d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1e9fb89962
freebsd-dev/sys/netipsec
History
Andrey V. Elsukov 7f1f65918b Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 
is not specified.

Due to the long call chain IPsec code can produce the kernel stack
exhaustion on the i386 architecture. The debugging code usually is not
used, but it requires a lot of stack space to keep buffers for strings
formatting. This patch conditionally defines macros to disable building
of IPsec debugging code.

IPsec currently has two sysctl variables to configure debug output:
 * net.key.debug variable is used to enable debug output for PF_KEY
   protocol. Such debug messages are produced by KEYDBG() macro and
   usually they can be interesting for developers.
 * net.inet.ipsec.debug variable is used to enable debug output for
   DPRINTF() macro and ipseclog() function. DPRINTF() macro usually
   is used for development debugging. ipseclog() function is used for
   debugging by administrator.

The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers
declarations when IPSEC_DEBUG is not present in kernel config. This reduces
stack requirement for up to several hundreds of bytes.
The net.inet.ipsec.debug variable still can be used to enable ipseclog()
messages by administrator.

PR:		219476
Reported by:	eugen
No objection from:	#network
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D10869
2017-05-29 09:30:38 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h Summary: Remove spurious, extra, next header comments. 2015-05-15 18:04:49 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_input.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
ipsec_mbuf.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ipsec_mod.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_output.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
ipsec_pcb.c Fix SP refcount leak. 2017-04-26 00:34:05 +00:00
ipsec_support.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec.h Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
key_debug.c Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
key_debug.h Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
key_var.h
key.c When we are doing SA lookup for TCP-MD5, check both source and 2017-04-04 13:41:50 +00:00
key.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
keydb.h GC some unused declarations. 2017-04-03 04:44:56 +00:00
keysock.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
keysock.h
subr_ipsec.c Fix LINT build for powerpc. 2017-02-16 11:38:50 +00:00
udpencap.c For translated packets do not adjust UDP checksum if it is zero. 2017-02-18 19:53:37 +00:00
xform_ah.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_esp.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_ipcomp.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_tcp.c Move tcp_fields_to_net() static inline into tcp_var.h, just below its 2017-02-10 17:46:26 +00:00
xform.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00