[Swan-dev] debug-logging
Andrew Cagney
andrew.cagney at gmail.com
Thu Nov 15 15:58:00 UTC 2018
To move this discussion along a little, I added the function(1):
void dbg(const char *fmt, ...) PRINTF_LIKE(1);
and tried using it in "ikev2_tc.c" vis:
dbg(" connection \"%s\" does not match IDs or CA of current
connection \"%s\"",
d->name, c->name);
my idea is to next add:
dbg_crypt()
and then dump DBGF().
Andrew
(1) the name is short; coding style dogma has lower case functions,
and upper case macros (the latter has to scream danger!), DBG() was
taken and I don't see this as a performance issue
On Wed, 17 Oct 2018 at 11:04, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> These are my fuzzy notes from a group discussion from last week about
> debug-logging - that is dumping stuff we'd like to see when chasing a
> bug
>
> - '--debug all' current debug-log functions are controlled by debug
> bits, for instance a debug-log line, using the current simplest
> interface, looks like:
> DBGF(DBG_XAUTH|DBG_KERNEL,
> "this is debug-logged when either %s or %s is enabled",
> "XAUTH", "kernel");
> Unfortunately, over time, this model has broken down. Instead
> debuglog=all has proven to be the only workable option. Consequently,
> the flags should be dropped and the simplest interface further reduced
> to just:
> DBGF("this is debug-logged when %s is enabled", "any debugging");
> (name is subject to ongoing discussion). The obvious follow-on (not
> yet discussed) is that --debug all will need a re-name, --debug info
> --debug flow --debug default
>
> - '--debug private' - which is for end users and intentionally exposes
> security information - is really a system-log parameter so should be
> kicked out of --debug and moved somewhere else (presumably some other
> option)
>
> - '--debug crypt' - which unintentionally exposes security information
> and lots off it - should be retained and shouldn't be the default
> presumably, debug-log messages such as 'computing DH' don't fall
> under 'crypt', but the actual calculations do
>
> - '--debug too-much-information' - sometimes too much irrelevant
> debug-log information is generated. For instance, the hash table code
> debug-logs all transitions in great detail - something not useful
> except when debugging the hash table subsystem. Rather then remove
> that code, a finer-grained logging interface is also needed (and not
> enabled by default). For instance:
> DBG_FINE("this will probably never be debug-logged");
> (name is subject to ongoing discussion)
>
> my comments:
>
> - I subscribe to the dogma that all macros should be upper case
>
> - unless we're pretty aggressive over what gets moved to 'fine', I
> suspect we'll end up needing a way to debug-log less than the default
> set or adding more fine-grained bits similar to 'crypt'
> for instance, the raw contents of every packet gets dumped on the
> way in; should it?
>
> - code generating a single log line such as:
> DBG(DBG_KERNEL|DBG_XAUTH, DBG_log("...", ...));
> and can be reduced to:
> DBGF("...", ...);
>
> Andrew
More information about the Swan-dev
mailing list