[Swan-dev] 182 "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}

Antony Antony antony at phenome.org
Wed Mar 11 16:01:29 UTC 2020

On Wed, Mar 11, 2020 at 08:12:05AM -0400, Andrew Cagney wrote:
> On Wed, 11 Mar 2020 at 01:09, Antony Antony <antony at phenome.org> wrote:
> >
> > On Tue, Mar 10, 2020 at 11:51:06AM -0400, Andrew Cagney wrote:
> > > I'd like to change this log message as follows:
> > >
> > > - change #2 (the CHILD SA) to #1 (the IKE SA)
> >
> > good idea
> >
> > > - drop "STATE_PARENT_I2: "
> >
> > It sounds like bad idea to rush this change. An identifier without spaces is
> > easy grep.
> This is an internal variable, it doesn't belong in user visible logs.
> It should be removed.

Well I can agree, what you propose feels breaking usage in the name 
"internal variable". One also see it as identifier.

BTW think what ouptput will look like when there IPsec SA with shared IKE 
SA. I wonder how output will like when initiating second connection.
Would it log IKE or Child connection.

> The text paul Proposes, namely:
>   sent IKE_AUTH request
> is more than sufficient

I disagree:) In the overall context of logs + debug IKE_AUTH is too generic 

> I pulled the first part of the change as I discovered tests running:
>    ipsec status | grep STATE_
> that's wrong at so many levels.

It is not just tests also think real use cases, and debugging them.
It feels like you are only considering simple good cases. If it all works 
output is less important. When things do not work keywords that can be found 
by grep are important.

More information about the Swan-dev mailing list