* [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized
@ 2016-11-04 10:37 Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 2/3] conntrackd: replace error reporting in the config parser with dlog() Arturo Borrero Gonzalez
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-04 10:37 UTC (permalink / raw)
To: netfilter-devel
This will allow to call dlog() function from all the points in the
execution at runtime.
If the log was not initialized, then we just fprintf and return.
By now, we can't init the log engine earlier because we require config
from the user, so there is a egg-chicken problem.
This means that we can't log parsing messages to logfiles but only to
stderr/stdout.
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
include/conntrackd.h | 1 +
src/log.c | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 8406c54..f995f4b 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -147,6 +147,7 @@ struct ct_general_state {
sigset_t block;
FILE *log;
FILE *stats_log;
+ int log_init;
struct local_server local;
struct ct_mode *mode;
struct ct_filter *us_filter;
diff --git a/src/log.c b/src/log.c
index 0796ba9..6deccfa 100644
--- a/src/log.c
+++ b/src/log.c
@@ -57,6 +57,8 @@ int init_log(void)
CONFIG(stats).syslog_facility != -1)
openlog(PACKAGE, LOG_PID, CONFIG(syslog_facility));
+ STATE(log_init) = 1;
+
return 0;
}
@@ -101,7 +103,7 @@ void dlog(int priority, const char *format, ...)
FILE *console_out;
va_list args;
- if (CONFIG(running_mode) != DAEMON) {
+ if (CONFIG(running_mode) != DAEMON || STATE(log_init) == 0) {
switch (priority) {
case LOG_INFO:
case LOG_NOTICE:
@@ -118,6 +120,9 @@ void dlog(int priority, const char *format, ...)
va_end(args);
}
+ if (STATE(log_init) == 0)
+ return;
+
if (fd) {
va_start(args, format);
logline_put(fd, priority, format, &args);
@@ -211,6 +216,8 @@ void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type)
void close_log(void)
{
+ STATE(log_init) = 0;
+
if (STATE(log) != NULL)
fclose(STATE(log));
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [conntrack-tools PATCH 2/3] conntrackd: replace error reporting in the config parser with dlog()
2016-11-04 10:37 [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Arturo Borrero Gonzalez
@ 2016-11-04 10:37 ` Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 3/3] conntrackd: replace fprintf calls " Arturo Borrero Gonzalez
2016-11-08 23:30 ` [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-04 10:37 UTC (permalink / raw)
To: netfilter-devel
Now that our main log function is able to handle the case of the log engine
not being initialised, we can use the general function instead of a custom
one in the parser.
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
src/read_config_yy.y | 321 ++++++++++++++++++++++----------------------------
1 file changed, 140 insertions(+), 181 deletions(-)
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index cc0eb18..bfe7abb 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -30,7 +30,6 @@
#include "cidr.h"
#include "helper.h"
#include "stack.h"
-#include <syslog.h>
#include <sched.h>
#include <dlfcn.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
@@ -41,13 +40,6 @@ extern int yylineno;
struct ct_conf conf;
-enum {
- CTD_CFG_ERROR = 0,
- CTD_CFG_WARN,
-};
-
-static void print_err(int err, const char *msg, ...);
-
static void __kernel_filter_start(void);
static void __kernel_filter_add_state(int value);
static void __max_dedicated_links_reached(void);
@@ -160,15 +152,15 @@ syslog_facility : T_SYSLOG T_STRING
else if (!strcmp($2, "local7"))
conf.syslog_facility = LOG_LOCAL7;
else {
- print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, "
- "ignoring", $2);
+ dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
+ "ignoring", $2);
break;
}
if (conf.stats.syslog_facility != -1 &&
conf.syslog_facility != conf.stats.syslog_facility)
- print_err(CTD_CFG_WARN, "conflicting Syslog facility "
- "values, defaulting to General");
+ dlog(LOG_WARNING, "conflicting Syslog facility "
+ "values, defaulting to General");
};
lock : T_LOCK T_PATH_VAL
@@ -178,7 +170,7 @@ lock : T_LOCK T_PATH_VAL
strip_nat: T_STRIP_NAT
{
- print_err(CTD_CFG_WARN, "`StripNAT' clause is obsolete, ignoring");
+ dlog(LOG_WARNING, "`StripNAT' clause is obsolete, ignoring");
};
refreshtime : T_REFRESH T_NUMBER
@@ -203,8 +195,8 @@ purge: T_PURGE T_NUMBER
checksum: T_CHECKSUM T_ON
{
- print_err(CTD_CFG_WARN, "the use of `Checksum' outside the "
- "`Multicast' clause is ambiguous");
+ dlog(LOG_WARNING, "the use of `Checksum' outside the "
+ "`Multicast' clause is ambiguous");
/*
* XXX: The use of Checksum outside of the Multicast clause is broken
* if we have more than one dedicated links.
@@ -214,8 +206,8 @@ checksum: T_CHECKSUM T_ON
checksum: T_CHECKSUM T_OFF
{
- print_err(CTD_CFG_WARN, "the use of `Checksum' outside the "
- "`Multicast' clause is ambiguous");
+ dlog(LOG_WARNING, "the use of `Checksum' outside the "
+ "`Multicast' clause is ambiguous");
/*
* XXX: The use of Checksum outside of the Multicast clause is broken
* if we have more than one dedicated links.
