DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Interim commit to make the log_msg strategy.

Browse Source 
* log_msg : New log_set_verbosity(): It sets the default verbosity for the
    log module according to the verbose option set by the user through the command
    line.
  * Remove useless checks of the verbose option when log_msg() is invoked.
This commit is contained in:
Franck Joncourt 2013-06-16 19:12:06 +02:00
parent 8155cf3331
commit b48295c69b
7 changed files with 103 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
server/fw_util_ipfw.c
View File

@ -80,9 +80,8 @@ ipfw_set_exists(const fko_srv_options_t *opts,
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "ipfw_set_exists() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "ipfw_set_exists() CMD: '%s' (res: %d)",
cmd_buf, res);
if(!EXTCMD_IS_SUCCESS(res))
return(0);
@ -116,9 +115,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -144,9 +142,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
printf("\nActive Rules:\n");
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -165,9 +162,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
printf("\nExpired Rules:\n");
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -286,9 +282,8 @@ fw_initialize(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
@ -317,9 +312,8 @@ fw_initialize(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
log_msg(LOG_INFO, "Set ipfw expire set %u to disabled.",
@ -340,9 +334,8 @@ fw_initialize(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_initialize() CMD: '%s' (res: %d)",
cmd_buf, res);
if(!EXTCMD_IS_SUCCESS(res))
{
@ -350,8 +343,7 @@ fw_initialize(const fko_srv_options_t * const opts)
return;
}
if(opts->verbose > 1)
log_msg(LOG_INFO, "RULES LIST: %s", cmd_out);
log_msg(LOG_DEBUG, "RULES LIST: %s", cmd_out);
/* Find the first "# DISABLED" string (if any).
*/
@ -420,9 +412,8 @@ fw_cleanup(const fko_srv_options_t * const opts)
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_cleanup() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_cleanup() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -533,9 +524,8 @@ process_spa_request(const fko_srv_options_t * const opts,
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "process_spa_request() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "process_spa_request() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
@ -628,9 +618,8 @@ check_firewall_rules(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
if(!EXTCMD_IS_SUCCESS(res))
{
@ -638,8 +627,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
return;
}
if(opts->verbose > 1)
log_msg(LOG_INFO, "RULES LIST: %s", cmd_out);
log_msg(LOG_DEBUG, "RULES LIST: %s", cmd_out);
/* Find the first _exp_ string (if any).
*/
@ -736,9 +724,8 @@ check_firewall_rules(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
@ -805,9 +792,8 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
if(!EXTCMD_IS_SUCCESS(res))
{
@ -822,8 +808,7 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
{
co_end = cmd_out + strlen(cmd_out);
if(opts->verbose > 1)
log_msg(LOG_INFO, "EXP RULES LIST: %s", cmd_out);
log_msg(LOG_DEBUG, "EXP RULES LIST: %s", cmd_out);
/* Find the "## Dynamic rules" string.
*/
@ -914,9 +899,8 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
if(!EXTCMD_IS_SUCCESS(res))
{

