From 469cd1de9f904bcc451379316f39f7ef34f0eca0 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 3 Jul 2021 17:47:52 +0200
Subject: ipsec: T2816: rework log options for debugging

Renamed CLI from "logging log-modes" to "log subsystem" and "logging log-level"
to "log level". THat is more human firendly.
---
 interface-definitions/vpn_ipsec.xml.in | 57 ++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 24 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index a2e9a7a5a..fdd091dd9 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -525,100 +525,109 @@
               </leafNode>
             </children>
           </node>
-          <node name="logging">
+          <node name="log">
             <properties>
               <help>IPsec logging</help>
             </properties>
             <children>
-              <leafNode name="log-level">
+              <leafNode name="level">
                 <properties>
                   <help>strongSwan Logger Level</help>
                   <valueHelp>
-                    <format>u32:0-2</format>
-                    <description>Logger Verbosity Level (default 0)</description>
+                    <format>u32:0</format>
+                    <description>Very basic auditing logs e.g. SA up/SA down (default)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:1</format>
+                    <description>Generic control flow with errors, a good default to see whats going on</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>u32:2</format>
+                    <description>More detailed debugging control flow</description>
                   </valueHelp>
                   <constraint>
                     <validator name="numeric" argument="--range 0-2"/>
                   </constraint>
                 </properties>
+                <defaultValue>0</defaultValue>
               </leafNode>
-              <leafNode name="log-modes">
+              <leafNode name="subsystem">
                 <properties>
-                  <help>Log mode. To see what each log mode exactly does, please refer to the strongSwan documentation</help>
+                  <help>Subsystem in the daemon the log comes from</help>
                   <completionHelp>
                     <list>dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any</list>
                   </completionHelp>
                   <valueHelp>
                     <format>dmn</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Main daemon setup/cleanup/signal handling</description>
                   </valueHelp>
                   <valueHelp>
                     <format>mgr</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>IKE_SA manager, handling synchronization for IKE_SA access</description>
                   </valueHelp>
                   <valueHelp>
                     <format>ike</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>IKE_SA/ISAKMP SA</description>
                   </valueHelp>
                   <valueHelp>
                     <format>chd</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>CHILD_SA/IPsec SA</description>
                   </valueHelp>
                   <valueHelp>
                     <format>job</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Jobs queuing/processing and thread pool management</description>
                   </valueHelp>
                   <valueHelp>
                     <format>cfg</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Configuration management and plugins</description>
                   </valueHelp>
                   <valueHelp>
                     <format>knl</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>IPsec/Networking kernel interface</description>
                   </valueHelp>
                   <valueHelp>
                     <format>net</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>IKE network communication</description>
                   </valueHelp>
                   <valueHelp>
                     <format>asn</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Low-level encoding/decoding (ASN.1, X.509 etc.)</description>
                   </valueHelp>
                   <valueHelp>
                     <format>enc</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Packet encoding/decoding encryption/decryption operations</description>
                   </valueHelp>
                   <valueHelp>
                     <format>lib</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>libstrongswan library messages</description>
                   </valueHelp>
                   <valueHelp>
                     <format>esp</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>libipsec library messages</description>
                   </valueHelp>
                   <valueHelp>
                     <format>tls</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description> libtls library messages</description>
                   </valueHelp>
                   <valueHelp>
                     <format>tnc</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Trusted Network Connect</description>
                   </valueHelp>
                   <valueHelp>
                     <format>imc</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Integrity Measurement Collector</description>
                   </valueHelp>
                   <valueHelp>
                     <format>imv</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Integrity Measurement Verifier</description>
                   </valueHelp>
                   <valueHelp>
                     <format>pts</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description> Platform Trust Service</description>
                   </valueHelp>
                   <valueHelp>
                     <format>any</format>
-                    <description>Debug log option for strongSwan</description>
+                    <description>Any subsystem</description>
                   </valueHelp>
                   <constraint>
                     <regex>^(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)$</regex>
-- 
cgit v1.2.3