@@ -229,8 +221,8 @@ ignore_traffic : T_IGNORE_TRAFFIC '{' ignore_traffic_options '}'
CT_FILTER_ADDRESS,
CT_FILTER_NEGATIVE);
- print_err(CTD_CFG_WARN, "the clause `IgnoreTrafficFor' is obsolete. "
- "Use `Filter' instead");
+ dlog(LOG_WARNING, "the clause `IgnoreTrafficFor' is obsolete. "
+ "Use `Filter' instead");
};
ignore_traffic_options :
@@ -243,18 +235,17 @@ ignore_traffic_option : T_IPV4_ADDR T_IP
memset(&ip, 0, sizeof(union inet_address));
if (!inet_aton($2, &ip.ipv4)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4, "
- "ignoring", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4, ignoring", $2);
break;
}
if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "IP %s is repeated "
- "in the ignore pool", $2);
+ dlog(LOG_WARNING, "IP %s is repeated "
+ "in the ignore pool", $2);
if (errno == ENOSPC)
- print_err(CTD_CFG_WARN, "too many IP in the "
- "ignore pool!");
+ dlog(LOG_WARNING, "too many IP in the "
+ "ignore pool!");
}
};
@@ -266,20 +257,19 @@ ignore_traffic_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
#endif
if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "IP %s is repeated "
- "in the ignore pool", $2);
+ dlog(LOG_WARNING, "IP %s is repeated "
+ "in the ignore pool", $2);
if (errno == ENOSPC)
- print_err(CTD_CFG_WARN, "too many IP in the "
- "ignore pool!");
+ dlog(LOG_WARNING, "too many IP in the ignore pool!");
}
};
@@ -288,8 +278,8 @@ multicast_line : T_MULTICAST '{' multicast_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_MCAST) {
- print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `Multicast' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_MCAST;
@@ -302,8 +292,8 @@ multicast_line : T_MULTICAST T_DEFAULT '{' multicast_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_MCAST) {
- print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `Multicast' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_MCAST;
@@ -322,14 +312,14 @@ multicast_option : T_IPV4_ADDR T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
- print_err(CTD_CFG_WARN, "your multicast address is IPv4 but "
- "is binded to an IPv6 interface? "
- "Surely, this is not what you want");
+ dlog(LOG_WARNING, "your multicast address is IPv4 but "
+ "is binded to an IPv6 interface? "
+ "Surely, this is not what you want");
break;
}
@@ -343,18 +333,18 @@ multicast_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
&conf.channel[conf.channel_num].u.mcast.in) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) {
- print_err(CTD_CFG_WARN, "your multicast address is IPv6 but "
- "is binded to an IPv4 interface? "
- "Surely this is not what you want");
+ dlog(LOG_WARNING, "your multicast address is IPv6 but "
+ "is binded to an IPv4 interface? "
+ "Surely this is not what you want");
break;
}
@@ -366,8 +356,7 @@ multicast_option : T_IPV6_ADDR T_IP
idx = if_nametoindex($2);
if (!idx) {
- print_err(CTD_CFG_WARN,
- "%s is an invalid interface", $2);
+ dlog(LOG_WARNING, "%s is an invalid interface", $2);
break;
}
@@ -381,14 +370,14 @@ multicast_option : T_IPV4_IFACE T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
- print_err(CTD_CFG_WARN, "your multicast interface is IPv4 but "
- "is binded to an IPv6 interface? "
- "Surely, this is not what you want");
+ dlog(LOG_WARNING, "your multicast interface is IPv4 but "
+ "is binded to an IPv6 interface? "
+ "Surely, this is not what you want");
break;
}
@@ -397,7 +386,7 @@ multicast_option : T_IPV4_IFACE T_IP
multicast_option : T_IPV6_IFACE T_IP
{
- print_err(CTD_CFG_WARN, "`IPv6_interface' not required, ignoring");
+ dlog(LOG_WARNING, "`IPv6_interface' not required, ignoring");
}
multicast_option : T_IFACE T_STRING
@@ -410,7 +399,7 @@ multicast_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
- print_err(CTD_CFG_WARN, "%s is an invalid interface", $2);
+ dlog(LOG_WARNING, "%s is an invalid interface", $2);
break;
}
@@ -422,9 +411,8 @@ multicast_option : T_IFACE T_STRING
multicast_option : T_BACKLOG T_NUMBER
{
- print_err(CTD_CFG_WARN, "`Backlog' option inside Multicast clause is "
- "obsolete. Please, remove it from "
- "conntrackd.conf");
+ dlog(LOG_WARNING, "`Backlog' option inside Multicast clause is "
+ "obsolete. Please, remove it from conntrackd.conf");
};
multicast_option : T_GROUP T_NUMBER
@@ -461,8 +449,8 @@ udp_line : T_UDP '{' udp_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_UDP) {
- print_err(CTD_CFG_ERROR, "cannot use `UDP' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `UDP' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_UDP;
