Quantcast

PF: move some common things from LOG_NOTICE to LOG_INFO

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

PF: move some common things from LOG_NOTICE to LOG_INFO

Stuart Henderson
Currently LOG_NOTICE is used for some things which are rather common,
as well as some things which are unusual. So, if you want to find the
unusual things, depending on your ruleset you can have a lot of noise
and perhaps a lot of load due to the logging.

This diff moves these to LOG_INFO (which is currently unused in PF).
With it I can now run with "pfctl -xn" to log things like loose state
matches, state failure, missing fragments, etc, without several lines
from each osfp match, "selected address" for translation rules, etc.

OK?

Index: pf_lb.c
===================================================================
RCS file: /cvs/src/sys/net/pf_lb.c,v
retrieving revision 1.59
diff -u -p -r1.59 pf_lb.c
--- pf_lb.c 8 Feb 2017 01:20:40 -0000 1.59
+++ pf_lb.c 21 Apr 2017 09:13:17 -0000
@@ -619,9 +619,9 @@ pf_map_addr(sa_family_t af, struct pf_ru
  return (1);
  }
 
- if (pf_status.debug >= LOG_NOTICE &&
+ if (pf_status.debug >= LOG_INFO &&
     (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
- log(LOG_NOTICE, "pf: pf_map_addr: selected address ");
+ log(LOG_INFO, "pf: pf_map_addr: selected address ");
  pf_print_host(naddr, 0, af);
  if ((rpool->opts & PF_POOL_TYPEMASK) ==
     PF_POOL_LEASTSTATES)
@@ -707,8 +707,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
  u_int16_t nport;
  int prefixlen = 96;
 
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: af-to %s %s, ",
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: af-to %s %s, ",
     pd->naf == AF_INET ? "inet" : "inet6",
     r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr");
  pf_print_host(&pd->nsaddr, pd->nsport, pd->af);
@@ -815,8 +815,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
  PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf);
  PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf);
 
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: af-to %s %s done, prefixlen %d, ",
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: af-to %s %s done, prefixlen %d, ",
     pd->naf == AF_INET ? "inet" : "inet6",
     r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr",
     prefixlen);
@@ -904,8 +904,8 @@ pf_postprocess_addr(struct pf_state *cur
  }
  }
  if (slbcount > -1) {
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: %s: selected address ", __func__);
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: %s: selected address ", __func__);
  pf_print_host(&lookup_addr, sks->port[0],
     sks->af);
  addlog(" decreased state count to %u\n",
Index: pf_norm.c
===================================================================
RCS file: /cvs/src/sys/net/pf_norm.c,v
retrieving revision 1.202
diff -u -p -r1.202 pf_norm.c
--- pf_norm.c 17 Mar 2017 17:19:16 -0000 1.202
+++ pf_norm.c 21 Apr 2017 09:13:17 -0000
@@ -286,7 +286,7 @@ pf_fillup_fragment(struct pf_fragment_cm
  goto bad_fragment;
  }
 
- DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ?
+ DPFPRINTF(LOG_INFO, key->fr_af == AF_INET ?
     "reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d",
     key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len);
 
@@ -456,7 +456,7 @@ pf_isfull_fragment(struct pf_fragment *f
  return (0);
  }
  }
- DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total);
+ DPFPRINTF(LOG_INFO, "%d < %d?", off, total);
  if (off < total)
  return (0);
  KASSERT(off == total);
@@ -569,7 +569,7 @@ pf_reassemble(struct mbuf **m0, int dir,
  return (PF_DROP);
  }
 
- DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len));
+ DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip->ip_len));
  return (PF_PASS);
 }
 
@@ -676,7 +676,7 @@ pf_reassemble6(struct mbuf **m0, struct
  return (PF_DROP);
  }
 
- DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
+ DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
  return (PF_PASS);
 
 fail:
Index: pf_osfp.c
===================================================================
RCS file: /cvs/src/sys/net/pf_osfp.c,v
retrieving revision 1.39
diff -u -p -r1.39 pf_osfp.c
--- pf_osfp.c 22 Nov 2016 19:29:54 -0000 1.39
+++ pf_osfp.c 21 Apr 2017 09:13:17 -0000
@@ -238,7 +238,7 @@ pf_osfp_fingerprint_hdr(const struct ip
  optlen = MAX(optlen, 1); /* paranoia */
  }
 
