[Swan-dev] debug-logging
Andrew Cagney
andrew.cagney at gmail.com
Wed Nov 21 15:22:18 UTC 2018
On Wed, 21 Nov 2018 at 00:54, Paul Wouters <paul at nohats.ca> wrote:
>
> On Tue, 20 Nov 2018, Andrew Cagney wrote:
>
> > While it works it heads for an interface explosion as we'll want at least:
> > dbg_crypt()
> > dbg_more()
> > So instead I'll repurpose DBGF() to be the more terse:
> > DBGF(CRYPT, format, ...)
> > DBGF(MORE, format, ...)
> > where both wrap a single dbgf(lset_t, format, ...) function.
>
>
> Less wrappers please? I'd prefer not to end up with 20 logging functions
> all wrapped onto 2 actually used logging functions?
I'll wrap DBG_log() instead.
> I thought we realised we have very few categories:
>
> 1) interactive log (eg to whack socket + system log)
two cases:
- whack only logging such as status queries
- whack+system logging
> 2) non-interactive log (only to system log)
> 3) regular debug log (eg what used to be debug-all)
> 4) private debug log (anything containing private key material or passwords)
two cases:
- the private logging (for some compliance stuff)
I was going to leave that as dbgf(private, ...)
- debug logging of crypto which, in all likelyhood leaks stuff, but
not intentionally
> 5) excessive log (really internal/developer-only should not be used normally logs)
- 'more' debug logging
> I dont mind if these 5 map to some others for simplicity, but so far I
> am seeing just more wrappers and functions, instead of less.
First we completely forgot to discuss eliminating cur_state,
cur_connection, and cur_port. Presumably with log_state() et.al.?
Anyway, for debugging for the most part, dbg() is sufficient. For
instance, this common case:
DBG(DBG_CONTROL, DBG_log(....));
can be replaced by:
dbg(...);
but I'm not about to rush out and change that everywhere - let it
happen organically.
(I also wish it was upper case but that's a lost cause).
However, this single function falls short in two ways:
- the raw DBG_*() functions such as DBG_dump() need to be 'wrapped'
in if-crypto and/or if-more et.al.. Current code solves this using:
#1 DBG_cond_dump()
#2 DBG(DBG_CONTROL, DBG_dump());
#3 if (DBGP(DBG_CRYPTO)) DBG_dump();
My only plan here is to replace the very few case of #1 with #3 (it
doesn't suffer from #2s parsing problems). I see no benefit in adding
DBG_crypt_dump() et.al.
- the output is long winded and/or complicated and better constructed
by accumulating it into a buffer - the most extreme example has to be
the snprintf() in fmt_common_shell_out() - this is where the lower
level lswlog*buf helps. All the above, are wrappers to this.
> Note that I think these are the 5 kinds of logging, of which 3 are debug
> logging.
>
> There is still the issue of "very minimal logging" for very busy
> servers, which could be defined with a new keyword and only log
> messages of type ERROR.
>
> Paul
More information about the Swan-dev
mailing list