@@ -475,8 +463,8 @@ udp_line : T_UDP T_DEFAULT '{' udp_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_UDP) {
- print_err(CTD_CFG_ERROR, "cannot use `UDP' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `UDP' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_UDP;
@@ -495,7 +483,7 @@ udp_option : T_IPV4_ADDR T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
@@ -508,11 +496,11 @@ udp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
&conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
@@ -523,7 +511,7 @@ udp_option : T_IPV4_DEST_ADDR T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
@@ -536,11 +524,11 @@ udp_option : T_IPV6_DEST_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
&conf.channel[conf.channel_num].u.udp.client) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
@@ -555,7 +543,7 @@ udp_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
- print_err(CTD_CFG_WARN, "%s is an invalid interface", $2);
+ dlog(LOG_WARNING, "%s is an invalid interface", $2);
break;
}
conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
@@ -595,8 +583,8 @@ tcp_line : T_TCP '{' tcp_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_TCP) {
- print_err(CTD_CFG_ERROR, "cannot use `TCP' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `TCP' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_TCP;
@@ -611,8 +599,8 @@ tcp_line : T_TCP T_DEFAULT '{' tcp_options '}'
{
if (conf.channel_type_global != CHANNEL_NONE &&
conf.channel_type_global != CHANNEL_TCP) {
- print_err(CTD_CFG_ERROR, "cannot use `TCP' with other "
- "dedicated link protocols!");
+ dlog(LOG_ERR, "cannot use `TCP' with other "
+ "dedicated link protocols!");
exit(EXIT_FAILURE);
}
conf.channel_type_global = CHANNEL_TCP;
@@ -633,7 +621,7 @@ tcp_option : T_IPV4_ADDR T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
@@ -646,11 +634,11 @@ tcp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
&conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
@@ -661,7 +649,7 @@ tcp_option : T_IPV4_DEST_ADDR T_IP
__max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
break;
}
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
@@ -674,11 +662,11 @@ tcp_option : T_IPV6_DEST_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
&conf.channel[conf.channel_num].u.tcp.client) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
@@ -693,7 +681,7 @@ tcp_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
- print_err(CTD_CFG_WARN, "%s is an invalid interface", $2);
+ dlog(LOG_WARNING, "%s is an invalid interface", $2);
break;
}
conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx;
@@ -767,8 +755,8 @@ ignore_protocol: T_IGNORE_PROTOCOL '{' ignore_proto_list '}'
CT_FILTER_L4PROTO,
CT_FILTER_NEGATIVE);
- print_err(CTD_CFG_WARN, "the clause `IgnoreProtocol' is "
- "obsolete. Use `Filter' instead");
+ dlog(LOG_WARNING, "the clause `IgnoreProtocol' is "
+ "obsolete. Use `Filter' instead");
};
ignore_proto_list:
@@ -780,7 +768,7 @@ ignore_proto: T_NUMBER
if ($1 < IPPROTO_MAX)
ct_filter_add_proto(STATE(us_filter), $1);
else
- print_err(CTD_CFG_WARN, "protocol number `%d' is freak", $1);
+ dlog(LOG_WARNING, "protocol number `%d' is freak", $1);
};
ignore_proto: T_STRING
@@ -789,8 +777,8 @@ ignore_proto: T_STRING
pent = getprotobyname($1);
if (pent == NULL) {
- print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
- "protocol `%s' in /etc/protocols", $1);
+ dlog(LOG_WARNING, "getprotobyname() cannot find "
+ "protocol `%s' in /etc/protocols", $1);
break;
}
ct_filter_add_proto(STATE(us_filter), pent->p_proto);
@@ -799,8 +787,8 @@ ignore_proto: T_STRING
sync: T_SYNC '{' sync_list '}'
{
if (conf.flags & CTD_STATS_MODE) {
- print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' "
- "clauses in conntrackd.conf");
+ dlog(LOG_ERR, "cannot use both `Stats' and `Sync' "
+ "clauses in conntrackd.conf");
exit(EXIT_FAILURE);
}
conf.flags |= CTD_SYNC_MODE;
@@ -953,8 +941,8 @@ disable_external_cache: T_DISABLE_EXTERNAL_CACHE T_OFF
resend_buffer_size: T_RESEND_BUFFER_SIZE T_NUMBER
{
- print_err(CTD_CFG_WARN, "`ResendBufferSize' is deprecated. "
- "Use `ResendQueueSize' instead");
+ dlog(LOG_WARNING, "`ResendBufferSize' is deprecated. "
+ "Use `ResendQueueSize' instead");
};
resend_queue_size: T_RESEND_QUEUE_SIZE T_NUMBER
@@ -969,24 +957,24 @@ window_size: T_WINDOWSIZE T_NUMBER
destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER
{
- print_err(CTD_CFG_WARN, "`DestroyTimeout' is deprecated. Remove it");
+ dlog(LOG_WARNING, "`DestroyTimeout' is deprecated. Remove it");
};
relax_transitions: T_RELAX_TRANSITIONS
{
- print_err(CTD_CFG_WARN, "`RelaxTransitions' clause is obsolete. "
