Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_pf_key(5) [debian man page]

IPSEC_PF_KEY(5) 						  [FIXME: manual]						   IPSEC_PF_KEY(5)

NAME

       ipsec_pf_key - lists PF_KEY sockets registered with KLIPS

SYNOPSIS

       cat /proc/net/pf_key

STACK

       Note that pf_key is only supported on the KLIPS and MAST stacks. It is not supported on any other stack.

DESCRIPTION

       /proc/net/pf_key is a read-only file which lists the presently open PF_KEY sockets on the local system and their parameters.

       Each line lists one PF_KEY socket. A table entry consists of:

       +
	   sock pointer (sock)

       +
	   PID of the socket owner (pid)

       +
	   flag to indicate if the socket is dead (d)

       +
	   socket wait queue (sleep)

       +
	   socket pointer (socket)

       +
	   next socket in chain (next)

       +
	   previous socket in chain (prev)

       +
	   last socket error (e)

       +
	   pointer to destruct routine (destruct)

       +
	   is this a reused socket (r)

       +
	   has this socket been zapped (z)

       +
	   socket family to which this socket belongs (fa)

       +
	   local port number (n)

       +
	   protocol version number (p)

       +
	   Receive queue bytes committed (r)

       +
	   Transmit queue bytes committed (w)

       +
	   option memory allocations (o)

       +
	   size of send buffer in bytes (sndbf)

       +
	   timestamp in seconds (stamp)

       +
	   socket flags (Flags)

       +
	   socket type (Type)

       +
	   connection state (St)

EXAMPLES

       c3b8c140 3553 0 c0599818 c05997fc 0 0 0 0 1 0 15 0 2 0 0 0 65535 0.103232 00000000 00000003 01

       shows that there is one pf_key socket set up that starts at c3b8c140, whose owning process has PID 3553, the socket is not dead, its wait
       queue is at c0599818, whose owning socket is at c05997fc, with no other sockets in the chain, no errors, no destructor, it is a reused
       socket which has not been zapped, from protocol family 15 (PF_KEY), local port number 0, protocol socket version 2, no memory allocated to
       transmit, receive or option queues, a send buffer of almost 64kB, a timestamp of 0.103232, no flags set, type 3, in state 1.

FILES

       /proc/net/pf_key

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_eroute(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source] 						    10/06/2010							   IPSEC_PF_KEY(5)

Check Out this Related Man Page

IPSEC_KLIPSDEBUG(5)						  [FIXME: manual]					       IPSEC_KLIPSDEBUG(5)

NAME

       ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and level

SYNOPSIS

       ipsec klipsdebug
	     cat/proc/net/ipsec_klipsdebug

DESCRIPTION

       /proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output of KLIPS and MAST, two of the IPsec stacks
       supported by Openswan. At this point it is a read-only file.

       A table entry consists of:

       +
	   a KLIPS debug variable

       +
	   a '=' separator for visual and automated parsing between the variable name and its current value

       +
	   hexadecimal bitmap of variable's flags.

       The variable names roughly describe the scope of the debugging variable. Currently, no flags are documented or individually accessible yet
       except tunnel-xmit.

       The variable names are:

       tunnel
	   tunnelling code

       netlink
	   userspace communication code (obsolete)

       xform
	   transform selection and manipulation code

       eroute
	   eroute table manipulation code

       spi
	   SA table manipulation code

       radij
	   radij tree manipulation code

       esp
	   encryptions transforms code

       ah
	   authentication transforms code

       rcv
	   receive code

       ipcomp
	   ip compression transforms code

       verbose
	   give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output

       All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.

EXAMPLES

       debug_tunnel=00000010.

       debug_netlink=00000000.

       debug_xform=00000000.

       debug_eroute=00000000.

       debug_spi=00000000.

       debug_radij=00000000.

       debug_esp=00000000.

       debug_ah=00000000.

       debug_rcv=00000000.

       debug_pfkey=ffffffff.

       means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has been set and everything else is not set.

FILES

       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
       ipsec_pf_key(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source] 						    10/06/2010						       IPSEC_KLIPSDEBUG(5)
Man Page