debugging packet ipsec

Function

The debugging packet ipsec command enables debugging of outgoing and incoming IPSec packets.

The undo debugging packet ipsec command disables debugging of outgoing and incoming IPSec packets.

By default, the packet IPSec debugging disables.

Format

debugging packet ipsec { ah | esp } [ verbose ] ^*

undo debugging packet ipsec { ah | esp } [ verbose ] ^*

Parameters

Parameter	Description	Value
ah	Displays debugging information for AH packets.	-
esp	Displays debugging information for ESP packets.	-
verbose	Displays debugging information in detail.	-

Parameter

Description

Value

Displays debugging information for AH packets.

esp

Displays debugging information for ESP packets.

verbose

Displays debugging information in detail.

Views

User view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
ipsec	debug

Usage Guidelines

Usage Scenario

When IP Security is applied on the application (ex: OSPFv3 or RIPng), all incoming and outgoing packets will be authenticated. Generally, this command can be used to debug the IPsec packets.

Configuration Impact

Debugging information is displayed on the screen. Do not output too much information for purposes other than debugging so that the system is not affected.

Example

# Enable debugging of IP security packets.

<HUAWEI> debugging packet ipsec esp
LDM: 
----------------------------------------------
My Cid          : 0x80782742
Peer Cid        : 0x6503F2
VS              : 0
Handle          : 3
TraceNum        : 1
Direction       : Up
Status          : 0
Interface index : 6
Link type       : ETH
Source mac      : 00 e0 48 06 81 42 
Dest mac        : 33 33 00 00 00 05 
Link protocol   : 0x86dd 
Protocol        : IPV6
Time            : 2011-10-14 13:25:32 81
----------------------------------------------
LDM: 
----------------------------------------------
My Cid          : 0x80782742
Peer Cid        : 0x806503F8
VS              : 0
Handle          : 3
TraceNum        : 8
Direction       : Down
Status          : 0
Interface index : 6
Link type       : -
Protocol        : IPV6
Time            : 2011-10-14 13:25:35 451
----------------------------------------------
LDM: 
----------------------------------------------
My Cid          : 0x80782742
Peer Cid        : 0x80273C
VS              : 0
Handle          : 3
TraceNum        : 8
Direction       : Down
Status          : 0
Interface index : 6
Link type       : ETH
Source mac      : 38 00 10 03 00 02 
Dest mac        : 33 33 00 00 00 05 
Link protocol   : 0x86dd 
Protocol        : IPV6
Time            : 2011-10-14 13:25:35 451
----------------------------------------------
SOCKET: -
----------------------------------------------
My Cid          : 0x806503f8
Peer Cid        : 0x80782742
VS              : 0
Handle          : 3
TraceNum        : 1
Direction       : Up
Status          : 0
Data            : 
----------------------------------------------
SOCKET: -
----------------------------------------------
My Cid          : 0x806503f8
Peer Cid        : 0x803f041a
VS              : 0
Handle          : 3
TraceNum        : 1
Direction       : Up
Status          : 0
Data            : 
----------------------------------------------
IPSEC:
----------------------------------------------
My Cid             : 0x803F041A
Peer Cid           : 0x806503F8
VS                 : 0
Handle             : 3
TraceNum           : 8
Direction          : Up
Status             : 0
IP Packet Version  : 6    
Source Addr        : fe8000000000000002e048fffe068142
Destination Addr   : ff020000000000000000000000000005
Packet length      : 64
Protocol           : ESP
SpiIndex           : 300
Time               : 2011-10-14 13:25:32 96
----------------------------------------------
IPSEC:
----------------------------------------------
My Cid             : 0x803F041A
Peer Cid           : 0x722714
VS                 : 0
Handle             : 3
TraceNum           : 8
Direction          : Up
Status             : 0
IP Packet Version  : 6    
Source Addr        : fe8000000000000002e048fffe068142
Destination Addr   : ff020000000000000000000000000005
Packet length      : 40
Protocol           : OSPF
Time               : 2011-10-14 13:25:32 96
----------------------------------------------
PP6:
----------------------------------------------
My Cid          : 0x80722719
Peer Cid        : 0x803F041A
VS              : 0
Handle          : 3
TraceNum        : 8
Direction       : Up
Status          : 0
BlockNo         : 0
Time            : 2011-10-14 13:25:32 96
----------------------------------------------
IPSEC:
----------------------------------------------
My Cid             : 0x803F041A
Peer Cid           : 0x806503F8
VS                 : 0
Handle             : 3
TraceNum           : 8
Direction          : Down
Status             : 0
IP Packet Version  : 6    
Source Addr        : fe800000000000003a0010fffe030002
Destination Addr   : ff020000000000000000000000000005
Packet length      : 40
Protocol           : OSPF
Time               : 2011-10-14 13:25:35 466
----------------------------------------------
IPSEC:
----------------------------------------------
My Cid             : 0x803F041A
Peer Cid           : 0x806503F8
VS                 : 0
Handle             : 3
TraceNum           : 8
Direction          : Down
Status             : 0
IP Packet Version  : 6    
Source Addr        : fe800000000000003a0010fffe030002
Destination Addr   : ff020000000000000000000000000005
Packet length      : 64
Protocol           : ESP
SpiIndex           : 300
Time               : 2011-10-14 13:25:35 466
----------------------------------------------
SOCKET: -
----------------------------------------------
My Cid          : 0x806503f8
Peer Cid        : 0x803f041a
VS              : 0
Handle          : 3
TraceNum        : 8
Direction       : Down
Status          : 0
Data            : 
----------------------------------------------
SOCKET: -
----------------------------------------------
My Cid          : 0x806503f8
Peer Cid        : 0x782737
VS              : 0
Handle          : 3
TraceNum        : 8
Direction       : Down
Status          : 0
Data            : 
----------------------------------------------

**Table 1** Description of the **debugging packet ipsec** command output
Item	Description
My Cid	Self Component ID.
Peer Cid	Peer component ID.
VS	Virtual router number.
Handle	Handle value.
TraceNum	Trace ID.
Direction	Direction of packet flow: Up: Inbound packet that are received from neighbors. Down: Outbound packet that need to be sent to neighbors.
Status	Status of the packet processing.
Interface index	Interface index.
Link type	Link type of the router LSA: Point-to-Point, TransNet, StubNet, or Virtual.
Link protocol	Protocol ID.
Source mac	Source MAC of the packet.
Source Addr	Source address of the packet.
Dest mac	Destination MAC of the packet.
Protocol	Protocol in use.
Time	Current system time.
Data	Authenticated data.
IP Packet Version	IP Packet Version, which can be IPv4 or IPv6.
Packet length	Length of the packet.
Destination Addr	Destination address of the packet.
SpiIndex	Index of SPI.
BlockNo	Number of blocked packets.