On Tue, May 26, 2020 at 12:08:08PM -0400, matthew j weaver wrote: > During childsa last use checks, iked debug logs results, per SA, after a > successful pfkey_sa_last_used call. > > This patch makes logging behavior more closely match that, on error. > > I chose log_warn instead of log_debug since iked will complain about the > nonzero errno after pfkey_reply: > pfkey_sa_last_used: message: No such process > > With this patch an operator can at least troubleshoot which SAs are > causing the trouble. > > Comments? Make sense? > > thank you, all > matthew weaver
I don't think this is a good idea With your diff the log gets spammed with 'Undefined error: 0' for child SAs that have never been used. Also log_warn seems a bit too much as those errors are rarely serious.
