diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/cache_iterators.c | 10 | ||||
-rw-r--r-- | src/log.c | 76 | ||||
-rw-r--r-- | src/main.c | 12 | ||||
-rw-r--r-- | src/netlink.c | 12 | ||||
-rw-r--r-- | src/read_config_lex.l | 3 | ||||
-rw-r--r-- | src/read_config_yy.y | 57 | ||||
-rw-r--r-- | src/run.c | 28 | ||||
-rw-r--r-- | src/stats-mode.c | 17 | ||||
-rw-r--r-- | src/sync-mode.c | 33 | ||||
-rw-r--r-- | src/sync-nack.c | 8 |
10 files changed, 176 insertions, 80 deletions
diff --git a/src/cache_iterators.c b/src/cache_iterators.c index 287f92f..24506e4 100644 --- a/src/cache_iterators.c +++ b/src/cache_iterators.c @@ -139,14 +139,14 @@ void cache_commit(struct cache *c) commit_exist = c->commit_exist - commit_exist; /* log results */ - dlog(STATE(log), "Committed %u new entries", commit_ok); + dlog(STATE(log), LOG_INFO, "Committed %u new entries", commit_ok); if (commit_exist) - dlog(STATE(log), "%u entries ignored, " - "already exist", commit_exist); + dlog(STATE(log), LOG_INFO, "%u entries ignored, " + "already exist", commit_exist); if (commit_fail) - dlog(STATE(log), "%u entries can't be " - "committed", commit_fail); + dlog(STATE(log), LOG_INFO, "%u entries can't be " + "committed", commit_fail); } static int do_flush(void *data1, void *data2) @@ -22,36 +22,74 @@ #include <time.h> #include <stdarg.h> #include <string.h> +#include "conntrackd.h" FILE *init_log(char *filename) { - FILE *fd; + FILE *fd = NULL; - fd = fopen(filename, "a+"); - if (fd == NULL) { - fprintf(stderr, "can't open log file `%s'\n", filename); - return NULL; + if (filename[0]) { + fd = fopen(filename, "a+"); + if (fd == NULL) { + fprintf(stderr, "can't open log file `%s'\n", filename); + return NULL; + } } + if (CONFIG(syslog_facility) != -1) + openlog(PACKAGE, LOG_PID, CONFIG(syslog_facility)); + return fd; } -void dlog(FILE *fd, char *format, ...) -{ - time_t t = time(NULL); - char *buf = ctime(&t); - va_list args; - - buf[strlen(buf)-1]='\0'; - va_start(args, format); - fprintf(fd, "[%s] (pid=%d) ", buf, getpid()); - vfprintf(fd, format, args); - va_end(args); - fprintf(fd, "\n"); - fflush(fd); +void dlog(FILE *fd, int priority, char *format, ...) + { + time_t t; + char *buf; + char *prio; + va_list args; + + if (fd) { + t = time(NULL); + buf = ctime(&t); + buf[strlen(buf)-1]='\0'; + switch (priority) { + case LOG_INFO: + prio = "info"; + break; + case LOG_NOTICE: + prio = "notice"; + break; + case LOG_WARNING: + prio = "warning"; + break; + case LOG_ERR: + prio = "ERROR"; + break; + default: + prio = "?"; + break; + } + va_start(args, format); + fprintf(fd, "[%s] (pid=%d) [%s] ", buf, getpid(), prio); + vfprintf(fd, format, args); + va_end(args); + fprintf(fd, "\n"); + fflush(fd); + } + + if (CONFIG(syslog_facility) != -1) { + va_start(args, format); + vsyslog(priority, format, args); + va_end(args); + } } void close_log(FILE *fd) { - fclose(fd); + if (fd != NULL) + fclose(fd); + + if (CONFIG(syslog_facility) != -1) + closelog(); } @@ -244,10 +244,10 @@ int main(int argc, char *argv[]) } /* - * Setting up logfile + * Setting up logging */ STATE(log) = init_log(CONFIG(logfile)); - if (!STATE(log)) { + if (config_set && !STATE(log)) { fprintf(stdout, "can't open logfile `%s\n'", CONFIG(logfile)); exit(EXIT_FAILURE); } @@ -276,15 +276,15 @@ int main(int argc, char *argv[]) pid_t pid; if ((pid = fork()) == -1) { - dlog(STATE(log), "fork() failed: " - "%s", strerror(errno)); + dlog(STATE(log), LOG_ERR, "fork() failed: " + "%s", strerror(errno)); exit(EXIT_FAILURE); } else if (pid) exit(EXIT_SUCCESS); - dlog(STATE(log), "--- starting in daemon mode ---"); + dlog(STATE(log), LOG_INFO, "--- starting in daemon mode ---"); } else - dlog(STATE(log), "--- starting in console mode ---"); + dlog(STATE(log), LOG_INFO, "--- starting in console mode ---"); /* * initialization process diff --git a/src/netlink.c b/src/netlink.c index be5f82e..693646f 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -75,7 +75,7 @@ static int event_handler(enum nf_conntrack_msg_type type, update_traffic_stats(ct); break; default: - dlog(STATE(log), "received unknown msg from ctnetlink\n"); + dlog(STATE(log), LOG_WARNING, "unknown msg from ctnetlink\n"); break; } @@ -136,7 +136,7 @@ static int dump_handler(enum nf_conntrack_msg_type type, STATE(mode)->dump(ct); break; default: - dlog(STATE(log), "received unknown msg from ctnetlink"); + dlog(STATE(log), LOG_WARNING, "unknown msg from ctnetlink"); break; } return NFCT_CB_CONTINUE; @@ -169,7 +169,8 @@ void nl_resize_socket_buffer(struct nfct_handle *h) return; if (s > CONFIG(netlink_buffer_size_max_grown)) { - dlog(STATE(log), "WARNING: maximum netlink socket buffer " + dlog(STATE(log), LOG_WARNING, + "maximum netlink socket buffer " "size has been reached. We are likely to " "be losing events, this may lead to " "unsynchronized replicas. Please, consider " @@ -184,8 +185,9 @@ void nl_resize_socket_buffer(struct nfct_handle *h) CONFIG(netlink_buffer_size) = nfnl_rcvbufsiz(nfct_nfnlh(h), s); /* notify the sysadmin */ - dlog(STATE(log), "netlink socket buffer size has been set to %u bytes", - CONFIG(netlink_buffer_size)); + dlog(STATE(log), LOG_INFO, "netlink socket buffer size " + "has been set to %u bytes", + CONFIG(netlink_buffer_size)); } int nl_dump_conntrack_table(void) diff --git a/src/read_config_lex.l b/src/read_config_lex.l index 87e98d1..48c0409 100644 --- a/src/read_config_lex.l +++ b/src/read_config_lex.l @@ -42,7 +42,7 @@ ip6_part {hex_255}":"? ip6_form1 {ip6_part}{0,16}"::"{ip6_part}{0,16} ip6_form2 ({hex_255}":"){16}{hex_255} ip6 {ip6_form1}|{ip6_form2} -string [a-zA-Z0-9]* +string [a-zA-Z][a-zA-Z0-9]* persistent [P|p][E|e][R|r][S|s][I|i][S|s][T|t][E|e][N|n][T|T] nack [N|n][A|a][C|c][K|k] @@ -73,6 +73,7 @@ nack [N|n][A|a][C|c][K|k] "Backlog" { return T_BACKLOG; } "Group" { return T_GROUP; } "LogFile" { return T_LOG; } +"Syslog" { return T_SYSLOG; } "LockFile" { return T_LOCK; } "General" { return T_GENERAL; } "Sync" { return T_SYNC; } diff --git a/src/read_config_yy.y b/src/read_config_yy.y index de592d2..8bc83fe 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -25,6 +25,7 @@ #include <errno.h> #include "conntrackd.h" #include "ignore.h" +#include <syslog.h> extern char *yytext; extern int yylineno; @@ -48,6 +49,7 @@ struct ct_conf conf; %token T_REPLICATE T_FOR T_IFACE %token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT %token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN +%token T_SYSLOG %token <string> T_IP T_PATH_VAL @@ -72,11 +74,56 @@ line : ignore_protocol | stats ; -log : T_LOG T_PATH_VAL +logfile_bool : T_LOG T_ON +{ + strncpy(conf.logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN); +}; + +logfile_bool : T_LOG T_OFF +{ +}; + +logfile_path : T_LOG T_PATH_VAL { strncpy(conf.logfile, $2, FILENAME_MAXLEN); }; +syslog_bool : T_SYSLOG T_ON +{ + conf.syslog_facility = DEFAULT_SYSLOG_FACILITY; +}; + +syslog_bool : T_SYSLOG T_OFF +{ + conf.syslog_facility = -1; +} + +syslog_facility : T_SYSLOG T_STRING +{ + if (!strcmp($2, "daemon")) + conf.syslog_facility = LOG_DAEMON; + else if (!strcmp($2, "local0")) + conf.syslog_facility = LOG_LOCAL0; + else if (!strcmp($2, "local1")) + conf.syslog_facility = LOG_LOCAL1; + else if (!strcmp($2, "local2")) + conf.syslog_facility = LOG_LOCAL2; + else if (!strcmp($2, "local3")) + conf.syslog_facility = LOG_LOCAL3; + else if (!strcmp($2, "local4")) + conf.syslog_facility = LOG_LOCAL4; + else if (!strcmp($2, "local5")) + conf.syslog_facility = LOG_LOCAL5; + else if (!strcmp($2, "local6")) + conf.syslog_facility = LOG_LOCAL6; + else if (!strcmp($2, "local7")) + conf.syslog_facility = LOG_LOCAL7; + else { + fprintf(stderr, "'%s' is not a known syslog facility, ignoring.\n", $2); + return; + } +}; + lock : T_LOCK T_PATH_VAL { strncpy(conf.lockfile, $2, FILENAME_MAXLEN); @@ -461,7 +508,10 @@ general_list: general_line: hashsize | hashlimit - | log + | logfile_bool + | logfile_path + | syslog_facility + | syslog_bool | lock | unix_line | netlink_buffer_size @@ -516,6 +566,9 @@ init_config(char *filename) if (!fp) return -1; + /* Zero may be a valid facility */ + CONFIG(syslog_facility) = -1; + yyrestart(fp); yyparse(); fclose(fp); @@ -40,7 +40,7 @@ void killer(int foo) STATE(mode)->kill(); destroy_alarm_scheduler(); unlink(CONFIG(lockfile)); - dlog(STATE(log), "------- shutdown received ----"); + dlog(STATE(log), LOG_INFO, "------- shutdown received ----"); close_log(STATE(log)); sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); @@ -60,31 +60,31 @@ void local_handler(int fd, void *data) ret = read(fd, &type, sizeof(type)); if (ret == -1) { - dlog(STATE(log), "can't read from unix socket"); + dlog(STATE(log), LOG_INFO, "can't read from unix socket"); return; } if (ret == 0) { - dlog(STATE(log), "local request: nothing to process?"); + dlog(STATE(log), LOG_INFO, "local request: nothing received?"); return; } switch(type) { case FLUSH_MASTER: - dlog(STATE(log), "[DEPRECATED] `conntrackd -F' is deprecated. " - "Use conntrack -F instead."); + dlog(STATE(log), LOG_NOTICE, "`conntrackd -F' is deprecated. " + "Use conntrack -F instead."); if (fork() == 0) { execlp("conntrack", "conntrack", "-F", NULL); exit(EXIT_SUCCESS); } return; case RESYNC_MASTER: - dlog(STATE(log), "[REQ] resync with master table"); + dlog(STATE(log), LOG_NOTICE, "resync with master table"); nl_dump_conntrack_table(); return; } if (!STATE(mode)->local(fd, type, data)) - dlog(STATE(log), "[FAIL] unknown local request %d", type); + dlog(STATE(log), LOG_ERR, "unknown local request %d", type); } int init(int mode) @@ -105,30 +105,30 @@ int init(int mode) /* Initialization */ if (STATE(mode)->init() == -1) { - dlog(STATE(log), "[FAIL] initialization failed"); + dlog(STATE(log), LOG_ERR, "initialization failed"); return -1; } if (init_alarm_scheduler() == -1) { - dlog(STATE(log), "[FAIL] can't initialize alarm scheduler"); + dlog(STATE(log), LOG_ERR, "can't initialize alarm scheduler"); return -1; } /* local UNIX socket */ STATE(local) = local_server_create(&CONFIG(local)); if (!STATE(local)) { - dlog(STATE(log), "[FAIL] can't open unix socket!"); + dlog(STATE(log), LOG_ERR, "can't open unix socket!"); return -1; } if (nl_init_event_handler() == -1) { - dlog(STATE(log), "[FAIL] can't