- DPFPRINTF(LOG_NOTICE,
+ DPFPRINTF(LOG_INFO,
     "fingerprinted %s:%d  %d:%d:%d:%d:%llx (%d) "
     "(TS=%s,M=%s%d,W=%s%d)",
     srcname, ntohs(tcp->th_sport),
@@ -269,7 +269,7 @@ pf_osfp_match(struct pf_osfp_enlist *lis
  if (os == PF_OSFP_ANY)
  return (1);
  if (list == NULL) {
- DPFPRINTF(LOG_NOTICE, "osfp no match against %x", os);
+ DPFPRINTF(LOG_INFO, "osfp no match against %x", os);
  return (os == PF_OSFP_UNKNOWN);
  }
  PF_OSFP_UNPACK(os, os_class, os_version, os_subtype);
@@ -278,14 +278,14 @@ pf_osfp_match(struct pf_osfp_enlist *lis
  if ((os_class == PF_OSFP_ANY || en_class == os_class) &&
     (os_version == PF_OSFP_ANY || en_version == os_version) &&
     (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) {
- DPFPRINTF(LOG_NOTICE,
+ DPFPRINTF(LOG_INFO,
     "osfp matched %s %s %s  %x==%x",
     entry->fp_class_nm, entry->fp_version_nm,
     entry->fp_subtype_nm, os, entry->fp_os);
  return (1);
  }
  }
- DPFPRINTF(LOG_NOTICE, "fingerprint 0x%x didn't match", os);
+ DPFPRINTF(LOG_INFO, "fingerprint 0x%x didn't match", os);
  return (0);
 }
 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PF: move some common things from LOG_NOTICE to LOG_INFO

Sebastian Benoit-3
Stuart Henderson([hidden email]) on 2017.04.21 10:21:56 +0100:

> Currently LOG_NOTICE is used for some things which are rather common,
> as well as some things which are unusual. So, if you want to find the
> unusual things, depending on your ruleset you can have a lot of noise
> and perhaps a lot of load due to the logging.
>
> This diff moves these to LOG_INFO (which is currently unused in PF).
> With it I can now run with "pfctl -xn" to log things like loose state
> matches, state failure, missing fragments, etc, without several lines
> from each osfp match, "selected address" for translation rules, etc.
>
> OK?

ok and thanks!
 

