Provided by: openswan_2.4.4-3ubuntu1_i386 bug


       ipsec  klipsdebug - set KLIPS (kernel IPSEC support) debug features and


       ipsec klipsdebug

       ipsec klipsdebug --set flagname

       ipsec klipsdebug --clear flagname

       ipsec klipsdebug --all

       ipsec klipsdebug --none

       ipsec klipsdebug --help

       ipsec klipsdebug --version


       Klipsdebug sets and clears flags that  control  various  parts  of  the
       debugging output of Klips (the kernel portion of FreeS/WAN IPSEC).  The
       form with  no  additional  arguments  lists  the  present  contents  of
       /proc/net/ipsec_klipsdebug.   The  --set  form turns the specified flag
       on, while the --clear form turns the specified  flag  off.   The  --all
       form turns all flags on except verbose, while the --none form turns all
       flags off.

       The current flag names are:

       tunnel  tunnelling code

               tunnelling transmit only code

       pfkey   userspace communication code

       xform   transform selection and manipulation code

       eroute  eroute table manipulation code

       spi     SA table manipulation code

       radij   radij tree manipulation code

       esp     encryptions transforms code

       ah      authentication transforms code rcv receive code

       ipcomp  ip compression transforms code

       verbose give  even  more  information,  BEWARE:   a)this   will   print
               authentication  and  encryption  keys  in  the logs b)this will
               probably trample the 4k kernel printk buffer giving  inaccurate

       All  Klips  debug output appears as messages to syslogd(8).
       Most systems are set up to log  these  messages  to  /var/log/messages.
       Beware  that klipsdebug --all produces a lot of output and the log file
       will grow quickly.

       The  file  format  for  /proc/net/ipsec_klipsdebug  is   discussed   in


       klipsdebug --all
              turns on all KLIPS debugging except verbose.

       klipsdebug --clear tunnel
              turns off only the tunnel debugging messages.


       /proc/net/ipsec_klipsdebug, /usr/bin/ipsec


       ipsec(8),     ipsec_manual(8),     ipsec_tncfg(8),     ipsec_eroute(8),
       ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)


       Written for the Linux FreeS/WAN project  <>  by
       Richard Guy Briggs.


       It  really  ought to be possible to set or unset selective combinations
       of flags.

                                  21 Jun 2000              IPSEC_KLIPSDEBUG(8)