Tracing facilities

Edit online

Tracing is a debugging facility for tracing kernel events. Traces can be used to get more specific information about events or errors occurring in the kernel filter and tunnel code.

The SMIT IP Security trace facility is available through the Advanced IP Security Configuration menu. The information captured by this trace facility includes information about Error, Filter, Filter Information, Tunnel, Tunnel Information, Capsulation/Decapsulation, Capsulation Information, Crypto, and Crypto Information. By design, the error trace hook provides the most critical information. The info trace hook can generate critical information and may have an impact on system performance. This tracing provides clues about the problem and is also required when explaining the problem to a service technician.

To enable tracing, configure the IPSec devices and set the trace level of each IPSec subcomponent to a trace level of 7 to generate useful kernel trace data. If IPSec devices are not configured, then the component trace control command does not list the IPSec related entries. To start IPSec tracing, use the SMIT fast path smit ips4_start (for IP Version 4) or smit ips6_start (for IP Version 6).

Note: If IPSec component tracing is not set correctly, the captured traces will be empty.
To capture kernel trace data, follow these steps:
  1. Query all the components to view the current trace level settings:
    # ctctrl -q
  2. Check the IPSec component and subcomponents. The components initially appear as follows with the default trace level 3. To view the initial default trace level of the components, enter:
    # ctctrl -q -c ipsec -r
    Component Name Have Alias Memory Trace/Level System Track/Level Buffer Size/Allocated
    ipsec NO ON/3 ON/3 40960/YES
    .capsulate NO ON/3 ON/3 10240/YES
    .filter NO ON/3 ON/3 10240/YES
    .tunnel NO ON/3 ON/3 10240/YES
  3. Increase the trace level of IPSec and the subcomponents to 7 to support kernel tracing, enter:
    # ctctrl systracelevel=7 -c ipsec -r
  4. Query to confirm that the trace levels for IPSec and its subcomponents are changed, enter:
    # ctctrl -q -c ipsec -r
    Component Name Have Alias Memory Trace/Level System Track/Level Buffer Size/Allocated
    ipsec NO ON/3 ON/7 40960/YES
    .capsulate NO ON/3 ON/7 10240/YES
    .filter NO ON/3 ON/7 10240/YES
    .tunnel NO ON/3 ON/7 10240/YES

    To access the tracing facility, use the SMIT fast path smit ips4_tracing (for IP Version 4) or smit ips6_tracing (for IP Version 6). Kernel traces taken through smit ips4_tracing, smit ips6_tracing, or through the command-line trace facility generates valid IPSec trace data.