- "Please, remove it from conntrackd.conf");
+ dlog(LOG_WARNING, "`RelaxTransitions' clause is obsolete. "
+ "Please, remove it from conntrackd.conf");
};
delay_destroy_msgs: T_DELAY
{
- print_err(CTD_CFG_WARN, "`DelayDestroyMessages' clause is obsolete. "
- "Please, remove it from conntrackd.conf");
+ dlog(LOG_WARNING, "`DelayDestroyMessages' clause is obsolete. "
+ "Please, remove it from conntrackd.conf");
};
listen_to: T_LISTEN_TO T_IP
{
- print_err(CTD_CFG_WARN, "the clause `ListenTo' is obsolete, ignoring");
+ dlog(LOG_WARNING, "the clause `ListenTo' is obsolete, ignoring");
};
state_replication: T_REPLICATE states T_FOR state_proto
@@ -995,8 +983,8 @@ state_replication: T_REPLICATE states T_FOR state_proto
CT_FILTER_STATE,
CT_FILTER_POSITIVE);
- print_err(CTD_CFG_WARN, "the clause `Replicate' is obsolete. "
- "Use `Filter' instead");
+ dlog(LOG_WARNING, "the clause `Replicate' is obsolete. "
+ "Use `Filter' instead");
};
states:
@@ -1005,8 +993,8 @@ states:
state_proto: T_STRING
{
if (strncmp($1, "TCP", strlen("TCP")) != 0) {
- print_err(CTD_CFG_WARN, "unsupported protocol `%s' in line %d",
- $1, yylineno);
+ dlog(LOG_WARNING, "unsupported protocol `%s' in line %d",
+ $1, yylineno);
}
};
state: tcp_state;
@@ -1089,14 +1077,12 @@ tcp_state: T_LISTEN
cache_writethrough: T_WRITE_THROUGH T_ON
{
- print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
- "ignoring");
+ dlog(LOG_WARNING, "`CacheWriteThrough' clause is obsolete, ignoring");
};
cache_writethrough: T_WRITE_THROUGH T_OFF
{
- print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, "
- "ignoring");
+ dlog(LOG_WARNING, "`CacheWriteThrough' clause is obsolete, ignoring");
};
general: T_GENERAL '{' general_list '}';
@@ -1182,7 +1168,7 @@ scheduler_line : T_TYPE T_STRING
} else if (strcasecmp($2, "fifo") == 0) {
conf.sched.type = SCHED_FIFO;
} else {
- print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2);
+ dlog(LOG_ERR, "unknown scheduler `%s'", $2);
exit(EXIT_FAILURE);
}
};
@@ -1191,14 +1177,14 @@ scheduler_line : T_PRIO T_NUMBER
{
conf.sched.prio = $2;
if (conf.sched.prio < 0 || conf.sched.prio > 99) {
- print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2);
+ dlog(LOG_ERR, "`Priority' must be [0, 99]\n", $2);
exit(EXIT_FAILURE);
}
};
family : T_FAMILY T_STRING
{
- print_err(CTD_CFG_WARN, "`Family' is deprecated, ignoring");
+ dlog(LOG_WARNING, "`Family' is deprecated, ignoring");
};
event_iterations_limit : T_EVENT_ITER_LIMIT T_NUMBER
@@ -1211,7 +1197,7 @@ poll_secs: T_POLL_SECS T_NUMBER
conf.flags |= CTD_POLL;
conf.poll_kernel_secs = $2;
if (conf.poll_kernel_secs == 0) {
- print_err(CTD_CFG_ERROR, "`PollSecs' clause must be > 0");
+ dlog(LOG_ERR, "`PollSecs' clause must be > 0");
exit(EXIT_FAILURE);
}
};
@@ -1265,8 +1251,8 @@ filter_protocol_item : T_STRING
pent = getprotobyname($1);
if (pent == NULL) {
- print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
- "protocol `%s' in /etc/protocols", $1);
+ dlog(LOG_WARNING, "getprotobyname() cannot find "
+ "protocol `%s' in /etc/protocols", $1);
break;
}
ct_filter_add_proto(STATE(us_filter), pent->p_proto);
@@ -1284,8 +1270,8 @@ filter_protocol_item : T_TCP
pent = getprotobyname("tcp");
if (pent == NULL) {
- print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
- "protocol `tcp' in /etc/protocols");
+ dlog(LOG_WARNING, "getprotobyname() cannot find "
+ "protocol `tcp' in /etc/protocols");
break;
}
ct_filter_add_proto(STATE(us_filter), pent->p_proto);
@@ -1303,7 +1289,7 @@ filter_protocol_item : T_UDP
pent = getprotobyname("udp");
if (pent == NULL) {
- print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
+ dlog(LOG_WARNING, "getprotobyname() cannot find "
"protocol `udp' in /etc/protocols");
break;
}
@@ -1363,14 +1349,14 @@ filter_address_item : T_IPV4_ADDR T_IP
*slash = '\0';
cidr = atoi(slash+1);
if (cidr > 32) {
- print_err(CTD_CFG_WARN, "%s/%d is not a valid network, "
- "ignoring", $2, cidr);
+ dlog(LOG_WARNING, "%s/%d is not a valid network, "
+ "ignoring", $2, cidr);
break;
}
}
if (!inet_aton($2, &ip.ipv4)) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv4, ignoring", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv4, ignoring", $2);
break;
}
@@ -1383,18 +1369,17 @@ filter_address_item : T_IPV4_ADDR T_IP
if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "netmask %s is "
- "repeated in the "
- "ignore pool", $2);
+ dlog(LOG_WARNING, "netmask %s is "
+ "repeated in the ignore pool", $2);
}
} else {
if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "IP %s is repeated in "
- "the ignore pool", $2);
