Project

General

Profile

Actions

Bug #5000

closed

Set ipsec_policy_log_interval to 0 by default

Added by Dan McDonald almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2014-07-14
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

People who use IPsec will get messages of the form:

Jul 14 12:25:17 neuromancer ip: [ID 372019 kern.error] ipsec_check_global_policy: Policy Failure for the incoming packet (not secure); Source 010.001.001.137, Destination 224.000.000.251.

More often than not. These are not actionable notices, but may be of interest to an administrator who notices increases in ip:0:ipdrop kstats.

The rates of these messages are controlled by the ipsec_policy_log_interval variable. If it's set to 0, it should not print anything. This bug/RFE requests that it be set to 0 by default.

Actions #1

Updated by Electric Monk almost 8 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 05b5eb98f5af5545cf01e97712cca09c5293fe9a

commit  05b5eb98f5af5545cf01e97712cca09c5293fe9a
Author: Dan McDonald <danmcd@omniti.com>
Date:   2014-07-15T00:28:46.000Z

    5000 Set ipsec_policy_log_interval to 0 by default
    Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
    Reviewed by: Jason King <jason.brian.king@gmail.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Garrett D'Amore <garrett@damore.org>

Actions

Also available in: Atom PDF