[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Thu Jan 18 02:52:26 EET 2024
New commits:
commit ec028da78d9cbcfd004d009a02fc82ecbe7a5a14
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Wed Jan 17 19:42:43 2024 -0500
pluto: tweak logging and ipsec traffic for HW offload
Don't log/whack:
"test" #1: initiator established IKE SA; authenticated peer using authby=secret and ID_IPV4_ADDR '10.0.1.1'
"test" #2: kernel_xfrm_policy_add() adding offload via interface ens8191f0np0 for IPsec policy, type: Packet
"test" #2: kernel_xfrm_policy_add() adding offload via interface ens8191f0np0 for IPsec policy, type: Packet
"test" #2: initiator established Child SA using #1; IPsec transport [10.0.1.2/32===10.0.1.1/32] {ESP/ESN=>0xd58a3176 <0x13602000 xfrm=AES_GCM_16_128-NONE DPD=passive}
Instead:
"test" #5: initiator established IKE SA; authenticated peer using authby=secret and ID_IPV4_ADDR '10.0.1.1'
"test" #6: initiator established Child SA using #5; IPsec transport [10.0.1.2/32===10.0.1.1/32] {ESP/ESN=>0xe93b3bb9 <0xc212f708 xfrm=AES_GCM_16_128-NONE esp-hw-offload=packet DPD=passive}
Also show this in trafficstatus:
Since the new output appears as part of the ESP string before the
existing comma, this shouldn't break people parsing this output.
We don't yet remember the crypto in a state variable, so unfortunately
this uses c->iface->nic_offload with c->config->nic_offload to determine
crypto state. This should really get moved to somewhere in struct state.
No output changes when no esp-hw-offload= offload is used.
The kernel_xfrm_policy_add() log lines were changed to debug lines.
(side note: ipsec_doi.c is badly named and its code should move elsewhere)
More information about the Swan-commit
mailing list