+ dlog(LOG_WARNING, "IP %s is repeated in "
+ "the ignore pool", $2);
if (errno == ENOSPC)
- print_err(CTD_CFG_WARN, "too many IP in the "
- "ignore pool!");
+ dlog(LOG_WARNING, "too many IP in the "
+ "ignore pool!");
}
}
__kernel_filter_start();
@@ -1423,19 +1408,19 @@ filter_address_item : T_IPV6_ADDR T_IP
*slash = '\0';
cidr = atoi(slash+1);
if (cidr > 128) {
- print_err(CTD_CFG_WARN, "%s/%d is not a valid network, "
- "ignoring", $2, cidr);
+ dlog(LOG_WARNING, "%s/%d is not a valid network, "
+ "ignoring", $2, cidr);
break;
}
}
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) {
- print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", $2);
+ dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2);
break;
}
#else
- print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!");
+ dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
break;
#endif
if (slash && cidr < 128) {
@@ -1445,18 +1430,17 @@ filter_address_item : T_IPV6_ADDR T_IP
ipv6_cidr2mask_net(cidr, tmp.mask);
if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET6)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "netmask %s is "
- "repeated in the "
- "ignore pool", $2);
+ dlog(LOG_WARNING, "netmask %s is "
+ "repeated in the ignore pool", $2);
}
} else {
if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) {
if (errno == EEXIST)
- print_err(CTD_CFG_WARN, "IP %s is repeated in "
- "the ignore pool", $2);
+ dlog(LOG_WARNING, "IP %s is repeated in "
+ "the ignore pool", $2);
if (errno == ENOSPC)
- print_err(CTD_CFG_WARN, "too many IP in the "
- "ignore pool!");
+ dlog(LOG_WARNING, "too many IP in the "
+ "ignore pool!");
}
}
__kernel_filter_start();
@@ -1500,8 +1484,8 @@ filter_state_item : tcp_states T_FOR T_TCP;
stats: T_STATS '{' stats_list '}'
{
if (conf.flags & CTD_SYNC_MODE) {
- print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' "
- "clauses in conntrackd.conf");
+ dlog(LOG_ERR, "cannot use both `Stats' and `Sync' "
+ "clauses in conntrackd.conf");
exit(EXIT_FAILURE);
}
conf.flags |= CTD_STATS_MODE;
@@ -1563,20 +1547,20 @@ stat_syslog_facility : T_SYSLOG T_STRING
else if (!strcmp($2, "local7"))
conf.stats.syslog_facility = LOG_LOCAL7;
else {
- print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, "
- "ignoring.", $2);
+ dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
+ "ignoring.", $2);
break;
}
if (conf.syslog_facility != -1 &&
conf.stats.syslog_facility != conf.syslog_facility)
- print_err(CTD_CFG_WARN, "conflicting Syslog facility "
- "values, defaulting to General");
+ dlog(LOG_WARNING, "conflicting Syslog facility "
+ "values, defaulting to General");
};
buffer_size: T_STAT_BUFFER_SIZE T_NUMBER
{
- print_err(CTD_CFG_WARN, "`LogFileBufferSize' is deprecated");
+ dlog(LOG_WARNING, "`LogFileBufferSize' is deprecated");
};
helper: T_HELPER '{' helper_list '}'
@@ -1604,7 +1588,7 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
else if (strcmp($3, "inet6") == 0)
l3proto = AF_INET6;
else {
- print_err(CTD_CFG_ERROR, "unknown layer 3 protocol");
+ dlog(LOG_ERR, "unknown layer 3 protocol");
exit(EXIT_FAILURE);
}
@@ -1613,19 +1597,18 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
else if (strcmp($4, "udp") == 0)
l4proto = IPPROTO_UDP;
else {
- print_err(CTD_CFG_ERROR, "unknown layer 4 protocol");
+ dlog(LOG_ERR, "unknown layer 4 protocol");
exit(EXIT_FAILURE);
}
#ifdef BUILD_CTHELPER
helper = helper_find(CONNTRACKD_LIB_DIR, $2, l4proto, RTLD_NOW);
if (helper == NULL) {
- print_err(CTD_CFG_ERROR, "Unknown `%s' helper", $2);
+ dlog(LOG_ERR, "Unknown `%s' helper", $2);
exit(EXIT_FAILURE);
}
#else
- print_err(CTD_CFG_ERROR, "Helper support is disabled, recompile "
- "conntrackd");
+ dlog(LOG_ERR, "Helper support is disabled, recompile conntrackd");
exit(EXIT_FAILURE);
#endif
@@ -1669,9 +1652,8 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
break;
}
if (matching == NULL) {
- print_err(CTD_CFG_ERROR,
- "Unknown policy `%s' in helper "
- "configuration", pol->name);
+ dlog(LOG_ERR, "Unknown policy `%s' in helper "
+ "configuration", pol->name);
exit(EXIT_FAILURE);
}
/* FIXME: First set default policy, then change only
@@ -1684,9 +1666,9 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
break;
}
default:
- print_err(CTD_CFG_ERROR,
- "Unexpected symbol parsing helper policy");
- exit(EXIT_FAILURE);
+ dlog(LOG_ERR, "Unexpected symbol parsing helper "
+ "policy");
+ exit(EXIT_FAILURE);
break;
}
}
@@ -1729,9 +1711,8 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
e = stack_item_pop(&symbol_stack, SYMBOL_HELPER_EXPECT_POLICY_LEAF);
if (e == NULL) {
- print_err(CTD_CFG_ERROR,