82
server/fw_util_iptables.c
View File

@ -87,9 +87,8 @@ comment_match_exists(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "comment_match_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "comment_match_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
zero_cmd_buffers();
@ -146,9 +145,8 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
if (opts->verbose)
log_msg(LOG_INFO, "add_jump_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "add_jump_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
log_msg(LOG_INFO, "Added jump rule from chain: %s to chain: %s",
@ -176,9 +174,8 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "chain_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "chain_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
log_msg(LOG_INFO, "'%s' table '%s' chain exists",
@ -205,13 +202,11 @@ jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num)
if(rule_exists(opts, fwc.chain[chain_num].from_chain, rule_buf) == 1)
{
if (opts->verbose)
log_msg(LOG_INFO, "jump_rule_exists() jump rule found");
log_msg(LOG_INFO, "jump_rule_exists() jump rule found");
exists = 1;
}
else
if (opts->verbose)
log_msg(LOG_INFO, "jump_rule_exists() jump rule not found");
log_msg(LOG_INFO, "jump_rule_exists() jump rule not found");
return exists;
}
@ -249,9 +244,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -286,9 +280,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
fflush(stdout);
res = system(cmd_buf);
if (opts->verbose)
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
log_msg(LOG_INFO, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -332,9 +325,8 @@ delete_all_chains(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -360,9 +352,8 @@ delete_all_chains(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -388,9 +379,8 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "create_chain() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "create_chain() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
@ -626,22 +616,19 @@ rule_exists(const fko_srv_options_t * const opts,
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "rule_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "rule_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res) && strlen(err_buf))
{
if (opts->verbose)
log_msg(LOG_INFO, "rule_exists() Rule : '%s' in %s does not exist.",
fw_rule, fw_chain);
log_msg(LOG_INFO, "rule_exists() Rule : '%s' in %s does not exist.",
fw_rule, fw_chain);
}
else
{
rule_exists = 1;
if (opts->verbose)
log_msg(LOG_INFO, "rule_exists() Rule : '%s' in %s already exists.",
fw_rule, fw_chain);
log_msg(LOG_INFO, "rule_exists() Rule : '%s' in %s already exists.",
fw_rule, fw_chain);
}
return rule_exists;
@ -660,14 +647,12 @@ create_rule(const fko_srv_options_t * const opts,
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "create_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "create_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
if (opts->verbose)
log_msg(LOG_INFO, "create_rule() Rule: '%s' added to %s", fw_rule, fw_chain);
log_msg(LOG_INFO, "create_rule() Rule: '%s' added to %s", fw_rule, fw_chain);
res = 1;
}
else
@ -1085,9 +1070,8 @@ check_firewall_rules(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
chop_newline(cmd_out);
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, cmd_out: %s)",
cmd_buf, res, cmd_out);
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, cmd_out: %s)",
cmd_buf, res, cmd_out);
if(!EXTCMD_IS_SUCCESS(res))
{
@ -1095,8 +1079,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
continue;
}
if(opts->verbose > 1)
log_msg(LOG_INFO, "RES=%i, CMD_BUF: %s\nRULES LIST: %s", res, cmd_buf, cmd_out);
log_msg(LOG_DEBUG, "RES=%i, CMD_BUF: %s\nRULES LIST: %s", res, cmd_buf, cmd_out);
ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
if(ndx == NULL)
@ -1195,9 +1178,8 @@ check_firewall_rules(const fko_srv_options_t * const opts)
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
chop_newline(err_buf);
if (opts->verbose)
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
log_msg(LOG_INFO, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{

15
server/fwknopd.c
View File

@ -139,6 +139,9 @@ main(int argc, char **argv)
*/
init_logging(&opts);
/* Update the verbosity level for the log module */
log_set_verbosity(LOG_DEFAULT_VERBOSITY + opts.verbose);
#if HAVE_LOCALE_H
/* Set the locale if specified.
*/
@ -156,10 +159,9 @@ main(int argc, char **argv)
}
else
{
if(opts.verbose)
log_msg(LOG_INFO,
"Locale set to '%s'.", opts.config[CONF_LOCALE]
);
log_msg(LOG_INFO,
"Locale set to '%s'.", opts.config[CONF_LOCALE]
);
}
}
#endif
@ -660,9 +662,8 @@ write_pid_file(fko_srv_options_t *opts)
my_pid = getpid();
snprintf(buf, PID_BUFLEN, "%i\n", my_pid);
if(opts->verbose > 1)
log_msg(LOG_INFO, "[+] Writing my PID (%i) to the lock file: %s\n",
my_pid, opts->config[CONF_FWKNOP_PID_FILE]);
log_msg(LOG_DEBUG, "[+] Writing my PID (%i) to the lock file: %s\n",
my_pid, opts->config[CONF_FWKNOP_PID_FILE]);
num_bytes = write(op_fd, buf, strlen(buf));

