From nobody Sun Jul 21 08:53:46 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WRcdk5SQwz5R50N; Sun, 21 Jul 2024 08:53:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WRcdk4gF8z4nXp; Sun, 21 Jul 2024 08:53:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1721552026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wTMc5kByKm8nz6JeVjYpKcbK1dtjFAteOFWRTOH/g4c=; b=NroHZ1bC9wcHkk2LnIQ0olYgG12cUmTZ14o/O4pUT10GAwwZ7+sBjYw9ytBB7qcCF3ptK2 bPFYYkTkM4N5nNHbWbUb1YxCHRLuhQ/cHYtrSoDpYaTMpgaXnkcLfYSrBOOU5Q7cEQTFS3 qxPEjBJYNKQc1Z+/u3hH5MzgTFezsHfavQvCDRBrqaBXoOD+7FDkT+oUUAKgm6sqOvTYFU NTgq0+8pqO5vhCcXJSLjDKWCfYoBpbBEft91bQKyXBkM53zN36ur/PkxG+Po9vCduVzcGn OJJFdX28Cy6y+zGRJUhPObH2G70NcFoZoZyeoXt96/dEM6LOAOlFPgcpgCjuXA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1721552026; a=rsa-sha256; cv=none; b=OSj0twtVjCQCvZglzAyjPRuN72eKz4+Av/0V4dNVVLU7kMGfuKGKIXboof2O/lzcMLVcIG YU9k1nBI6Lt7Enf3ESr4Xnj+NYS4jorTB+I/Hr03Ogwjt46uXmdFNmbWIndNC9ikMeE90Z 719g8ECrtJY8PSFAI5LA0rzX6aaEc6FXM+hnsmeDDDsFYk9NT4ANWyxvc00kkVJIXzI49a ommdQCbfMfsxvTk+/ne+XZtCdCQfWx43QVRsXIOWhESWSmXfn5xmtB2LLrAOLlFhCKQia+ VRoJLxtsqpniHlsmRWYYJKfdRhTJDwOIBgK3xoFsb4RZxQPAAL90WID1fAp0jA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1721552026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wTMc5kByKm8nz6JeVjYpKcbK1dtjFAteOFWRTOH/g4c=; b=Tx/aLXxa9X3//B/ZixP6wYl+E7W9Y95B8nGvWlE4bnChqO4PTTE4a6+JwkOyIabHfXM0lB cbj0Id8SoCJIAkeHIvAvXMXhmtbzEJOhS5u4geMHsbkUwIAe7l3qeJ1ryaxAMRaCSv/ZTF JVXsIgWNckHcAUgFdShPXnW+VX8giT7w886fvl2CzNgzytAo8HA7EHDZ6FFECJjiNSDIU5 30u7tGzDgEEa6j6qF0VQs6C7Et626cYPl2wri9rg5prigeZU/GCyrQ0LBTgVNgwHragmVL F4CW77LQ6rUbo6gGIQGCrE2Zz3sjEllq/EGTfra5TcBXUYB0fKJBh9//qkGWpQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WRcdk4FT7zswT; Sun, 21 Jul 2024 08:53:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46L8rkRd075105; Sun, 21 Jul 2024 08:53:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46L8rkoh075102; Sun, 21 Jul 2024 08:53:46 GMT (envelope-from git) Date: Sun, 21 Jul 2024 08:53:46 GMT Message-Id: <202407210853.46L8rkoh075102@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 9a7096ff547d - main - ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9a7096ff547de2b5a09c5a4683853568e08c2f8a Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=9a7096ff547de2b5a09c5a4683853568e08c2f8a commit 9a7096ff547de2b5a09c5a4683853568e08c2f8a Author: Konstantin Belousov AuthorDate: 2024-07-19 19:15:35 +0000 Commit: Konstantin Belousov CommitDate: 2024-07-21 08:53:19 +0000 ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl Reported and reviewed by: kp Discussed with: np Sponsored by: NVIDIA networking Differential revision: https://reviews.freebsd.org/D46045 --- sys/netipsec/ipsec_offload.c | 58 +++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c index 48082830b88b..8ccae7a94f2a 100644 --- a/sys/netipsec/ipsec_offload.c +++ b/sys/netipsec/ipsec_offload.c @@ -35,9 +35,12 @@ #include #include #include +#include #include #include +#include + #include #include #include @@ -190,6 +193,27 @@ ipsec_accel_fini(void *arg) SYSUNINIT(ipsec_accel_fini, SI_SUB_VNET_DONE, SI_ORDER_ANY, ipsec_accel_fini, NULL); +SYSCTL_NODE(_net_inet_ipsec, OID_AUTO, offload, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, + ""); + +static bool ipsec_offload_verbose = false; +SYSCTL_BOOL(_net_inet_ipsec_offload, OID_AUTO, verbose, CTLFLAG_RW, + &ipsec_offload_verbose, 0, + "Verbose SA/SP offload install and deinstall"); + +static void +dprintf(const char *fmt, ...) +{ + va_list ap; + + if (!ipsec_offload_verbose) + return; + + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); +} + static void ipsec_accel_alloc_forget_tq(struct secasvar *sav) { @@ -209,7 +233,7 @@ ipsec_accel_sa_install_match(if_t ifp, void *arg) if ((ifp->if_capenable2 & IFCAP2_BIT(IFCAP2_IPSEC_OFFLOAD)) == 0) return (false); if (ifp->if_ipsec_accel_m->if_sa_newkey == NULL) { - printf("driver bug ifp %s if_sa_newkey NULL\n", + dprintf("driver bug ifp %s if_sa_newkey NULL\n", if_name(ifp)); return (false); } @@ -226,7 +250,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) tq = arg; - printf("ipsec_accel_sa_newkey_act: ifp %s h %p spi %#x " + dprintf("ipsec_accel_sa_newkey_act: ifp %s h %p spi %#x " "flags %#x seq %d\n", if_name(ifp), ifp->if_ipsec_accel_m->if_sa_newkey, be32toh(tq->sav->spi), tq->sav->flags, tq->sav->seq); @@ -240,7 +264,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) } if (drv_spi == -1) { /* XXXKIB */ - printf("ipsec_accel_sa_install_newkey: cannot alloc " + dprintf("ipsec_accel_sa_install_newkey: cannot alloc " "drv_spi if %s spi %#x\n", if_name(ifp), be32toh(tq->sav->spi)); return (ENOMEM); @@ -249,14 +273,14 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) drv_spi, &priv); if (error != 0) { if (error == EOPNOTSUPP) { - printf("ipsec_accel_sa_newkey: driver " + dprintf("ipsec_accel_sa_newkey: driver " "refused sa if %s spi %#x\n", if_name(ifp), be32toh(tq->sav->spi)); error = ipsec_accel_handle_sav(tq->sav, ifp, drv_spi, priv, IFP_HS_REJECTED, NULL); /* XXXKIB */ } else { - printf("ipsec_accel_sa_newkey: driver " + dprintf("ipsec_accel_sa_newkey: driver " "error %d if %s spi %#x\n", error, if_name(ifp), be32toh(tq->sav->spi)); /* XXXKIB */ @@ -266,7 +290,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) drv_spi, priv, IFP_HS_HANDLED, NULL); if (error != 0) { /* XXXKIB */ - printf("ipsec_accel_sa_newkey: handle_sav " + dprintf("ipsec_accel_sa_newkey: handle_sav " "err %d if %s spi %#x\n", error, if_name(ifp), be32toh(tq->sav->spi)); } @@ -324,13 +348,13 @@ ipsec_accel_sa_newkey_impl(struct secasvar *sav) SADB_KEY_ACCEL_DEINST)) != 0) return; - printf( + dprintf( "ipsec_accel_sa_install_newkey: spi %#x flags %#x seq %d\n", be32toh(sav->spi), sav->flags, sav->seq); tq = malloc(sizeof(*tq), M_TEMP, M_NOWAIT); if (tq == NULL) { - printf("ipsec_accel_sa_install_newkey: no memory for tq, " + dprintf("ipsec_accel_sa_install_newkey: no memory for tq, " "spi %#x\n", be32toh(sav->spi)); /* XXXKIB */ return; @@ -403,7 +427,7 @@ ipsec_accel_forget_handle_sav(struct ifp_handle_sav *i, bool freesav) sav = i->sav; if ((i->flags & (IFP_HS_HANDLED | IFP_HS_REJECTED)) == IFP_HS_HANDLED) { - printf("sa deinstall %s %p spi %#x ifl %#x\n", + dprintf("sa deinstall %s %p spi %#x ifl %#x\n", if_name(ifp), sav, be32toh(sav->spi), i->flags); ifp->if_ipsec_accel_m->if_sa_deinstall(ifp, i->drv_spi, i->ifdata); @@ -597,18 +621,18 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg) sp = arg; inp = sp->ipsec_accel_add_sp_inp; - printf("ipsec_accel_spdadd_cb: ifp %s m %p sp %p inp %p\n", + dprintf("ipsec_accel_spdadd_cb: ifp %s m %p sp %p inp %p\n", if_name(ifp), ifp->if_ipsec_accel_m->if_spdadd, sp, inp); error = ipsec_accel_remember_sp(sp, ifp, &i); if (error != 0) { - printf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n", + dprintf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n", if_name(ifp), sp, error); return (error); } error = ifp->if_ipsec_accel_m->if_spdadd(ifp, sp, inp, &i->ifdata); if (error != 0) { i->flags |= IFP_HP_REJECTED; - printf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n", + dprintf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n", if_name(ifp), sp, error); } return (error); @@ -676,11 +700,11 @@ ipsec_accel_spddel_act(void *arg, int pending) NET_EPOCH_WAIT(); if ((i->flags & (IFP_HP_HANDLED | IFP_HP_REJECTED)) == IFP_HP_HANDLED) { - printf("spd deinstall %s %p\n", if_name(i->ifp), sp); + dprintf("spd deinstall %s %p\n", if_name(i->ifp), sp); error = i->ifp->if_ipsec_accel_m->if_spddel(i->ifp, sp, i->ifdata); if (error != 0) { - printf( + dprintf( "ipsec_accel_spddel: %s if_spddel %p res %d\n", if_name(i->ifp), sp, error); } @@ -741,12 +765,12 @@ ipsec_accel_on_ifdown_sp(struct ifnet *ifp) NET_EPOCH_WAIT(); if ((i->flags & (IFP_HP_HANDLED | IFP_HP_REJECTED)) == IFP_HP_HANDLED) { - printf("spd deinstall %s %p\n", if_name(ifp), sp); + dprintf("spd deinstall %s %p\n", if_name(ifp), sp); error = ifp->if_ipsec_accel_m->if_spddel(ifp, sp, i->ifdata); } if (error != 0) { - printf( + dprintf( "ipsec_accel_on_ifdown_sp: %s if_spddel %p res %d\n", if_name(ifp), sp, error); } @@ -894,7 +918,7 @@ ipsec_accel_input(struct mbuf *m, int offset, int proto) if (tag->drv_spi < IPSEC_ACCEL_DRV_SPI_MIN || tag->drv_spi > IPSEC_ACCEL_DRV_SPI_MAX) { - printf("if %s mbuf %p drv_spi %d invalid, packet dropped\n", + dprintf("if %s mbuf %p drv_spi %d invalid, packet dropped\n", (m->m_flags & M_PKTHDR) != 0 ? if_name(m->m_pkthdr.rcvif) : "", m, tag->drv_spi); m_freem(m);