- "Helper policy configuration empty, fix your "
- "configuration file, please");
+ dlog(LOG_ERR, "Helper policy configuration empty, fix your "
+ "configuration file, please");
exit(EXIT_FAILURE);
break;
}
@@ -1787,38 +1768,17 @@ helper_policy_expect_timeout: T_HELPER_EXPECT_TIMEOUT T_NUMBER
int __attribute__((noreturn))
yyerror(char *msg)
{
- print_err(CTD_CFG_ERROR, "parsing config file in "
- "line (%d), symbol '%s': %s",
- yylineno, yytext, msg);
+ dlog(LOG_ERR, "parsing config file in line (%d), symbol '%s': %s",
+ yylineno, yytext, msg);
exit(EXIT_FAILURE);
}
-static void print_err(int type, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- switch(type) {
- case CTD_CFG_ERROR:
- fprintf(stderr, "ERROR: ");
- break;
- case CTD_CFG_WARN:
- fprintf(stderr, "WARNING: ");
- break;
- default:
- fprintf(stderr, "?: ");
- }
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr,"\n");
-}
-
static void __kernel_filter_start(void)
{
if (!STATE(filter)) {
STATE(filter) = nfct_filter_create();
if (!STATE(filter)) {
- print_err(CTD_CFG_ERROR, "cannot create ignore pool!");
+ dlog(LOG_ERR, "cannot create ignore pool!");
exit(EXIT_FAILURE);
}
}
@@ -1840,9 +1800,8 @@ static void __kernel_filter_add_state(int value)
static void __max_dedicated_links_reached(void)
{
if (conf.channel_num >= MULTICHANNEL_MAX) {
- print_err(CTD_CFG_ERROR, "too many dedicated links in "
- "the configuration file "
- "(Maximum: %d)", MULTICHANNEL_MAX);
+ dlog(LOG_ERR, "too many dedicated links in the configuration "
+ "file (Maximum: %d)", MULTICHANNEL_MAX);
exit(EXIT_FAILURE);
}
}
@@ -1872,9 +1831,9 @@ init_config(char *filename)
#ifndef BUILD_SYSTEMD
if (CONFIG(systemd) == 1) {
- print_err(CTD_CFG_WARN, "systemd runtime support activated but"
- " conntrackd was built without support"
- " for it. Recompile conntrackd");
+ dlog(LOG_WARNING, "systemd runtime support activated but "
+ "conntrackd was built without support "
+ "for it. Recompile conntrackd");
}
#endif /* BUILD_SYSTEMD */
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [conntrack-tools PATCH 3/3] conntrackd: replace fprintf calls with dlog()
2016-11-04 10:37 [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 2/3] conntrackd: replace error reporting in the config parser with dlog() Arturo Borrero Gonzalez
@ 2016-11-04 10:37 ` Arturo Borrero Gonzalez
2016-11-08 23:30 ` [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-04 10:37 UTC (permalink / raw)
To: netfilter-devel
Review fprintf() and perror() calls and replace them with proper logs,
since it now supports being called anytime during runtime.
While at it, several messages are fixed, deleting \n, adjusting
coding style and some typos.
Also, the 'conntrackd cannot start, please review your configuration' is
printed before closing the log engine.
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
src/ctnl.c | 4 +--
src/filter.c | 4 +--
src/main.c | 67 +++++++++++++++++++++++--------------------------
src/read_config_lex.l | 13 +++++-----
src/sync-mode.c | 4 +--
src/systemd.c | 4 +--
6 files changed, 46 insertions(+), 50 deletions(-)
diff --git a/src/ctnl.c b/src/ctnl.c
index 10b5f4c..9d5dcb8 100644
--- a/src/ctnl.c
+++ b/src/ctnl.c
@@ -404,8 +404,8 @@ int ctnl_init(void)
else if (CONFIG(flags) & CTD_SYNC_MODE)
STATE(mode) = &sync_mode;
else {
- fprintf(stderr, "WARNING: No running mode specified. "
- "Defaulting to statistics mode.\n");
+ dlog(LOG_WARNING, "No running mode specified. "
+ "Defaulting to statistics mode.");
CONFIG(flags) |= CTD_STATS_MODE;
STATE(mode) = &stats_mode;
}
diff --git a/src/filter.c b/src/filter.c
index 1ae2cc5..00a5e96 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -138,7 +138,7 @@ static struct ct_filter *__filter_alloc(struct ct_filter *filter)
if (!STATE(us_filter)) {
STATE(us_filter) = ct_filter_create();
if (!STATE(us_filter)) {
- fprintf(stderr, "Can't create ignore pool!\n");
+ dlog(LOG_ERR, "Can't create ignore pool!");
exit(EXIT_FAILURE);
}
}
@@ -479,7 +479,7 @@ static struct exp_filter *exp_filter_alloc(void)
if (STATE(exp_filter) == NULL) {
STATE(exp_filter) = exp_filter_create();
if (STATE(exp_filter) == NULL) {
- fprintf(stderr, "Can't init expectation filtering!\n");
+ dlog(LOG_ERR, "Can't init expectation filtering!");
return NULL;
}
}
diff --git a/src/main.c b/src/main.c
index 0319b5c..febeaa9 100644
--- a/src/main.c
+++ b/src/main.c
@@ -86,7 +86,7 @@ set_operation_mode(int *current, int want, char *argv[])
}
if (*current != want) {
show_usage(argv[0]);
- fprintf(stderr, "\nError: Invalid parameters\n");
+ dlog(LOG_ERR, "Invalid parameters");
exit(EXIT_FAILURE);
