Log full of 'esp_output: skip 20'
Emre Gundogan
emre at gundogan.us
Tue Oct 11 18:54:35 UTC 2016
This was due to 'options IPSEC_DEBUG' line in my kernel config. I was told to silence the messages with 'sysctl net.inet.ipsec.debug=0' without having to recompile the kernel.
Regards,
Emre
>
> On a recently upgraded (10.3-RELEASE-p5 -> 11.0-RELEASE-p1) machine (amd64), I've noticed a barrage of 'esp_output: skip 20 hlen 24 ...' lines in log while there is traffic on an ipsec connection. Due to a change in sys/netipsec/xform_esp.c (DPRINTF on line 723), a log is generated with each packet in my case. This wasn't true in 10.3-p5, and it looks like perhaps that DPRINTF shouldn't be there? Both the client and the server are FreeBSD 11-p1 machines (both just upgraded). Any insight is much appreciated along with a pointer to how to turn it off (short of recompiling the kernel).
>
> Thanks a lot,
> Emre.
>
> P.S.: I am getting list digest, please cc me on your reply.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20161011/298ce1f9/attachment.sig>
More information about the freebsd-questions
mailing list