Project

General

Profile

Actions

Regression #14370

closed

Console and system log may contain unnecessary Netlink debug messages from IPsec

Added by Jim Pingle about 1 year ago. Updated 12 months ago.

Status:
Resolved
Priority:
Low
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

At boot when setting up IPsec and some event after, there is a netlink debug message that gets logged multiple times:

[nl_iface] dump_sa: unsupported family: 0, skipping

It happens during IPsec configuration:

Configuring IPsec VPN... [nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping
[nl_iface] dump_sa: unsupported family: 0, skipping

And it appears on the console at various points after that but it's not clear what triggers it after boot, might be when certain tunnels connect. It doesn't happen when polling the status, but it does happen if I force a restart of strongSwan.

The nl_iface debug level is at 7:

net.netlink.debug.nl_iface_debug_level: 7

Related issues

Related to Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshotsResolvedKristof Provost

Actions
Actions #1

Updated by Jim Pingle about 1 year ago

  • Related to Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots added
Actions #2

Updated by Jim Pingle about 1 year ago

It's worth noting that at the moment I'm only seeing this on CE snapshots and not on Plus.

Actions #3

Updated by Kristof Provost about 1 year ago

https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/126 went into plus-RELENG_23_05, not anywhere else. That might be why.

(I wanted to reduce the log spam for the release, and was/am hoping that melifaro@ will do a more thorough job of reducing log spam upstream.)

Actions #4

Updated by Kristof Provost about 1 year ago

I've proposed https://reviews.freebsd.org/D40062 upstream as a slightly more general improvement.

Actions #5

Updated by Kristof Provost about 1 year ago

  • Status changed from New to Waiting on Merge

Committed as https://cgit.freebsd.org/src/commit/?id=fa554de7746d88959738e4cb978608af8ce479c1

We'll get that with the next upstream merge.

Actions #6

Updated by Kristof Provost about 1 year ago

  • Status changed from Waiting on Merge to Feedback

I've cherry-picked the upstream change to the 2.7 branch.

Actions #7

Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100

Looks much better now. I'm no longer seeing any of the debug messages and they were very prevalent on prior builds.

Actions #8

Updated by Jim Pingle 12 months ago

  • Subject changed from Netlink debug messages from IPsec to Console and system log may contain unnecessary Netlink debug messages from IPsec

Updating subject for release notes.

Actions

Also available in: Atom PDF