24
server/incoming_spa.c
View File

@ -294,9 +294,8 @@ incoming_spa(fko_srv_options_t *opts)
res = preprocess_spa_data(opts, spadat.pkt_source_ip);
if(res != FKO_SUCCESS)
{
if(opts->verbose > 1)
log_msg(LOG_INFO, "[%s] preprocess_spa_data() returned error %i: '%s' for incoming packet.",
spadat.pkt_source_ip, res, get_errstr(res));
log_msg(LOG_DEBUG, "[%s] preprocess_spa_data() returned error %i: '%s' for incoming packet.",
spadat.pkt_source_ip, res, get_errstr(res));
return;
}
@ -378,8 +377,7 @@ incoming_spa(fko_srv_options_t *opts)
log_msg(LOG_INFO, "(stanza #%d) SPA Packet from IP: %s received with access source match",
stanza_num, spadat.pkt_source_ip);
if(opts->verbose > 1)
log_msg(LOG_INFO, "SPA Packet: '%s'\n", spa_pkt->packet_data);
log_msg(LOG_DEBUG, "SPA Packet: '%s'\n", spa_pkt->packet_data);
/* Make sure this access stanza has not expired
*/
@ -541,9 +539,8 @@ incoming_spa(fko_srv_options_t *opts)
/* At this point, we assume the SPA data is valid. Now we need to see
* if it meets our access criteria.
*/
if(opts->verbose > 1)
log_msg(LOG_INFO, "[%s] (stanza #%d) SPA Decode (res=%i):\n%s",
spadat.pkt_source_ip, stanza_num, res, dump_ctx(ctx));
log_msg(LOG_DEBUG, "[%s] (stanza #%d) SPA Decode (res=%i):\n%s",
spadat.pkt_source_ip, stanza_num, res, dump_ctx(ctx));
/* First, if this is a GPG message, and GPG_REMOTE_ID list is not empty,
* then we need to make sure this incoming message is signer ID matches
@ -560,9 +557,8 @@ incoming_spa(fko_srv_options_t *opts)
continue;
}
if(opts->verbose)
log_msg(LOG_INFO, "[%s] (stanza #%d) Incoming SPA data signed by '%s'.",
spadat.pkt_source_ip, stanza_num, gpg_id);
log_msg(LOG_INFO, "[%s] (stanza #%d) Incoming SPA data signed by '%s'.",
spadat.pkt_source_ip, stanza_num, gpg_id);
if(acc->gpg_remote_id != NULL && !acc_check_gpg_remote_id(acc, gpg_id))
{
@ -742,10 +738,8 @@ incoming_spa(fko_srv_options_t *opts)
*/
if(acc->cmd_exec_user != NULL && strncasecmp(acc->cmd_exec_user, "root", 4) != 0)
{
if(opts->verbose)
log_msg(LOG_INFO, "[%s] (stanza #%d) Setting effective user to %s (UID=%i) before running command.",
spadat.pkt_source_ip, stanza_num, acc->cmd_exec_user, acc->cmd_exec_uid);
log_msg(LOG_INFO, "[%s] (stanza #%d) Setting effective user to %s (UID=%i) before running command.",
spadat.pkt_source_ip, stanza_num, acc->cmd_exec_user, acc->cmd_exec_uid);
res = run_extcmd_as(acc->cmd_exec_uid,
spadat.spa_message_remain, NULL, 0, 0);

21
server/log_msg.c
View File

@ -47,6 +47,9 @@ static int static_log_flag = 0;
*/
static char *log_name = NULL;
/* The value of the default verbosity used by the log module */
static int verbosity = LOG_DEFAULT_VERBOSITY;
/* Free resources allocated for logging.
*/
void
@ -131,6 +134,8 @@ init_logging(fko_srv_options_t *opts) {
else if(!strcasecmp(opts->config[CONF_SYSLOG_FACILITY], "LOG_LOCAL7"))
syslog_fac = LOG_LOCAL7;
}
verbosity = LOG_DEFAULT_VERBOSITY + opts->verbose;
}
/* Set the log facility value.
@ -149,6 +154,9 @@ log_msg(int level, char* msg, ...)
{
va_list ap, apse;
if (level > verbosity)
return;
va_start(ap, msg);
level |= static_log_flag;
@ -188,4 +196,17 @@ log_msg(int level, char* msg, ...)
va_end(ap);
}
/**
* Set the verbosity level for the current context of the log module.
*
* The verbosity levels used byt the module are defined by the sylsog module.
*
* @param level verbosity level to set (LOG_INFO, LOG_NOTICE ...)
*/
void
log_set_verbosity(int level)
{
verbosity = level;
}
/***EOF***/

3
server/log_msg.h
View File

@ -43,10 +43,13 @@
#define LOG_STDERR_ONLY 0x3000
#define LOG_STDERR_MASK 0x0FFF
#define LOG_DEFAULT_VERBOSITY LOG_WARNING /*!< Default verbosity to use */
void init_logging(fko_srv_options_t *opts);
void free_logging(void);
void set_log_facility(int fac);
void log_msg(int, char*, ...);
void log_set_verbosity(int level);
#endif /* LOG_MSG_H */

2
server/pcap_capture.c
View File

@ -274,7 +274,7 @@ pcap_capture(fko_srv_options_t *opts)
if(res > 0)
{
if(opts->foreground == 1 && opts->verbose > 2)
log_msg(LOG_INFO, "pcap_dispatch() processed: %d packets", res);
log_msg(LOG_DEBUG, "pcap_dispatch() processed: %d packets", res);
/* Count the set of processed packets (pcap_dispatch() return
* value) - we use this as a comparison for --packet-limit regardless