}
}
@@ -115,16 +115,16 @@ set_nice_value(int nv)
{
errno = 0;
if (nice(nv) == -1 && errno) /* warn only */
- fprintf(stderr, "Cannot set nice level %d: %s\n",
- nv, strerror(errno));
+ dlog(LOG_WARNING, "Cannot set nice level %d: %s",
+ nv, strerror(errno));
}
static void
do_chdir(const char *d)
{
if (chdir(d))
- fprintf(stderr, "Cannot change current directory to %s: %s\n",
- d, strerror(errno));
+ dlog(LOG_WARNING, "Cannot change current directory to %s: %s",
+ d, strerror(errno));
}
int main(int argc, char *argv[])
@@ -137,12 +137,12 @@ int main(int argc, char *argv[])
/* Check kernel version: it must be >= 2.6.18 */
if (uname(&u) == -1) {
- fprintf(stderr, "Can't retrieve kernel version via uname()\n");
+ dlog(LOG_ERR, "Can't retrieve kernel version via uname()");
exit(EXIT_FAILURE);
}
sscanf(u.release, "%d.%d.%d", &version, &major, &minor);
if (version < 2 && major < 6 && minor < 18) {
- fprintf(stderr, "Linux kernel version must be >= 2.6.18\n");
+ dlog(LOG_ERR, "Linux kernel version must be >= 2.6.18");
exit(EXIT_FAILURE);
}
@@ -177,15 +177,14 @@ int main(int argc, char *argv[])
strncpy(config_file, argv[i], PATH_MAX);
if (strlen(argv[i]) >= PATH_MAX){
config_file[PATH_MAX-1]='\0';
- fprintf(stderr, "Path to config file "
- "to long. Cutting it "
- "down to %d characters",
- PATH_MAX);
+ dlog(LOG_WARNING, "Path to config file"
+ " to long. Cutting it down to %d"
+ " characters", PATH_MAX);
}
break;
}
show_usage(argv[0]);
- fprintf(stderr, "Missing config filename\n");
+ dlog(LOG_ERR, "Missing config filename");
break;
case 'F':
set_operation_mode(&type, REQUEST, argv);
@@ -206,10 +205,8 @@ int main(int argc, char *argv[])
action = CT_FLUSH_EXT_CACHE;
i++;
} else {
- fprintf(stderr, "ERROR: unknown "
- "parameter `%s' for "
- "option `-f'\n",
- argv[i+1]);
+ dlog(LOG_ERR, "unknown parameter `%s' "
+ "for option `-f'", argv[i + 1]);
exit(EXIT_FAILURE);
}
} else {
@@ -254,9 +251,9 @@ int main(int argc, char *argv[])
i++;
} else if (strncmp(argv[i+1], "multicast",
strlen(argv[i+1])) == 0) {
- fprintf(stderr, "WARNING: use `link' "
- "instead of `multicast' as "
- "parameter.\n");
+ dlog(LOG_WARNING, "use `link' "
+ "instead of `multicast' as "
+ "parameter.");
action = STATS_LINK;
i++;
} else if (strncmp(argv[i+1], "link",
@@ -284,10 +281,8 @@ int main(int argc, char *argv[])
action = EXP_STATS;
i++;
} else {
- fprintf(stderr, "ERROR: unknown "
- "parameter `%s' for "
- "option `-s'\n",
- argv[i+1]);
+ dlog(LOG_ERR, "unknown parameter `%s' "
+ "for option `-s'", argv[i + 1]);
exit(EXIT_FAILURE);
}
} else {
@@ -296,8 +291,7 @@ int main(int argc, char *argv[])
}
break;
case 'S':
- fprintf(stderr, "WARNING: -S option is obsolete. "
- "Ignoring.\n");
+ dlog(LOG_WARNING,"-S option is obsolete. Ignoring.");
break;
case 'n':
set_operation_mode(&type, REQUEST, argv);
@@ -314,7 +308,7 @@ int main(int argc, char *argv[])
action = EXP_DUMP_EXT_XML;
else {
show_usage(argv[0]);
- fprintf(stderr, "Error: Invalid parameters\n");
+ dlog(LOG_ERR, "Invalid parameters");
exit(EXIT_FAILURE);
}
@@ -327,7 +321,7 @@ int main(int argc, char *argv[])
exit(EXIT_SUCCESS);
default:
show_usage(argv[0]);
- fprintf(stderr, "Unknown option: %s\n", argv[i]);
+ dlog(LOG_ERR, "Unknown option: %s", argv[i]);
return 0;
break;
}
@@ -339,14 +333,14 @@ int main(int argc, char *argv[])
umask(0177);
if ((ret = init_config(config_file)) == -1) {
- fprintf(stderr, "can't open config file `%s'\n", config_file);
+ dlog(LOG_ERR, "can't open config file `%s'", config_file);
exit(EXIT_FAILURE);
}
if (type == REQUEST) {
if (do_local_request(action, &conf.local, local_step) == -1) {
- fprintf(stderr, "can't connect: is conntrackd "
- "running? appropriate permissions?\n");
+ dlog(LOG_ERR, "can't connect: is conntrackd "
+ "running? appropriate permissions?");
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
@@ -363,8 +357,8 @@ int main(int argc, char *argv[])
*/
ret = open(CONFIG(lockfile), O_CREAT | O_EXCL | O_TRUNC, 0600);
if (ret == -1) {
- fprintf(stderr, "lockfile `%s' exists, perhaps conntrackd "
- "already running?\n", CONFIG(lockfile));
+ dlog(LOG_ERR, "lockfile `%s' exists, perhaps conntrackd"
+ " already running?", CONFIG(lockfile));
exit(EXIT_FAILURE);
}
close(ret);
@@ -381,7 +375,8 @@ int main(int argc, char *argv[])
ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
if (ret == -1) {
- perror("sched");
+ dlog(LOG_ERR, "scheduler configuration failed: %s",
+ strerror(errno));
exit(EXIT_FAILURE);
}
}
@@ -391,9 +386,9 @@ int main(int argc, char *argv[])
*/
if (init() == -1) {
+ dlog(LOG_ERR, "conntrackd cannot start, please review your "
