While I hunt for the reason child SAs expiring results in ESRCH during
pfkey_sa_last_used, this more detailed log message on error is much more
helpful than the default pretty print of "pfkey_sa_last_used: No such process".
I suspect it's useful to others.
Thank you, all.
matthew weaver
---
Index: pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 pfkey.c
--- pfkey.c 23 Apr 2020 20:17:48 -0000 1.64
+++ pfkey.c 24 May 2020 15:34:39 -0000
@@ -939,7 +939,11 @@ pfkey_sa_last_used(int sd, struct iked_c
if (msg->sadb_msg_errno != 0) {
errno = msg->sadb_msg_errno;
ret = -1;
- log_warn("%s: message", __func__);
+ log_warn(
+ "%s: pfkey_write error on spi 0x%08x from %s to %s",
+ __func__, ntohl(sadb.sadb_sa_spi),
+ print_host((struct sockaddr *)&ssrc, NULL, 0),
+ print_host((struct sockaddr *)&sdst, NULL, 0));
goto done;
}
if ((sa_life = pfkey_find_ext(data, n, SADB_X_EXT_LIFETIME_LASTUSE))
