Provided by: openswan_2.6.37-1_amd64 bug

NAME

       ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and level

SYNOPSIS

       ipsec klipsdebug
             cat/proc/net/ipsec_klipsdebug

DESCRIPTION

       /proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output
       of KLIPS and MAST, two of the IPsec stacks supported by Openswan. At this point it is a
       read-only file.

       A table entry consists of:

       +
           a KLIPS debug variable

       +
           a ´=´ separator for visual and automated parsing between the variable name and its
           current value

       +
           hexadecimal bitmap of variable´s flags.

       The variable names roughly describe the scope of the debugging variable. Currently, no
       flags are documented or individually accessible yet except tunnel-xmit.

       The variable names are:

       tunnel
           tunnelling code

       netlink
           userspace communication code (obsolete)

       xform
           transform selection and manipulation code

       eroute
           eroute table manipulation code

       spi
           SA table manipulation code

       radij
           radij tree manipulation code

       esp
           encryptions transforms code

       ah
           authentication transforms code

       rcv
           receive code

       ipcomp
           ip compression transforms code

       verbose
           give even more information, beware this will probably trample the 4k kernel printk
           buffer giving inaccurate output

       All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set
       up to log these messages to /var/log/messages.

EXAMPLES

       debug_tunnel=00000010.

       debug_netlink=00000000.

       debug_xform=00000000.

       debug_eroute=00000000.

       debug_spi=00000000.

       debug_radij=00000000.

       debug_esp=00000000.

       debug_ah=00000000.

       debug_rcv=00000000.

       debug_pfkey=ffffffff.

       means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has
       been set and everything else is not set.

FILES

       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8),
       ipsec_klipsdebug(5), ipsec_version(5), ipsec_pf_key(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source]                             10/06/2010                        IPSEC_KLIPSDEBUG(5)