open netlink handler! " - "no ctnetlink kernel support?"); + dlog(STATE(log), LOG_ERR, "can't open netlink handler! " + "no ctnetlink kernel support?"); return -1; } if (nl_init_dump_handler() == -1) { - dlog(STATE(log), "[FAIL] can't open netlink handler! " + dlog(STATE(log), LOG_ERR, "can't open netlink handler! " "no ctnetlink kernel support?"); return -1; } @@ -152,7 +152,7 @@ int init(int mode) if (signal(SIGCHLD, child) == SIG_ERR) return -1; - dlog(STATE(log), "[OK] initialization completed"); + dlog(STATE(log), LOG_INFO, "initialization completed"); return 0; } diff --git a/src/stats-mode.c b/src/stats-mode.c index 65bab1b..1d68e02 100644 --- a/src/stats-mode.c +++ b/src/stats-mode.c @@ -32,7 +32,7 @@ static int init_stats(void) state.stats = malloc(sizeof(struct ct_stats_state)); if (!state.stats) { - dlog(STATE(log), "[FAIL] can't allocate memory for stats sync"); + dlog(STATE(log), LOG_ERR, "can't allocate memory for stats"); return -1; } memset(state.stats, 0, sizeof(struct ct_stats_state)); @@ -42,8 +42,8 @@ static int init_stats(void) CONFIG(family), NULL); if (!STATE_STATS(cache)) { - dlog(STATE(log), "[FAIL] can't allocate memory for the " - "external cache"); + dlog(STATE(log), LOG_ERR, "can't allocate memory for the " + "external cache"); return -1; } @@ -68,7 +68,7 @@ static int local_handler_stats(int fd, int type, void *data) cache_dump(STATE_STATS(cache), fd, NFCT_O_XML); break; case FLUSH_CACHE: - dlog(STATE(log), "[REQ] flushing caches"); + dlog(STATE(log), LOG_NOTICE, "flushing caches"); cache_flush(STATE_STATS(cache)); break; case KILL: @@ -122,7 +122,7 @@ static void overrun_stats() h = nfct_open(CONNTRACK, 0); if (!h) { - dlog(STATE(log), "can't open overrun handler"); + dlog(STATE(log), LOG_ERR, "can't open overrun handler"); return; } @@ -132,7 +132,8 @@ static void overrun_stats() ret = nfct_query(h, NFCT_Q_DUMP, &family); if (ret == -1) - dlog(STATE(log), "overrun query error %s", strerror(errno)); + dlog(STATE(log), LOG_ERR, + "overrun query error %s", strerror(errno)); nfct_close(h); } @@ -143,8 +144,8 @@ static void event_new_stats(struct nf_conntrack *ct) debug_ct(ct, "cache new"); } else { if (errno != EEXIST) { - dlog(STATE(log), "can't add to cache cache: " - "%s\n", strerror(errno)); + dlog(STATE(log), LOG_ERR, + "can't add to cache cache: %s\n", strerror(errno)); debug_ct(ct, "can't add"); } } diff --git a/src/sync-mode.c b/src/sync-mode.c index 917a3b2..e48b121 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -77,7 +77,7 @@ retry: debug_ct(ct, "can't destroy"); break; default: - dlog(STATE(log), "mcast received unknown query %d\n", query); + dlog(STATE(log), LOG_ERR, "mcast unknown query %d\n", query); break; } } @@ -97,7 +97,7 @@ static void mcast_handler() struct nethdr *net = (struct nethdr *) ptr; if (ntohs(net->len) > remain) { - dlog(STATE(log), "fragmented messages"); + dlog(STATE(log), LOG_ERR, "fragmented messages"); break; } @@ -121,7 +121,7 @@ static int init_sync(void) state.sync = malloc(sizeof(struct ct_sync_state)); if (!state.sync) { - dlog(STATE(log), "[FAIL] can't allocate memory for state sync"); + dlog(STATE(log), LOG_ERR, "can't allocate memory for sync"); return -1; } memset(state.sync, 0, sizeof(struct ct_sync_state)); @@ -142,8 +142,8 @@ static int init_sync(void) STATE_SYNC(sync)->internal_cache_extra); if (!STATE_SYNC(internal)) { - dlog(STATE(log), "[FAIL] can't