ipsec_klipsdebug − list KLIPS (kernel IPSEC support) debug features and level |
ipsec klipsdebug cat /proc/net/ipsec_klipsdebug |
/proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). At this point it is a read-only file. A table entry consists of: |
+ |
a KLIPS debug variable |
||
+ |
a ’=’ separator for visual and automated parsing between the variable name and its current value |
||
+ |
hexadecimal bitmap of variable’s flags. |
The variable names roughly describe the scope of the debugging variable. Currently, no flags are documented or individually accessible yet except tunnel-xmit. The variable names are: |
tunnel |
tunnelling code |
||
netlink |
userspace communication code (obsolete) |
||
xform |
transform selection and manipulation code |
||
eroute |
eroute table manipulation code |
||
spi |
SA table manipulation code |
||
radij |
radij tree manipulation code |
||
esp |
encryptions transforms code |
||
ah |
authentication transforms code |
||
rcv |
receive code |
||
ipcomp |
ip compression transforms code |
||
verbose |
give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output |
All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages. |
debug_tunnel=00000010. means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has been set and everything else is not set. |
/proc/net/ipsec_klipsdebug, /usr/sbin/ipsec |
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5), ipsec_pf_key(5) |
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. |