> Index: pf_lb.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf_lb.c,v
> retrieving revision 1.59
> diff -u -p -r1.59 pf_lb.c
> --- pf_lb.c 8 Feb 2017 01:20:40 -0000 1.59
> +++ pf_lb.c 21 Apr 2017 09:13:17 -0000
> @@ -619,9 +619,9 @@ pf_map_addr(sa_family_t af, struct pf_ru
>   return (1);
>   }
>  
> - if (pf_status.debug >= LOG_NOTICE &&
> + if (pf_status.debug >= LOG_INFO &&
>      (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
> - log(LOG_NOTICE, "pf: pf_map_addr: selected address ");
> + log(LOG_INFO, "pf: pf_map_addr: selected address ");
>   pf_print_host(naddr, 0, af);
>   if ((rpool->opts & PF_POOL_TYPEMASK) ==
>      PF_POOL_LEASTSTATES)
> @@ -707,8 +707,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
>   u_int16_t nport;
>   int prefixlen = 96;
>  
> - if (pf_status.debug >= LOG_NOTICE) {
> - log(LOG_NOTICE, "pf: af-to %s %s, ",
> + if (pf_status.debug >= LOG_INFO) {
> + log(LOG_INFO, "pf: af-to %s %s, ",
>      pd->naf == AF_INET ? "inet" : "inet6",
>      r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr");
>   pf_print_host(&pd->nsaddr, pd->nsport, pd->af);
> @@ -815,8 +815,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
>   PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf);
>   PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf);
>  
> - if (pf_status.debug >= LOG_NOTICE) {
> - log(LOG_NOTICE, "pf: af-to %s %s done, prefixlen %d, ",
> + if (pf_status.debug >= LOG_INFO) {
> + log(LOG_INFO, "pf: af-to %s %s done, prefixlen %d, ",
>      pd->naf == AF_INET ? "inet" : "inet6",
>      r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr",
>      prefixlen);
> @@ -904,8 +904,8 @@ pf_postprocess_addr(struct pf_state *cur
>   }
>   }
>   if (slbcount > -1) {
> - if (pf_status.debug >= LOG_NOTICE) {
> - log(LOG_NOTICE, "pf: %s: selected address ", __func__);
> + if (pf_status.debug >= LOG_INFO) {
> + log(LOG_INFO, "pf: %s: selected address ", __func__);
>   pf_print_host(&lookup_addr, sks->port[0],
>      sks->af);
>   addlog(" decreased state count to %u\n",
> Index: pf_norm.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf_norm.c,v
> retrieving revision 1.202
> diff -u -p -r1.202 pf_norm.c
> --- pf_norm.c 17 Mar 2017 17:19:16 -0000 1.202
> +++ pf_norm.c 21 Apr 2017 09:13:17 -0000
> @@ -286,7 +286,7 @@ pf_fillup_fragment(struct pf_fragment_cm
>   goto bad_fragment;
>   }
>  
> - DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ?
> + DPFPRINTF(LOG_INFO, key->fr_af == AF_INET ?
>      "reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d",
>      key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len);
>  
> @@ -456,7 +456,7 @@ pf_isfull_fragment(struct pf_fragment *f
>   return (0);
>   }
>   }
> - DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total);
> + DPFPRINTF(LOG_INFO, "%d < %d?", off, total);
>   if (off < total)
>   return (0);
>   KASSERT(off == total);
> @@ -569,7 +569,7 @@ pf_reassemble(struct mbuf **m0, int dir,
>   return (PF_DROP);
>   }
>  
> - DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len));
> + DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip->ip_len));
>   return (PF_PASS);
>  }
>  
> @@ -676,7 +676,7 @@ pf_reassemble6(struct mbuf **m0, struct
>   return (PF_DROP);
>   }
>  
> - DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
> + DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
>   return (PF_PASS);
>  
>  fail:
> Index: pf_osfp.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf_osfp.c,v
> retrieving revision 1.39
> diff -u -p -r1.39 pf_osfp.c
> --- pf_osfp.c 22 Nov 2016 19:29:54 -0000 1.39
> +++ pf_osfp.c 21 Apr 2017 09:13:17 -0000
> @@ -238,7 +238,7 @@ pf_osfp_fingerprint_hdr(const struct ip
>   optlen = MAX(optlen, 1); /* paranoia */
>   }
>  
> - DPFPRINTF(LOG_NOTICE,
> + DPFPRINTF(LOG_INFO,
>      "fingerprinted %s:%d  %d:%d:%d:%d:%llx (%d) "
>      "(TS=%s,M=%s%d,W=%s%d)",
>      srcname, ntohs(tcp->th_sport),
> @@ -269,7 +269,7 @@ pf_osfp_match(struct pf_osfp_enlist *lis
>   if (os == PF_OSFP_ANY)
>   return (1);
>   if (list == NULL) {
> - DPFPRINTF(LOG_NOTICE, "osfp no match against %x", os);
> + DPFPRINTF(LOG_INFO, "osfp no match against %x", os);
>   return (os == PF_OSFP_UNKNOWN);
>   }
>   PF_OSFP_UNPACK(os, os_class, os_version, os_subtype);
> @@ -278,14 +278,14 @@ pf_osfp_match(struct pf_osfp_enlist *lis
>   if ((os_class == PF_OSFP_ANY || en_class == os_class) &&
>      (os_version == PF_OSFP_ANY || en_version == os_version) &&
>      (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) {
> - DPFPRINTF(LOG_NOTICE,
> + DPFPRINTF(LOG_INFO,
>      "osfp matched %s %s %s  %x==%x",
>      entry->fp_class_nm, entry->fp_version_nm,
>      entry->fp_subtype_nm, os, entry->fp_os);
>   return (1);
>   }
>   }
> - DPFPRINTF(LOG_NOTICE, "fingerprint 0x%x didn't match", os);
> + DPFPRINTF(LOG_INFO, "fingerprint 0x%x didn't match", os);
>   return (0);
>  }
>  
>

Loading...