+ "configuration");
close_log();
- fprintf(stderr, "ERROR: conntrackd cannot start, please "
- "check the logfile for more info\n");
unlink(CONFIG(lockfile));
exit(EXIT_FAILURE);
}
@@ -408,7 +403,7 @@ int main(int argc, char *argv[])
pid_t pid;
if ((pid = fork()) == -1) {
- perror("fork has failed: ");
+ dlog(LOG_ERR, "fork has failed: %s", strerror(errno));
exit(EXIT_FAILURE);
} else if (pid) {
sd_ct_mainpid(pid);
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 2404058..5f2de7d 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -21,6 +21,7 @@
#include <string.h>
+#include "conntrackd.h"
#include "read_config_yy.h"
%}
@@ -158,14 +159,14 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
{ip6} { yylval.string = strdup(yytext); return T_IP; }
{path} { yylval.string = strdup(yytext); return T_PATH_VAL; }
{alarm} { return T_ALARM; }
-{persistent} { fprintf(stderr, "\nWARNING: Now `persistent' mode "
- "is called `alarm'. Please, update "
- "your conntrackd.conf file.\n");
+{persistent} { dlog(LOG_WARNING, "Now `persistent' mode "
+ "is called `alarm'. Please, update "
+ "your conntrackd.conf file.");
return T_ALARM; }
{ftfw} { return T_FTFW; }
-{nack} { fprintf(stderr, "\nWARNING: Now `nack' mode "
- "is called `ftfw'. Please, update "
- "your conntrackd.conf file.\n");
+{nack} { dlog(LOG_WARNING, "Now `nack' mode "
+ "is called `ftfw'. Please, update "
+ "your conntrackd.conf file.\n");
return T_FTFW; }
{notrack} { return T_NOTRACK; }
{string} { yylval.string = strdup(yytext); return T_STRING; }
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 8fe65f1..082e2ce 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -377,8 +377,8 @@ static int init_sync(void)
else if (CONFIG(flags) & CTD_SYNC_NOTRACK)
STATE_SYNC(sync) = &sync_notrack;
else {
- fprintf(stderr, "WARNING: No synchronization mode specified. "
- "Defaulting to FT-FW mode.\n");
+ dlog(LOG_WARNING, "No synchronization mode specified. "
+ "Defaulting to FT-FW mode.");
CONFIG(flags) |= CTD_SYNC_FTFW;
STATE_SYNC(sync) = &sync_ftfw;
}
diff --git a/src/systemd.c b/src/systemd.c
index 4eb880c..2c5daaf 100644
--- a/src/systemd.c
+++ b/src/systemd.c
@@ -42,8 +42,8 @@ void sd_ct_watchdog_init(void)
ret = sd_watchdog_enabled(0, &sd_watchdog_interval);
if (ret < 0) {
- fprintf(stderr, "WARNING: failed to get watchdog details from"
- " systemd: %s\n", strerror(-ret));
+ dlog(LOG_WARNING, "failed to get watchdog details from "
+ "systemd: %s", strerror(-ret));
return;
} else if (ret == 0) {
/* no watchdog required */
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized
2016-11-04 10:37 [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 2/3] conntrackd: replace error reporting in the config parser with dlog() Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 3/3] conntrackd: replace fprintf calls " Arturo Borrero Gonzalez
@ 2016-11-08 23:30 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-11-08 23:30 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel
On Fri, Nov 04, 2016 at 11:37:02AM +0100, Arturo Borrero Gonzalez wrote:
> This will allow to call dlog() function from all the points in the
> execution at runtime.
>
> If the log was not initialized, then we just fprintf and return.
>
> By now, we can't init the log engine earlier because we require config
> from the user, so there is a egg-chicken problem.
> This means that we can't log parsing messages to logfiles but only to
> stderr/stdout.
Series applied, thanks Arturo.
A couple of things that would be good to revisit, just for the record:
1) Get rid of deprecated stuff. By digging into the git log history I
guess you can probably find that they have been deprecated since
~2008, so it's been already enough time for people to update
configuration files.
2) Make sure the configuration parser works fine with defaults, I mean
with the bare minimum configuration. I remember reports from people
that wrote configuration files from scratch, that were not working.
So I pointed them to the example files to use as template.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-11-08 23:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-04 10:37 [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 2/3] conntrackd: replace error reporting in the config parser with dlog() Arturo Borrero Gonzalez
2016-11-04 10:37 ` [conntrack-tools PATCH 3/3] conntrackd: replace fprintf calls " Arturo Borrero Gonzalez
2016-11-08 23:30 ` [conntrack-tools PATCH 1/3] log: introduce a mechanism to know if log was initialized Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).