Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_barf(8) [debian man page]

IPSEC_BARF(8)							  [FIXME: manual]						     IPSEC_BARF(8)

NAME

       ipsec_barf - spew out collected IPsec debugging information

SYNOPSIS

       ipsec barf [--short --maxlines <100>]

DESCRIPTION

       Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the
       IPsec encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels)
       all information that might be relevant to diagnosing a problem in IPsec.

       The --short option limits the length of the log portion of barf's output, which can otherwise be extremely voluminous if debug logging is
       turned on.

       --maxlines <100> option sets the length of some bits of information, currently netstat -rn. Useful on boxes where the routing table is
       thousands of lines long. Default is 100.

       Barf censors its output, replacing keys and secrets with brief checksums to avoid revealing sensitive information.

       Beware that the output of both commands is aimed at humans, not programs, and the output format is subject to change without warning.

       Barf has to figure out which files in /var/log contain the IPsec log messages. It looks for KLIPS and general log messages first in
       messages and syslog, and for Pluto messages first in secure, auth.log, and debug. In both cases, if it does not find what it is looking for
       in one of those "likely" places, it will resort to a brute-force search of most (non-compressed) files in /var/log.

FILES

	   /proc/net/*
	   /var/log/*
	   /etc/ipsec.conf
	   /etc/ipsec.secrets

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.

BUGS

       Barf uses heuristics to try to pick relevant material out of the logs, and relevant messages which are not labelled with any of the tags
       that barf looks for will be lost. We think we've eliminated the last such case, but one never knows...

       Finding updown scripts (so they can be included in output) is, in general, difficult.  Barf uses a very simple heuristic that is easily
       fooled.

       The brute-force search for the right log files can get expensive on systems with a lot of clutter in /var/log.

[FIXME: source] 						   17 March 2002						     IPSEC_BARF(8)

Check Out this Related Man Page

IPSEC_KLIPSDEBUG(5)						  [FIXME: manual]					       IPSEC_KLIPSDEBUG(5)

NAME

       ipsec_klipsdebug - list KLIPS (kernel IPSEC support) debug features and level

SYNOPSIS

       ipsec klipsdebug
	     cat/proc/net/ipsec_klipsdebug

DESCRIPTION

       /proc/net/ipsec_klipsdebug lists flags that control various parts of the debugging output of KLIPS and MAST, two of the IPsec stacks
       supported by Libreswan. At this point it is a read-only file.

       A table entry consists of:

       +
	   a KLIPS debug variable

       +
	   a '=' separator for visual and automated parsing between the variable name and its current value

       +
	   hexadecimal bitmap of variable's flags.

       The variable names roughly describe the scope of the debugging variable. Currently, no flags are documented or individually accessible yet
       except tunnel-xmit.

       The variable names are:

       tunnel
	   tunnelling code

       netlink
	   userspace communication code (obsolete)

       xform
	   transform selection and manipulation code

       eroute
	   eroute table manipulation code

       spi
	   SA table manipulation code

       radij
	   radij tree manipulation code

       esp
	   encryptions transforms code

       ah
	   authentication transforms code

       rcv
	   receive code

       ipcomp
	   ip compression transforms code

       verbose
	   give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output

       All KLIPS debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages.

EXAMPLES

       debug_tunnel=00000010.

       debug_netlink=00000000.

       debug_xform=00000000.

       debug_eroute=00000000.

       debug_spi=00000000.

       debug_radij=00000000.

       debug_esp=00000000.

       debug_ah=00000000.

       debug_rcv=00000000.

       debug_pfkey=ffffffff.

       means that one tunnel flag has been set (tunnel-xmit), full pfkey sockets debugging has been set and everything else is not set.

FILES

       /proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
       ipsec_pf_key(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source] 						    10/06/2010						       IPSEC_KLIPSDEBUG(5)
Man Page