It then dumps the resulting query in a human readable form.
With the --udp option, it opens a UDP port, and dumps policy on each packet received on that port using the IP_IPSEC_RECVREF socket option.
The --maxpacket option causes the program to exit after processing that many packets. This can be used in test cases.
This is a test program. One might run it from inetd, via:
discard stream tcp nowait nobody /usr/local/libexec/ipsec/showpolicy showpolicy
One could also run it from the command line via:
ipsec showpolicy --udp 9 --sockpolicy --maxpacket 2
ipsec(8), ipsec_policy_query(3), ipsec_pluto(8)
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Michael Richardson