guy Briggs.
.\"
.\" $Log: klipsdebug.5,v $
.\" Revision 1.1 2004/03/15 20:35:28 as
.\" added files from freeswan-2.04-x509-1.5.3
.\"
.\" Revision 1.5 2002/04/24 07:35:38 mcr
.\" Moved from ./klips/utils/klipsdebug.5,v
.\"
.\" Revision 1.4 2000/10/10 20:10:19 rgb
.\" Added support for debug_ipcomp and debug_verbose to klipsdebug.
.\"
.\" Revision 1.3 2000/06/30 18:21:55 rgb
.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5)
.\" and correct FILES sections to no longer refer to /dev/ipsec which has
.\" been removed since PF_KEY does not use it.
.\"
.\" Revision 1.2 2000/06/28 12:44:12 henry
.\" format touchup
.\"
.\" Revision 1.1 2000/06/28 05:43:00 rgb
.\" Added manpages for all 5 klips utils.
.\"
.\"
.\"
|
