From owner-freebsd-current Fri Jun 22 4: 6:49 2001 Delivered-To: freebsd-current@freebsd.org Received: from white.imgsrc.co.jp (ns.imgsrc.co.jp [210.226.20.2]) by hub.freebsd.org (Postfix) with ESMTP id A451937B403 for ; Fri, 22 Jun 2001 04:06:40 -0700 (PDT) (envelope-from kuriyama@imgsrc.co.jp) Received: from waterblue.imgsrc.co.jp (kuriyama@waterblue.imgsrc.co.jp [210.226.20.160]) by white.imgsrc.co.jp (8.11.2/8.11.0) with ESMTP id f5MB6cb17886; Fri, 22 Jun 2001 20:06:39 +0900 (JST) Date: Fri, 22 Jun 2001 20:06:34 +0900 Message-ID: <7m8zikeptx.wl@waterblue.imgsrc.co.jp> From: Jun Kuriyama To: Current Subject: [patch] netinet6/ip6_fw.c: use syslog for logging User-Agent: Wanderlust/2.4.1 (Stand By Me) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) MULE XEmacs/21.1 (patch 14) (Cuyahoga Valley) (i386--freebsd) MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu") Content-Type: multipart/mixed; boundary="Multipart_Fri_Jun_22_20:06:34_2001-1" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Multipart_Fri_Jun_22_20:06:34_2001-1 Content-Type: text/plain; charset=US-ASCII I found logs from ipfw(8) and ip6fw(8) are stored to different place. Former one is into via syslog(3) but latter one is into via kernel printf(). The reason of this difference is came from missing "merge from ip_fw.c". And I hope this patch will be first step to synchronize ip_fw.c and ip6_fw.c. So, I made a patch to merge the difference revision 1.117 and 1.118 of ip_fw.c into ip6_fw.c to use syslog(3) interface for ip6fw(8) logging. Please review this patch carefully because I'm not kernel hacker. -- Jun Kuriyama // IMG SRC, Inc. // FreeBSD Project --Multipart_Fri_Jun_22_20:06:34_2001-1 Content-Type: application/octet-stream; type=patch Content-Disposition: attachment; filename="ip6_fw.c.diff" Content-Transfer-Encoding: 7bit Index: ip6_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.11 diff -u -r1.11 ip6_fw.c --- ip6_fw.c 2001/06/11 12:39:05 1.11 +++ ip6_fw.c 2001/06/22 10:12:29 @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -93,11 +94,11 @@ SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw6_verbose_limit, 0, ""); #endif -#define dprintf(a) if (!fw6_debug); else printf a - -#define print_ip6(a) printf("[%s]", ip6_sprintf(a)) - -#define dprint_ip6(a) if (!fw6_debug); else print_ip6(a) +#define dprintf(a) do { \ + if (fw6_debug) \ + printf a; \ + } while (0) +#define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0 static int add_entry6 __P((struct ip6_fw_head *chainptr, struct ip6_fw *frwl)); static int del_entry6 __P((struct ip6_fw_head *chainptr, u_short number)); @@ -332,93 +333,114 @@ struct udphdr *const udp = (struct udphdr *) ((caddr_t) ip6+ off); struct icmp6_hdr *const icmp6 = (struct icmp6_hdr *) ((caddr_t) ip6+ off); int count; + char *action; + char action2[32], proto[102], name[18]; + int len; count = f ? f->fw_pcnt : ++counter; if (fw6_verbose_limit != 0 && count > fw6_verbose_limit) return; /* Print command name */ - printf("ip6fw: %d ", f ? f->fw_number : -1); + snprintf(SNPARGS(name, 0), "ip6fw: %d", f ? f->fw_number : -1); + + action = action2; if (!f) - printf("Refuse"); - else + action = "Refuse"; + else { switch (f->fw_flg & IPV6_FW_F_COMMAND) { case IPV6_FW_F_DENY: - printf("Deny"); + action = "Deny"; break; case IPV6_FW_F_REJECT: if (f->fw_reject_code == IPV6_FW_REJECT_RST) - printf("Reset"); + action = "Reset"; else - printf("Unreach"); + action = "Unreach"; break; case IPV6_FW_F_ACCEPT: - printf("Accept"); + action = "Accept"; break; case IPV6_FW_F_COUNT: - printf("Count"); + action = "Count"; break; case IPV6_FW_F_DIVERT: - printf("Divert %d", f->fw_divert_port); + snprintf(SNPARGS(action2, 0), "Divert %d", + f->fw_divert_port); break; case IPV6_FW_F_TEE: - printf("Tee %d", f->fw_divert_port); + snprintf(SNPARGS(action2, 0), "Tee %d", + f->fw_divert_port); break; case IPV6_FW_F_SKIPTO: - printf("SkipTo %d", f->fw_skipto_rule); + snprintf(SNPARGS(action2, 0), "SkipTo %d", + f->fw_skipto_rule); break; default: - printf("UNKNOWN"); + action = "UNKNOWN"; break; } - printf(" "); + } switch (nxt) { case IPPROTO_TCP: - printf("TCP "); - print_ip6(&ip6->ip6_src); + len = snprintf(SNPARGS(proto, 0), "TCP [%s]", + ip6_sprintf(&ip6->ip6_src)); if (off > 0) - printf(":%d ", ntohs(tcp6->th_sport)); + len += snprintf(SNPARGS(proto, len), ":%d ", + ntohs(tcp6->th_sport)); else - printf(" "); - print_ip6(&ip6->ip6_dst); + len += snprintf(SNPARGS(proto, len), " "); + len += snprintf(SNPARGS(proto, len), "[%s]", + ip6_sprintf(&ip6->ip6_dst)); if (off > 0) - printf(":%d", ntohs(tcp6->th_dport)); + snprintf(SNPARGS(proto, len), ":%d", + ntohs(tcp6->th_dport)); break; case IPPROTO_UDP: - printf("UDP "); - print_ip6(&ip6->ip6_src); + len = snprintf(SNPARGS(proto, 0), "UDP [%s]", + ip6_sprintf(&ip6->ip6_src)); if (off > 0) - printf(":%d ", ntohs(udp->uh_sport)); + len += snprintf(SNPARGS(proto, len), ":%d ", + ntohs(udp->uh_sport)); else - printf(" "); - print_ip6(&ip6->ip6_dst); + len += snprintf(SNPARGS(proto, len), " "); + len += snprintf(SNPARGS(proto, len), "[%s]", + ip6_sprintf(&ip6->ip6_dst)); if (off > 0) - printf(":%d", ntohs(udp->uh_dport)); + snprintf(SNPARGS(proto, len), ":%d", + ntohs(udp->uh_dport)); break; case IPPROTO_ICMPV6: if (off > 0) - printf("IPV6-ICMP:%u.%u ", icmp6->icmp6_type, icmp6->icmp6_code); + len = snprintf(SNPARGS(proto, 0), "IPV6-ICMP:%u.%u ", + icmp6->icmp6_type, icmp6->icmp6_code); else - printf("IPV6-ICMP "); - print_ip6(&ip6->ip6_src); - printf(" "); - print_ip6(&ip6->ip6_dst); + len = snprintf(SNPARGS(proto, 0), "IPV6-ICMP "); + len = snprintf(SNPARGS(proto, len), "[%s]", + ip6_sprintf(&ip6->ip6_src)); + snprintf(SNPARGS(proto, len), " [%s]", + ip6_sprintf(&ip6->ip6_dst)); break; default: - printf("P:%d ", nxt); - print_ip6(&ip6->ip6_src); - printf(" "); - print_ip6(&ip6->ip6_dst); + len = snprintf(SNPARGS(proto, 0), "P:%d [%s]", nxt, + ip6_sprintf(&ip6->ip6_src)); + snprintf(SNPARGS(proto, len), " [%s]", + ip6_sprintf(&ip6->ip6_dst)); break; } + if (oif) - printf(" out via %s", if_name(oif)); + log(LOG_SECURITY | LOG_INFO, "%s %s %s out via %s\n", + name, action, proto, if_name(oif)); else if (rif) - printf(" in via %s", if_name(rif)); - printf("\n"); + log(LOG_SECURITY | LOG_INFO, "%s %s %s in via %s\n", + name, action, proto, if_name(rif)); + else + log(LOG_SECURITY | LOG_INFO, "%s %s %s", + name, action, proto); if (fw6_verbose_limit != 0 && count == fw6_verbose_limit) - printf("ip6fw: limit reached on rule #%d\n", + log(LOG_SECURITY | LOG_INFO, "ip6fw: limit reached on entry %d\n", f ? f->fw_number : -1); } @@ -907,9 +929,11 @@ if (fw6_verbose) { if (frwl) - printf("ip6fw: Entry %d cleared.\n", frwl->fw_number); + log(LOG_SECURITY | LOG_NOTICE, + "ip6fw: Entry %d cleared.\n", frwl->fw_number); else - printf("ip6fw: Accounting cleared.\n"); + log(LOG_SECURITY | LOG_NOTICE, + "ip6fw: Accounting cleared.\n"); } return(0); --Multipart_Fri_Jun_22_20:06:34_2001-1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message