Date: Mon, 5 Nov 2012 22:30:56 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r242631 - head/sys/netpfil/ipfw Message-ID: <201211052230.qA5MUuFF004140@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Mon Nov 5 22:30:56 2012 New Revision: 242631 URL: http://svnweb.freebsd.org/changeset/base/242631 Log: Use unified print_dyn_rule_flags() function for debugging messages instead of hand-made printfs in every place. MFC after: 1 week Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_dynamic.c Mon Nov 5 21:55:22 2012 (r242630) +++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Mon Nov 5 22:30:56 2012 (r242631) @@ -258,8 +258,12 @@ hash_packet(struct ipfw_flow_id *id) return i; } -static __inline void -unlink_dyn_rule_print(struct ipfw_flow_id *id) +/** + * Print customizable flow id description via log(9) facility. + */ +static void +print_dyn_rule_flags(struct ipfw_flow_id *id, int dyn_type, int log_flags, + char *prefix, char *postfix) { struct in_addr da; #ifdef INET6 @@ -280,10 +284,14 @@ unlink_dyn_rule_print(struct ipfw_flow_i da.s_addr = htonl(id->dst_ip); inet_ntop(AF_INET, &da, dst, sizeof(dst)); } - printf("ipfw: unlink entry %s %d -> %s %d, %d left\n", - src, id->src_port, dst, id->dst_port, V_dyn_count - 1); + log(log_flags, "ipfw: %s type %d %s %d -> %s %d, %d %s\n", + prefix, dyn_type, src, id->src_port, dst, + id->dst_port, V_dyn_count, postfix); } +#define print_dyn_rule(id, dtype, prefix, postfix) \ + print_dyn_rule_flags(id, dtype, LOG_DEBUG, prefix, postfix) + /** * unlink a dynamic rule from a chain. prev is a pointer to * the previous one, q is a pointer to the rule to delete, @@ -296,12 +304,12 @@ unlink_dyn_rule_print(struct ipfw_flow_i /* remove a refcount to the parent */ \ if (q->dyn_type == O_LIMIT) \ q->parent->count--; \ - DEB(unlink_dyn_rule_print(&q->id);) \ + V_dyn_count--; \ + DEB(print_dyn_rule(&q->id, q->dyn_type, "unlink entry", "left");) \ if (prev != NULL) \ prev->next = q = q->next; \ else \ head = q = q->next; \ - V_dyn_count--; \ uma_zfree(ipfw_dyn_rule_zone, old_q); } #define TIME_LEQ(a,b) ((int)((a)-(b)) <= 0) @@ -639,32 +647,7 @@ add_dyn_rule(struct ipfw_flow_id *id, u_ r->next = V_ipfw_dyn_v[i]; V_ipfw_dyn_v[i] = r; V_dyn_count++; - DEB({ - struct in_addr da; -#ifdef INET6 - char src[INET6_ADDRSTRLEN]; - char dst[INET6_ADDRSTRLEN]; -#else - char src[INET_ADDRSTRLEN]; - char dst[INET_ADDRSTRLEN]; -#endif - -#ifdef INET6 - if (IS_IP6_FLOW_ID(&(r->id))) { - ip6_sprintf(src, &r->id.src_ip6); - ip6_sprintf(dst, &r->id.dst_ip6); - } else -#endif - { - da.s_addr = htonl(r->id.src_ip); - inet_ntop(AF_INET, &da, src, sizeof(src)); - da.s_addr = htonl(r->id.dst_ip); - inet_ntop(AF_INET, &da, dst, sizeof(dst)); - } - printf("ipfw: add dyn entry ty %d %s %d -> %s %d, total %d\n", - dyn_type, src, r->id.src_port, dst, r->id.dst_port, - V_dyn_count); - }) + DEB(print_dyn_rule(id, dyn_type, "add dyn entry", "total");) return r; } @@ -701,7 +684,8 @@ lookup_dyn_parent(struct ipfw_flow_id *p ) ) { q->expire = time_uptime + V_dyn_short_lifetime; - DEB(printf("ipfw: lookup_dyn_parent found 0x%p\n",q);) + DEB(print_dyn_rule(pkt, q->dyn_type, + "lookup_dyn_parent found", "");) return q; } } @@ -720,38 +704,11 @@ ipfw_install_state(struct ip_fw *rule, i { static int last_log; ipfw_dyn_rule *q; - struct in_addr da; -#ifdef INET6 - char src[INET6_ADDRSTRLEN + 2], dst[INET6_ADDRSTRLEN + 2]; -#else - char src[INET_ADDRSTRLEN], dst[INET_ADDRSTRLEN]; -#endif - src[0] = '\0'; - dst[0] = '\0'; + DEB(print_dyn_rule(&args->f_id, cmd->o.opcode, "install_state", "");) IPFW_DYN_LOCK(); - DEB( -#ifdef INET6 - if (IS_IP6_FLOW_ID(&(args->f_id))) { - ip6_sprintf(src, &args->f_id.src_ip6); - ip6_sprintf(dst, &args->f_id.dst_ip6); - } else -#endif - { - da.s_addr = htonl(args->f_id.src_ip); - inet_ntop(AF_INET, &da, src, sizeof(src)); - da.s_addr = htonl(args->f_id.dst_ip); - inet_ntop(AF_INET, &da, dst, sizeof(dst)); - } - printf("ipfw: %s: type %d %s %u -> %s %u\n", - __func__, cmd->o.opcode, src, args->f_id.src_port, - dst, args->f_id.dst_port); - src[0] = '\0'; - dst[0] = '\0'; - ) - q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL); if (q != NULL) { /* should never occur */ @@ -833,38 +790,15 @@ ipfw_install_state(struct ip_fw *rule, i if (parent->count >= conn_limit) { if (V_fw_verbose && last_log != time_uptime) { last_log = time_uptime; -#ifdef INET6 - /* - * XXX IPv6 flows are not - * supported yet. - */ - if (IS_IP6_FLOW_ID(&(args->f_id))) { - char ip6buf[INET6_ADDRSTRLEN]; - snprintf(src, sizeof(src), - "[%s]", ip6_sprintf(ip6buf, - &args->f_id.src_ip6)); - snprintf(dst, sizeof(dst), - "[%s]", ip6_sprintf(ip6buf, - &args->f_id.dst_ip6)); - } else -#endif - { - da.s_addr = - htonl(args->f_id.src_ip); - inet_ntop(AF_INET, &da, src, - sizeof(src)); - da.s_addr = - htonl(args->f_id.dst_ip); - inet_ntop(AF_INET, &da, dst, - sizeof(dst)); - } - log(LOG_SECURITY | LOG_DEBUG, - "ipfw: %d %s %s:%u -> %s:%u, %s\n", - parent->rule->rulenum, - "drop session", - src, (args->f_id.src_port), - dst, (args->f_id.dst_port), - "too many entries"); + char sbuf[24]; + last_log = time_uptime; + snprintf(sbuf, sizeof(sbuf), + "%d drop session", + parent->rule->rulenum); + print_dyn_rule_flags(&args->f_id, + cmd->o.opcode, + LOG_SECURITY | LOG_DEBUG, + sbuf, "too many entries"); } IPFW_DYN_UNLOCK(); return (1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211052230.qA5MUuFF004140>