[Swan] Truncated log output

Sat Nov 3 12:55:51 UTC 2018

On Sat, Nov 3, 2018 at 1:51 PM Paul Wouters <paul at nohats.ca> wrote:
>
> On Sat, 3 Nov 2018, Ondrej Moris wrote:
>
> > Hi, I noticed that output in logs is sometimes truncated when it is
> > too long. For instance I have the following configuration:
>
> > When connection is initiated, IKE proposal is printed but truncated:
>
> > Is there a way how to disable truncating? Or possibly how to increase
> > its limits? Or is there any other way to get IKE proposal? I want to
> > check that proposal contains exactly what is configured.
>
> Unfortunately not. It is truncating because it is hitting the max buffer
> for a log message.
>
> Although you can see the loaded proposals with ipsec status.

Unfortunately it is truncated too:

# ipsec auto --status
...
000 "test":   IKE algorithms: AES_GCM_16_256-HMAC_SHA2_512-DH19,
AES_GCM_16_256-HMAC_SHA2_256-DH19, AES_CBC_256-HMAC_SHA2_512-DH19,
AES_CBC_256-HMAC_SHA2_256-DH19, AES_CBC_256-HMAC_SHA1-DH19,
AES_GCM_16_128-HMAC_SHA2_512-DH19, AES_GCM_16_128-HMAC_SHA2_256-DH19,
AES_CBC_128-HMAC_SHA2_256-DH19, AES_CBC_128-HMAC_SHA1-DH19,
AES_GCM_16_256-HMAC_SHA2_512-DH20, AES_GCM_16_256-HMAC_SHA2_256-DH20,
AES_CBC_256-HMAC_SHA2_512-DH20, AES_CBC_256-HMAC_SHA2_256-DH20,
AES_CBC_256-HMAC_SHA1-DH20, AES_GCM_16_128-HMAC_SHA2_512-DH20,
AES_GCM_16_128-HMAC_SHA2_256-DH20, AES_CBC_128-HMAC_SHA2_256-DH20,
AES_CBC_128-HMAC_SHA1-DH20, AES_GCM_16_256-HMAC_SHA2_512-DH21,
AES_GCM_16_256-HMAC_SHA2_256-DH21, AES_CBC_256-HMAC_SHA2_512-DH21,
AES_CBC_256-HMAC_SHA2_256-DH21, AES_CBC_256-HMAC_SHA1-DH21,
AES_GCM_16_128-HMAC_SHA2_512-DH21, AES_GCM_16_128-HMAC_SHA2_256-DH21,
AES_CBC_128-HMAC_SHA2_256-DH21, AES_CBC_128-HMAC_SHA1-DH21,
AES_GCM_16_256-HMAC_SHA2_512-MODP2048,
AES_GCM_16_256-HMAC_SHA2_256-MODP2048,
AES_CBC_256-HMAC_SHA2_512-MODP2048,...

(30 algs reported, 63 expected)

But yes, I understand your motivation for buffer limit, it makes sense
to me. Thanks anyway Paul.