allocate memory for " - "the internal cache"); + dlog(STATE(log), LOG_ERR, "can't allocate memory for " + "the internal cache"); return -1; } @@ -154,27 +154,27 @@ static int init_sync(void) NULL); if (!STATE_SYNC(external)) { - dlog(STATE(log), "[FAIL] can't allocate memory for the " - "external cache"); + dlog(STATE(log), LOG_ERR, "can't allocate memory for the " + "external cache"); return -1; } /* multicast server to receive events from the wire */ STATE_SYNC(mcast_server) = mcast_server_create(&CONFIG(mcast)); if (STATE_SYNC(mcast_server) == NULL) { - dlog(STATE(log), "[FAIL] can't open multicast server!"); + dlog(STATE(log), LOG_ERR, "can't open multicast server!"); return -1; } /* multicast client to send events on the wire */ STATE_SYNC(mcast_client) = mcast_client_create(&CONFIG(mcast)); if (STATE_SYNC(mcast_client) == NULL) { - dlog(STATE(log), "[FAIL] can't open client multicast socket!"); + dlog(STATE(log), LOG_ERR, "can't open client multicast socket"); return -1; } if (mcast_buffered_init(&CONFIG(mcast)) == -1) { - dlog(STATE(log), "[FAIL] can't init tx buffer!"); + dlog(STATE(log), LOG_ERR, "can't init tx buffer!"); return -1; } @@ -269,13 +269,13 @@ static int local_handler_sync(int fd, int type, void *data) case COMMIT: ret = fork(); if (ret == 0) { - dlog(STATE(log), "[REQ] committing external cache"); + dlog(STATE(log), LOG_INFO, "committing external cache"); cache_commit(STATE_SYNC(external)); exit(EXIT_SUCCESS); } break; case FLUSH_CACHE: - dlog(STATE(log), "[REQ] flushing caches"); + dlog(STATE(log), LOG_INFO, "flushing caches"); cache_flush(STATE_SYNC(internal)); cache_flush(STATE_SYNC(external)); break; @@ -398,7 +398,7 @@ static void overrun_sync() h = nfct_open(CONNTRACK, 0); if (!h) { - dlog(STATE(log), "can't open overrun handler"); + dlog(STATE(log), LOG_ERR, "can't open overrun handler"); return; } @@ -406,7 +406,8 @@ static void overrun_sync() ret = nfct_query(h, NFCT_Q_DUMP, &family); if (ret == -1) - dlog(STATE(log), "overrun query error %s", strerror(errno)); + dlog(STATE(log), LOG_ERR, + "overrun query error %s", strerror(errno)); nfct_callback_unregister(h); @@ -436,8 +437,8 @@ retry: goto retry; } - dlog(STATE(log), "can't add to internal cache: " - "%s\n", strerror(errno)); + dlog(STATE(log), LOG_ERR, "can't add to internal cache: " + "%s\n", strerror(errno)); debug_ct(ct, "can't add"); } } diff --git a/src/sync-nack.c b/src/sync-nack.c index dbda0a7..fa61be4 100644 --- a/src/sync-nack.c +++ b/src/sync-nack.c @@ -74,13 +74,13 @@ static int nack_init() { tx_queue = buffer_create(CONFIG(resend_buffer_size)); if (tx_queue == NULL) { - dlog(STATE(log), "[FAIL] cannot create tx buffer"); + dlog(STATE(log), LOG_ERR, "cannot create tx buffer"); return -1; } rs_queue = buffer_create(CONFIG(resend_buffer_size)); if (rs_queue == NULL) { - dlog(STATE(log), "[FAIL] cannot create rs buffer"); + dlog(STATE(log), LOG_ERR, "cannot create rs buffer"); return -1; } @@ -125,11 +125,11 @@ static int nack_local(int fd, int type, void *data) switch(type) { case REQUEST_DUMP: - dlog(STATE(log), "[REQ] request resync"); + dlog(STATE(log), LOG_NOTICE, "request resync"); tx_queue_add_ctlmsg(NET_F_RESYNC, 0, 0); break; case SEND_BULK: - dlog(STATE(log), "[REQ] sending bulk update"); + dlog(STATE(log), LOG_NOTICE, "sending bulk update"); cache_iterate(STATE_SYNC(internal), NULL, do_cache_to_tx); break; default: |