Provided by: openswan_2.6.38-1_amd64 bug

NAME
       ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other stacks are not
       supported.


SYNOPSIS
       ipsec klipsdebug
             ipsec klipsdebug --set flagname
             ipsec klipsdebug --clear flagname
             ipsec klipsdebug --all
             ipsec klipsdebug --none
             ipsec klipsdebug --help
             ipsec klipsdebug --version


DESCRIPTION
       Klipsdebug sets and clears flags that control various parts of the debugging output of
       Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists
       the present contents of /proc/net/ipsec_klipsdebug. The --set form turns the specified
       flag on, while the --clear form turns the specified flag off. The --all form turns all
       flags on except verbose, while the --none form turns all flags off.

       The current flag names are:

       tunnel
           tunnelling code

       tunnel-xmit
           tunnelling transmit only code

       pfkey
           userspace communication code

       xform
           transform selection and manipulation code

       eroute
           eroute table manipulation code

       spi
           SA table manipulation code

       radij
           radij tree manipulation code

       esp
           encryptions transforms code

       ah
           authentication transforms code rcv receive code

       ipcomp
           ip compression transforms code

       verbose
           give even more information, BEWARE: a)this will print authentication and encryption
           keys in the logs b)this will probably trample the 4k kernel printk buffer giving
           inaccurate output

       All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set
       up to log these messages to /var/log/messages. Beware that klipsdebug --all produces a lot
       of output and the log file will grow quickly.

       The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5).


EXAMPLES
       klipsdebug --all
           turns on all KLIPS debugging except verbose.

       klipsdebug --clear tunnel
           turns off only the tunnel debugging messages.


FILES
       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec


SEE ALSO
       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8),
       ipsec_klipsdebug(5)


HISTORY
       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.


BUGS
       It really ought to be possible to set or unset selective combinations of flags.

[FIXME: source]                             10/06/2010                        IPSEC_KLIPSDEBUG(8)