Provided by: openswan_2.6.37-1_amd64
ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and level
ipsec klipsdebug cat/proc/net/ipsec_klipsdebug
/proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output of KLIPS and MAST, two of the IPsec stacks supported by Openswan. At this point it is a read-only file. A table entry consists of: + a KLIPS debug variable + a ´=´ separator for visual and automated parsing between the variable name and its current value + hexadecimal bitmap of variable´s flags. The variable names roughly describe the scope of the debugging variable. Currently, no flags are documented or individually accessible yet except tunnel-xmit. The variable names are: tunnel tunnelling code netlink userspace communication code (obsolete) xform transform selection and manipulation code eroute eroute table manipulation code spi SA table manipulation code radij radij tree manipulation code esp encryptions transforms code ah authentication transforms code rcv receive code ipcomp ip compression transforms code verbose give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.
debug_tunnel=00000010. debug_netlink=00000000. debug_xform=00000000. debug_eroute=00000000. debug_spi=00000000. debug_radij=00000000. debug_esp=00000000. debug_ah=00000000. debug_rcv=00000000. debug_pfkey=ffffffff. means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has been set and everything else is not set.
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5), ipsec_pf_key(5)
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. [FIXME: source] 10/06/2010 IPSEC_KLIPSDEBUG(5)