[Swan-commit] Changes to ref refs/heads/main

Thu Jan 18 02:52:26 EET 2024

New commits:
commit ec028da78d9cbcfd004d009a02fc82ecbe7a5a14
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Wed Jan 17 19:42:43 2024 -0500

    pluto: tweak logging and ipsec traffic for HW offload
    
    Don't log/whack:
    
    "test" #1: initiator established IKE SA; authenticated peer using authby=secret and ID_IPV4_ADDR '10.0.1.1'
    "test" #2: kernel_xfrm_policy_add() adding offload via interface ens8191f0np0 for IPsec policy, type: Packet
    "test" #2: kernel_xfrm_policy_add() adding offload via interface ens8191f0np0 for IPsec policy, type: Packet
    "test" #2: initiator established Child SA using #1; IPsec transport [10.0.1.2/32===10.0.1.1/32] {ESP/ESN=>0xd58a3176 <0x13602000 xfrm=AES_GCM_16_128-NONE DPD=passive}
    
    Instead:
    
    "test" #5: initiator established IKE SA; authenticated peer using authby=secret and ID_IPV4_ADDR '10.0.1.1'
    "test" #6: initiator established Child SA using #5; IPsec transport [10.0.1.2/32===10.0.1.1/32] {ESP/ESN=>0xe93b3bb9 <0xc212f708 xfrm=AES_GCM_16_128-NONE esp-hw-offload=packet DPD=passive}
    
    Also show this in trafficstatus:
    
    Since the new output appears as part of the ESP string before the
    existing comma, this shouldn't break people parsing this output.
    
    We don't yet remember the crypto in a state variable, so unfortunately
    this uses c->iface->nic_offload with c->config->nic_offload to determine
    crypto state. This should really get moved to somewhere in struct state.
    
    No output changes when no esp-hw-offload= offload is used.
    
    The kernel_xfrm_policy_add() log lines were changed to debug lines.
    
    (side note: ipsec_doi.c is badly named and its code should move elsewhere)