d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6b14aecae7
freebsd-skq/sys
History
Andrey V. Elsukov 7f1f65918b Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 
is not specified.

Due to the long call chain IPsec code can produce the kernel stack
exhaustion on the i386 architecture. The debugging code usually is not
used, but it requires a lot of stack space to keep buffers for strings
formatting. This patch conditionally defines macros to disable building
of IPsec debugging code.

IPsec currently has two sysctl variables to configure debug output:
 * net.key.debug variable is used to enable debug output for PF_KEY
   protocol. Such debug messages are produced by KEYDBG() macro and
   usually they can be interesting for developers.
 * net.inet.ipsec.debug variable is used to enable debug output for
   DPRINTF() macro and ipseclog() function. DPRINTF() macro usually
   is used for development debugging. ipseclog() function is used for
   debugging by administrator.

The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers
declarations when IPSEC_DEBUG is not present in kernel config. This reduces
stack requirement for up to several hundreds of bytes.
The net.inet.ipsec.debug variable still can be used to enable ipseclog()
messages by administrator.

PR:		219476
Reported by:	eugen
No objection from:	#network
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D10869
2017-05-29 09:30:38 +00:00
..
amd64 In r246085 some bits that are MI movied out into headers in compat/linux, 2017-05-28 08:46:57 +00:00
arm Enable wireless Atheros cards in ARMADA38X 2017-05-29 09:20:20 +00:00
arm64 Add COMPAT_FREEBSD11 on arm64, the arch is almost tier-1. 2017-05-23 13:57:55 +00:00
boot Small cleanup in dev_net.c 2017-05-28 21:20:55 +00:00
bsm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
cam Introduce Genesys GL3224 quirks 2017-05-29 09:22:53 +00:00
cddl zfs_lookup: fix bogus arguments to lookup of "snapshot" directory 2017-05-29 06:30:34 +00:00
compat On success, getrandom() Linux system call returns the number of bytes that 2017-05-28 07:40:09 +00:00
conf Support for linux ext2fs posix-draft ACLs. 2017-05-28 15:39:11 +00:00
contrib Revert r318789. It causes hanging NAT tcp sessions. 2017-05-29 07:15:28 +00:00
crypto Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ddb Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
dev Increase timeout in Atheros HAL 2017-05-29 09:21:38 +00:00
fs Fix potential memory leak. 2017-05-28 17:48:54 +00:00
gdb
geom Fix typo. 2017-05-18 08:25:07 +00:00
gnu [mips] [rt2880] Add oldest Ralink MIPS SOC RT2880 support code. 2017-05-06 06:20:34 +00:00
i386 Remove the BSD/OS 2.1 system call gate LDT entry. 2017-05-23 22:34:18 +00:00
isa Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
kern Use whole mnt_stat.f_fsid bits for st_dev. 2017-05-27 17:00:30 +00:00
kgssapi
libkern Sync qsort.c with userland r318515. 2017-05-19 06:37:16 +00:00
mips [AP93] fix up the arge0/arge1 hints. 2017-05-29 07:57:01 +00:00
modules Support for linux ext2fs posix-draft ACLs. 2017-05-28 15:39:11 +00:00
net Call VLAN_CAPABILITIES() when LAGG capabilities change. 2017-05-26 22:22:48 +00:00
net80211 [net80211] prepare for A-MSDU/A-MPDU offload crypto / sequence number checking. 2017-05-20 00:43:52 +00:00
netgraph Make cached Bluetooth LE host advertise information visible from userland. 2017-04-27 15:03:24 +00:00
netinet Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners. 2017-05-26 16:29:00 +00:00
netinet6 The connect() system call should return -1 and set errno to EAFNOSUPPORT 2017-05-22 15:29:10 +00:00
netipsec Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
netpfil Fix the queue delay estimation in PIE/FQ-PIE when the timestamp 2017-05-19 08:38:03 +00:00
netsmb
nfs Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nfsclient Add an NFSv4.1 mount option for "use one openowner". 2017-04-13 21:54:19 +00:00
nfsserver Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nlm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
ofed All these files need sys/vmmeter.h, but now they got it implicitly 2017-04-17 17:07:00 +00:00
opencrypto Use const with some read-only buffers in opencrypto APIs. 2017-05-09 18:28:42 +00:00
powerpc Add a driver for the Chelsio T6 crypto accelerator engine. 2017-05-17 22:13:07 +00:00
riscv Follow r317061 "Remove struct vmmeter from struct pcpu" 2017-04-19 17:06:32 +00:00
rpc Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
security Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
sparc64 fix sparc64 build by restoring 'register' in pcpu.h 2017-05-17 16:32:24 +00:00
sys Use whole mnt_stat.f_fsid bits for st_dev. 2017-05-27 17:00:30 +00:00
teken Oops, my fix for bright colors broke bright black some more (in cases 2017-03-27 10:48:28 +00:00
tests style(9): sort headers 2017-05-09 05:08:47 +00:00
tools Declare the "snd_fxdiv_table" once. This shaves around 24Kbytes of 2017-05-25 05:23:47 +00:00
ufs Remove spl() calls from UFS code. 2017-05-07 14:59:45 +00:00
vm After r118390, the variable "dmmax" was neither the correct strip size 2017-05-27 21:46:00 +00:00
x86 Remove constants and comments for unimplemented entries in the default LDT. 2017-05-24 18:54:21 +00:00
xdr
xen xenstore: fix suspension when using the xenstore device 2017-03-07 09:17:48 +00:00
Makefile Remove glimpse make target added in r181432 2017-05-22 15:53:30 +00:00