Currently LOG_NOTICE is used for some things which are rather common,
as well as some things which are unusual. So, if you want to find the
unusual things, depending on your ruleset you can have a lot of noise
and perhaps a lot of load due to the logging.
This diff moves these to LOG_INFO (which is currently unused in PF).
With it I can now run with "pfctl -xn" to log things like loose state
matches, state failure, missing fragments, etc, without several lines
from each osfp match, "selected address" for translation rules, etc.
OK?
Index: pf_lb.c
===================================================================
RCS file: /cvs/src/sys/net/pf_lb.c,v
retrieving revision 1.59
diff -u -p -r1.59 pf_lb.c
--- pf_lb.c 8 Feb 2017 01:20:40 -0000 1.59
+++ pf_lb.c 21 Apr 2017 09:13:17 -0000
@@ -619,9 +619,9 @@ pf_map_addr(sa_family_t af, struct pf_ru
return (1);
}
- if (pf_status.debug >= LOG_NOTICE &&
+ if (pf_status.debug >= LOG_INFO &&
(rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
- log(LOG_NOTICE, "pf: pf_map_addr: selected address ");
+ log(LOG_INFO, "pf: pf_map_addr: selected address ");
pf_print_host(naddr, 0, af);
if ((rpool->opts & PF_POOL_TYPEMASK) ==
PF_POOL_LEASTSTATES)
@@ -707,8 +707,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
u_int16_t nport;
int prefixlen = 96;
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: af-to %s %s, ",
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: af-to %s %s, ",
pd->naf == AF_INET ? "inet" : "inet6",
r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr");
pf_print_host(&pd->nsaddr, pd->nsport, pd->af);
@@ -815,8 +815,8 @@ pf_get_transaddr_af(struct pf_rule *r, s
PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf);
PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf);
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: af-to %s %s done, prefixlen %d, ",
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: af-to %s %s done, prefixlen %d, ",
pd->naf == AF_INET ? "inet" : "inet6",
r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr",
prefixlen);
@@ -904,8 +904,8 @@ pf_postprocess_addr(struct pf_state *cur
}
}
if (slbcount > -1) {
- if (pf_status.debug >= LOG_NOTICE) {
- log(LOG_NOTICE, "pf: %s: selected address ", __func__);
+ if (pf_status.debug >= LOG_INFO) {
+ log(LOG_INFO, "pf: %s: selected address ", __func__);
pf_print_host(&lookup_addr, sks->port[0],
sks->af);
addlog(" decreased state count to %u\n",
Index: pf_norm.c
===================================================================
RCS file: /cvs/src/sys/net/pf_norm.c,v
retrieving revision 1.202
diff -u -p -r1.202 pf_norm.c
--- pf_norm.c 17 Mar 2017 17:19:16 -0000 1.202
+++ pf_norm.c 21 Apr 2017 09:13:17 -0000
@@ -286,7 +286,7 @@ pf_fillup_fragment(struct pf_fragment_cm
goto bad_fragment;
}
- DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ?
+ DPFPRINTF(LOG_INFO, key->fr_af == AF_INET ?
"reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d",
key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len);
@@ -456,7 +456,7 @@ pf_isfull_fragment(struct pf_fragment *f
return (0);
}
}
- DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total);
+ DPFPRINTF(LOG_INFO, "%d < %d?", off, total);
if (off < total)
return (0);
KASSERT(off == total);
@@ -569,7 +569,7 @@ pf_reassemble(struct mbuf **m0, int dir,
return (PF_DROP);
}
- DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len));
+ DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip->ip_len));
return (PF_PASS);
}
@@ -676,7 +676,7 @@ pf_reassemble6(struct mbuf **m0, struct
return (PF_DROP);
}
- DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
+ DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
return (PF_PASS);
fail:
Index: pf_osfp.c
===================================================================
RCS file: /cvs/src/sys/net/pf_osfp.c,v
retrieving revision 1.39
diff -u -p -r1.39 pf_osfp.c
--- pf_osfp.c 22 Nov 2016 19:29:54 -0000 1.39
+++ pf_osfp.c 21 Apr 2017 09:13:17 -0000
@@ -238,7 +238,7 @@ pf_osfp_fingerprint_hdr(const struct ip
optlen = MAX(optlen, 1); /* paranoia */
}
- DPFPRINTF(LOG_NOTICE,
+ DPFPRINTF(LOG_INFO,
"fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) "
"(TS=%s,M=%s%d,W=%s%d)",
srcname, ntohs(tcp->th_sport),
@@ -269,7 +269,7 @@ pf_osfp_match(struct pf_osfp_enlist *lis
if (os == PF_OSFP_ANY)
return (1);
if (list == NULL) {
- DPFPRINTF(LOG_NOTICE, "osfp no match against %x", os);
+ DPFPRINTF(LOG_INFO, "osfp no match against %x", os);
return (os == PF_OSFP_UNKNOWN);
}
PF_OSFP_UNPACK(os, os_class, os_version, os_subtype);
@@ -278,14 +278,14 @@ pf_osfp_match(struct pf_osfp_enlist *lis
if ((os_class == PF_OSFP_ANY || en_class == os_class) &&
(os_version == PF_OSFP_ANY || en_version == os_version) &&
(os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) {
- DPFPRINTF(LOG_NOTICE,
+ DPFPRINTF(LOG_INFO,
"osfp matched %s %s %s %x==%x",
entry->fp_class_nm, entry->fp_version_nm,
entry->fp_subtype_nm, os, entry->fp_os);
return (1);
}
}
- DPFPRINTF(LOG_NOTICE, "fingerprint 0x%x didn't match", os);
+ DPFPRINTF(LOG_INFO, "fingerprint 0x%x didn't match", os);
return (0);
}
