Re: git: 9a7096ff547d - main - ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl
Date: Sun, 21 Jul 2024 09:46:24 UTC
Thanks! > On 21 Jul 2024, at 10:53, Konstantin Belousov <kib@freebsd.org> wrote: > > The branch main has been updated by kib: > > URL: https://cgit.FreeBSD.org/src/commit/?id=9a7096ff547de2b5a09c5a4683853568e08c2f8a > > commit 9a7096ff547de2b5a09c5a4683853568e08c2f8a > Author: Konstantin Belousov <kib@FreeBSD.org> > AuthorDate: 2024-07-19 19:15:35 +0000 > Commit: Konstantin Belousov <kib@FreeBSD.org> > CommitDate: 2024-07-21 08:53:19 +0000 > > ipsec_offload: hide SA/SP offload lifecycle prints under verbose sysctl > > Reported and reviewed by: kp > Discussed with: np > Sponsored by: NVIDIA networking > Differential revision: https://reviews.freebsd.org/D46045 > --- > sys/netipsec/ipsec_offload.c | 58 +++++++++++++++++++++++++++++++------------- > 1 file changed, 41 insertions(+), 17 deletions(-) > > diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c > index 48082830b88b..8ccae7a94f2a 100644 > --- a/sys/netipsec/ipsec_offload.c > +++ b/sys/netipsec/ipsec_offload.c > @@ -35,9 +35,12 @@ > #include <sys/pctrie.h> > #include <sys/proc.h> > #include <sys/socket.h> > +#include <sys/sysctl.h> > #include <sys/protosw.h> > #include <sys/taskqueue.h> > > +#include <machine/stdarg.h> > + > #include <net/if.h> > #include <net/if_var.h> > #include <net/vnet.h> > @@ -190,6 +193,27 @@ ipsec_accel_fini(void *arg) > SYSUNINIT(ipsec_accel_fini, SI_SUB_VNET_DONE, SI_ORDER_ANY, > ipsec_accel_fini, NULL); > > +SYSCTL_NODE(_net_inet_ipsec, OID_AUTO, offload, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, > + ""); > + > +static bool ipsec_offload_verbose = false; > +SYSCTL_BOOL(_net_inet_ipsec_offload, OID_AUTO, verbose, CTLFLAG_RW, > + &ipsec_offload_verbose, 0, > + "Verbose SA/SP offload install and deinstall"); > + > +static void > +dprintf(const char *fmt, ...) > +{ > + va_list ap; > + > + if (!ipsec_offload_verbose) > + return; > + > + va_start(ap, fmt); > + vprintf(fmt, ap); > + va_end(ap); > +} > + > static void > ipsec_accel_alloc_forget_tq(struct secasvar *sav) > { > @@ -209,7 +233,7 @@ ipsec_accel_sa_install_match(if_t ifp, void *arg) > if ((ifp->if_capenable2 & IFCAP2_BIT(IFCAP2_IPSEC_OFFLOAD)) == 0) > return (false); > if (ifp->if_ipsec_accel_m->if_sa_newkey == NULL) { > - printf("driver bug ifp %s if_sa_newkey NULL\n", > + dprintf("driver bug ifp %s if_sa_newkey NULL\n", > if_name(ifp)); > return (false); > } > @@ -226,7 +250,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) > > tq = arg; > > - printf("ipsec_accel_sa_newkey_act: ifp %s h %p spi %#x " > + dprintf("ipsec_accel_sa_newkey_act: ifp %s h %p spi %#x " > "flags %#x seq %d\n", > if_name(ifp), ifp->if_ipsec_accel_m->if_sa_newkey, > be32toh(tq->sav->spi), tq->sav->flags, tq->sav->seq); > @@ -240,7 +264,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) > } > if (drv_spi == -1) { > /* XXXKIB */ > - printf("ipsec_accel_sa_install_newkey: cannot alloc " > + dprintf("ipsec_accel_sa_install_newkey: cannot alloc " > "drv_spi if %s spi %#x\n", if_name(ifp), > be32toh(tq->sav->spi)); > return (ENOMEM); > @@ -249,14 +273,14 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) > drv_spi, &priv); > if (error != 0) { > if (error == EOPNOTSUPP) { > - printf("ipsec_accel_sa_newkey: driver " > + dprintf("ipsec_accel_sa_newkey: driver " > "refused sa if %s spi %#x\n", > if_name(ifp), be32toh(tq->sav->spi)); > error = ipsec_accel_handle_sav(tq->sav, > ifp, drv_spi, priv, IFP_HS_REJECTED, NULL); > /* XXXKIB */ > } else { > - printf("ipsec_accel_sa_newkey: driver " > + dprintf("ipsec_accel_sa_newkey: driver " > "error %d if %s spi %#x\n", > error, if_name(ifp), be32toh(tq->sav->spi)); > /* XXXKIB */ > @@ -266,7 +290,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) > drv_spi, priv, IFP_HS_HANDLED, NULL); > if (error != 0) { > /* XXXKIB */ > - printf("ipsec_accel_sa_newkey: handle_sav " > + dprintf("ipsec_accel_sa_newkey: handle_sav " > "err %d if %s spi %#x\n", error, > if_name(ifp), be32toh(tq->sav->spi)); > } > @@ -324,13 +348,13 @@ ipsec_accel_sa_newkey_impl(struct secasvar *sav) > SADB_KEY_ACCEL_DEINST)) != 0) > return; > > - printf( > + dprintf( > "ipsec_accel_sa_install_newkey: spi %#x flags %#x seq %d\n", > be32toh(sav->spi), sav->flags, sav->seq); > > tq = malloc(sizeof(*tq), M_TEMP, M_NOWAIT); > if (tq == NULL) { > - printf("ipsec_accel_sa_install_newkey: no memory for tq, " > + dprintf("ipsec_accel_sa_install_newkey: no memory for tq, " > "spi %#x\n", be32toh(sav->spi)); > /* XXXKIB */ > return; > @@ -403,7 +427,7 @@ ipsec_accel_forget_handle_sav(struct ifp_handle_sav *i, bool freesav) > sav = i->sav; > if ((i->flags & (IFP_HS_HANDLED | IFP_HS_REJECTED)) == > IFP_HS_HANDLED) { > - printf("sa deinstall %s %p spi %#x ifl %#x\n", > + dprintf("sa deinstall %s %p spi %#x ifl %#x\n", > if_name(ifp), sav, be32toh(sav->spi), i->flags); > ifp->if_ipsec_accel_m->if_sa_deinstall(ifp, > i->drv_spi, i->ifdata); > @@ -597,18 +621,18 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg) > > sp = arg; > inp = sp->ipsec_accel_add_sp_inp; > - printf("ipsec_accel_spdadd_cb: ifp %s m %p sp %p inp %p\n", > + dprintf("ipsec_accel_spdadd_cb: ifp %s m %p sp %p inp %p\n", > if_name(ifp), ifp->if_ipsec_accel_m->if_spdadd, sp, inp); > error = ipsec_accel_remember_sp(sp, ifp, &i); > if (error != 0) { > - printf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n", > + dprintf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n", > if_name(ifp), sp, error); > return (error); > } > error = ifp->if_ipsec_accel_m->if_spdadd(ifp, sp, inp, &i->ifdata); > if (error != 0) { > i->flags |= IFP_HP_REJECTED; > - printf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n", > + dprintf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n", > if_name(ifp), sp, error); > } > return (error); > @@ -676,11 +700,11 @@ ipsec_accel_spddel_act(void *arg, int pending) > NET_EPOCH_WAIT(); > if ((i->flags & (IFP_HP_HANDLED | IFP_HP_REJECTED)) == > IFP_HP_HANDLED) { > - printf("spd deinstall %s %p\n", if_name(i->ifp), sp); > + dprintf("spd deinstall %s %p\n", if_name(i->ifp), sp); > error = i->ifp->if_ipsec_accel_m->if_spddel(i->ifp, > sp, i->ifdata); > if (error != 0) { > - printf( > + dprintf( > "ipsec_accel_spddel: %s if_spddel %p res %d\n", > if_name(i->ifp), sp, error); > } > @@ -741,12 +765,12 @@ ipsec_accel_on_ifdown_sp(struct ifnet *ifp) > NET_EPOCH_WAIT(); > if ((i->flags & (IFP_HP_HANDLED | IFP_HP_REJECTED)) == > IFP_HP_HANDLED) { > - printf("spd deinstall %s %p\n", if_name(ifp), sp); > + dprintf("spd deinstall %s %p\n", if_name(ifp), sp); > error = ifp->if_ipsec_accel_m->if_spddel(ifp, > sp, i->ifdata); > } > if (error != 0) { > - printf( > + dprintf( > "ipsec_accel_on_ifdown_sp: %s if_spddel %p res %d\n", > if_name(ifp), sp, error); > } > @@ -894,7 +918,7 @@ ipsec_accel_input(struct mbuf *m, int offset, int proto) > > if (tag->drv_spi < IPSEC_ACCEL_DRV_SPI_MIN || > tag->drv_spi > IPSEC_ACCEL_DRV_SPI_MAX) { > - printf("if %s mbuf %p drv_spi %d invalid, packet dropped\n", > + dprintf("if %s mbuf %p drv_spi %d invalid, packet dropped\n", > (m->m_flags & M_PKTHDR) != 0 ? if_name(m->m_pkthdr.rcvif) : > "<unknwn>", m, tag->drv_spi); > m_freem(m); >