ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl
ClosedPublic
Actions

Authored by kib on Jul 19 2024, 7:19 PM.

Details

Reviewers

kp
np

Commits

rG9a7096ff547d: ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl
rG6023bd1d52b6: netipsec: move declaration of the sysctl net.inet{,6}.ipsec nodes to header
rGeb0fdc77533d: netinet/ipsec.h: remove unneeded "extern"s

Summary

Also in the diff (separate commits):

netipsec: move declaration of the sysctl net.inet{,6}.ipsec nodes to header
netinet/ipsec.h: remove unneeded "extern"s

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kib created this revision.Jul 19 2024, 7:19 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptJul 19 2024, 7:19 PM

kib requested review of this revision.Jul 19 2024, 7:19 PM

Does ipsec offload need a debug knob of its own? Can't we use any of the existing stuff for debug (from netipsec/ipsec.h):

#define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0)
/* for openbsd compatibility */
#ifdef IPSEC_DEBUG
#define IPSEC_DEBUG_DECLARE(x) x
#define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0)
#else
#define IPSEC_DEBUG_DECLARE(x)
#define DPRINTF(x)
#endif

In D46045#1049663, @np wrote:

Does ipsec offload need a debug knob of its own? Can't we use any of the existing stuff for debug (from netipsec/ipsec.h):

#define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0)
/* for openbsd compatibility */
#ifdef IPSEC_DEBUG
#define IPSEC_DEBUG_DECLARE(x) x
#define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0)
#else
#define IPSEC_DEBUG_DECLARE(x)
#define DPRINTF(x)
#endif

I would say yes. I remember trying to use existing debug, but it did not mixed well: it was too verbose in parts we do not needed.

In D46045#1049664, @kib wrote:

In D46045#1049663, @np wrote:

Does ipsec offload need a debug knob of its own? Can't we use any of the existing stuff for debug (from netipsec/ipsec.h):

#define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0)
/* for openbsd compatibility */
#ifdef IPSEC_DEBUG
#define IPSEC_DEBUG_DECLARE(x) x
#define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0)
#else
#define IPSEC_DEBUG_DECLARE(x)
#define DPRINTF(x)
#endif

I would say yes. I remember trying to use existing debug, but it did not mixed well: it was too verbose in parts we do not needed.

There are also some macros in key_debug.h (for keys only) that accept a bitmap of stuff to debug. It would have been nice if ipseclog() was also written this way and then we could control its run-time verbosity and also just have added a bit for ipsec-offload debug. But oh well. I'm okay with whatever you and kp agree on.

#ifdef IPSEC_DEBUG
#define KEYDBG(lev, arg) \

     if ((V_key_debug_level & (KEYDEBUG_ ## lev)) == (KEYDEBUG_ ## lev)) { \
	     arg;		\
     }

#else
#define KEYDBG(lev, arg)
#endif /* !IPSEC_DEBUG */

In D46045#1049665, @np wrote:

There are also some macros in key_debug.h (for keys only) that accept a bitmap of stuff to debug. It would have been nice if ipseclog() was also written this way and then we could control its run-time verbosity and also just have added a bit for ipsec-offload debug. But oh well. I'm okay with whatever you and kp agree on.

This should be a dedicated task to unify all logging/debugging in ipsec. Might be we would do it in some future, right now I am not capable.

LGTM

This revision is now accepted and ready to land.Jul 20 2024, 9:39 PM

Closed by commit rGeb0fdc77533d: netinet/ipsec.h: remove unneeded "extern"s (authored by kib). · Explain WhyJul 21 2024, 8:54 AM

This revision was automatically updated to reflect the committed changes.

kib added a commit: rGeb0fdc77533d: netinet/ipsec.h: remove unneeded "extern"s.

kib added a commit: rG6023bd1d52b6: netipsec: move declaration of the sysctl net.inet{,6}.ipsec nodes to header.

kib added a commit: rG9a7096ff547d: ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl.