Regression #14370
closed
Console and system log may contain unnecessary Netlink debug messages from IPsec
100%
Description
At boot when setting up IPsec and some event after, there is a netlink debug message that gets logged multiple times:
[nl_iface] dump_sa: unsupported family: 0, skipping
It happens during IPsec configuration:
Configuring IPsec VPN... [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping [nl_iface] dump_sa: unsupported family: 0, skipping
And it appears on the console at various points after that but it's not clear what triggers it after boot, might be when certain tunnels connect. It doesn't happen when polling the status, but it does happen if I force a restart of strongSwan.
The nl_iface debug level is at 7:
net.netlink.debug.nl_iface_debug_level: 7
Related issues
Updated by Jim Pingle 12 months ago
- Related to Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots added
Updated by Jim Pingle 12 months ago
It's worth noting that at the moment I'm only seeing this on CE snapshots and not on Plus.
Updated by Kristof Provost 12 months ago
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/126 went into plus-RELENG_23_05, not anywhere else. That might be why.
(I wanted to reduce the log spam for the release, and was/am hoping that melifaro@ will do a more thorough job of reducing log spam upstream.)
Updated by Kristof Provost 12 months ago
I've proposed https://reviews.freebsd.org/D40062 upstream as a slightly more general improvement.
Updated by Kristof Provost 12 months ago
- Status changed from New to Waiting on Merge
Committed as https://cgit.freebsd.org/src/commit/?id=fa554de7746d88959738e4cb978608af8ce479c1
We'll get that with the next upstream merge.
Updated by Kristof Provost 10 months ago
- Status changed from Waiting on Merge to Feedback
I've cherry-picked the upstream change to the 2.7 branch.
Updated by Jim Pingle 10 months ago
- Status changed from Feedback to Resolved
- % Done changed from 0 to 100
Looks much better now. I'm no longer seeing any of the debug messages and they were very prevalent on prior builds.
Updated by Jim Pingle 9 months ago
- Subject changed from Netlink debug messages from IPsec to Console and system log may contain unnecessary Netlink debug messages from IPsec
Updating subject for release notes.