213361 – ipsec traffic generates esp_output logs for no apparent reason

Bug 213361 - ipsec traffic generates esp_output logs for no apparent reason

Summary: ipsec traffic generates esp_output logs for no apparent reason

Status:	Closed Not A Bug

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	11.0-STABLE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-10-10 16:42 UTC by emre
Modified:	2016-10-10 17:05 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description emre 2016-10-10 16:42:29 UTC

On a recently upgraded (10.3-RELEASE-p5 -> 11.0-RELEASE-p1) machine (amd64), I've noticed a barrage of 'esp_output: skip 20 hlen 24 ...' lines in log while there is traffic on an ipsec connection. Due to a change in sys/netipsec/xform_esp.c (DPRINTF on line 723), a log is generated with each packet in my case. This wasn't true in 10.3-p5, and it looks like perhaps that DPRINTF line shouldn't be there? Both the client and the server are FreeBSD 11-p1 machines (both just upgraded).

Comment 1 emre 2016-10-10 17:05:44 UTC

The culprit was an 'options IPSEC_DEBUG' line in one of my kernel configs. I am able to turn off the messages with 'sysctl net.inet.ipsec.debug=0' without recompiling the kernel. Please disregard it.