Author: melifaro
Date: Mon Nov 5 22:30:56 2012
New Revision: 242631
URL: http://svnweb.freebsd.org/changeset/base/242631
Log:
Use unified print_dyn_rule_flags() function for debugging messages
instead of hand-made printfs in every place.
MFC after: 1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_dynamic.c
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c Mon Nov 5 21:55:22 2012
(r242630)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Mon Nov 5 22:30:56 2012
(r242631)
@@ -258,8 +258,12 @@ hash_packet(struct ipfw_flow_id *id)
return i;
}
-static __inline void
-unlink_dyn_rule_print(struct ipfw_flow_id *id)
+/**
+ * Print customizable flow id description via log(9) facility.
+ */
+static void
+print_dyn_rule_flags(struct ipfw_flow_id *id, int dyn_type, int log_flags,
+ char *prefix, char *postfix)
{
struct in_addr da;
#ifdef INET6
@@ -280,10 +284,14 @@ unlink_dyn_rule_print(struct ipfw_flow_i
da.s_addr = htonl(id->dst_ip);
inet_ntop(AF_INET, &da, dst, sizeof(dst));
}
- printf("ipfw: unlink entry %s %d -> %s %d, %d left\n",
- src, id->src_port, dst, id->dst_port, V_dyn_count - 1);
+ log(log_flags, "ipfw: %s type %d %s %d -> %s %d, %d %s\n",
+ prefix, dyn_type, src, id->src_port, dst,
+ id->dst_port, V_dyn_count, postfix);
}
+#define print_dyn_rule(id, dtype, prefix, postfix) \
+ print_dyn_rule_flags(id, dtype, LOG_DEBUG, prefix, postfix)
+
/**
* unlink a dynamic rule from a chain. prev is a pointer to
* the previous one, q is a pointer to the rule to delete,
@@ -296,12 +304,12 @@ unlink_dyn_rule_print(struct ipfw_flow_i
/* remove a refcount to the parent */ \
if (q->dyn_type == O_LIMIT) \
q->parent->count--; \
- DEB(unlink_dyn_rule_print(&q->id);) \
+ V_dyn_count--; \
+ DEB(print_dyn_rule(&q->id, q->dyn_type, "unlink entry", "left");) \
if (prev != NULL) \
prev->next = q = q->next; \
else \
head = q = q->next; \
- V_dyn_count--; \
uma_zfree(ipfw_dyn_rule_zone, old_q); }
#define TIME_LEQ(a,b) ((int)((a)-(b)) <= 0)
@@ -639,32 +647,7 @@ add_dyn_rule(struct ipfw_flow_id *id, u_
r->next = V_ipfw_dyn_v[i];
V_ipfw_dyn_v[i] = r;
V_dyn_count++;
- DEB({
- struct in_addr da;
-#ifdef INET6
- char src[INET6_ADDRSTRLEN];
- char dst[INET6_ADDRSTRLEN];
-#else
- char src[INET_ADDRSTRLEN];
- char dst[INET_ADDRSTRLEN];
-#endif
-
-#ifdef INET6
- if (IS_IP6_FLOW_ID(&(r->id))) {
- ip6_sprintf(src, &r->id.src_ip6);
- ip6_sprintf(dst, &r->id.dst_ip6);
- } else
-#endif
- {
- da.s_addr = htonl(r->id.src_ip);
- inet_ntop(AF_INET, &da, src, sizeof(src));
- da.s_addr = htonl(r->id.dst_ip);
- inet_ntop(AF_INET, &da, dst, sizeof(dst));
- }
- printf("ipfw: add dyn entry ty %d %s %d -> %s %d, total %d\n",
- dyn_type, src, r->id.src_port, dst, r->id.dst_port,
- V_dyn_count);
- })
+ DEB(print_dyn_rule(id, dyn_type, "add dyn entry", "total");)
return r;
}
@@ -701,7 +684,8 @@ lookup_dyn_parent(struct ipfw_flow_id *p
)
) {
q->expire = time_uptime + V_dyn_short_lifetime;
- DEB(printf("ipfw: lookup_dyn_parent found
0x%p\n",q);)
+ DEB(print_dyn_rule(pkt, q->dyn_type,
+ "lookup_dyn_parent found", "");)
return q;
}
}
@@ -720,38 +704,11 @@ ipfw_install_state(struct ip_fw *rule, i
{
static int last_log;
ipfw_dyn_rule *q;
- struct in_addr da;
-#ifdef INET6
- char src[INET6_ADDRSTRLEN + 2], dst[INET6_ADDRSTRLEN + 2];
-#else
- char src[INET_ADDRSTRLEN], dst[INET_ADDRSTRLEN];
-#endif
- src[0] = '\0';
- dst[0] = '\0';
+ DEB(print_dyn_rule(&args->f_id, cmd->o.opcode, "install_state", "");)
IPFW_DYN_LOCK();
- DEB(
-#ifdef INET6
- if (IS_IP6_FLOW_ID(&(args->f_id))) {
- ip6_sprintf(src, &args->f_id.src_ip6);
- ip6_sprintf(dst, &args->f_id.dst_ip6);
- } else
-#endif
- {
- da.s_addr = htonl(args->f_id.src_ip);
- inet_ntop(AF_INET, &da, src, sizeof(src));
- da.s_addr = htonl(args->f_id.dst_ip);
- inet_ntop(AF_INET, &da, dst, sizeof(dst));
- }
- printf("ipfw: %s: type %d %s %u -> %s %u\n",
- __func__, cmd->o.opcode, src, args->f_id.src_port,
- dst, args->f_id.dst_port);
- src[0] = '\0';
- dst[0] = '\0';
- )
-
q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
if (q != NULL) { /* should never occur */
@@ -833,38 +790,15 @@ ipfw_install_state(struct ip_fw *rule, i
if (parent->count >= conn_limit) {
if (V_fw_verbose && last_log != time_uptime) {
last_log = time_uptime;
-#ifdef INET6
- /*
- * XXX IPv6 flows are not
- * supported yet.
- */
- if (IS_IP6_FLOW_ID(&(args->f_id))) {
- char ip6buf[INET6_ADDRSTRLEN];
- snprintf(src, sizeof(src),
- "[%s]", ip6_sprintf(ip6buf,
- &args->f_id.src_ip6));
- snprintf(dst, sizeof(dst),
- "[%s]", ip6_sprintf(ip6buf,
- &args->f_id.dst_ip6));
- } else
-#endif
- {
- da.s_addr =
- htonl(args->f_id.src_ip);
- inet_ntop(AF_INET, &da, src,
- sizeof(src));
- da.s_addr =
- htonl(args->f_id.dst_ip);
- inet_ntop(AF_INET, &da, dst,
- sizeof(dst));
- }
- log(LOG_SECURITY | LOG_DEBUG,
- "ipfw: %d %s %s:%u -> %s:%u, %s\n",
- parent->rule->rulenum,
- "drop session",
- src, (args->f_id.src_port),
- dst, (args->f_id.dst_port),
- "too many entries");
+ char sbuf[24];
+ last_log = time_uptime;
+ snprintf(sbuf, sizeof(sbuf),
+ "%d drop session",
+ parent->rule->rulenum);
+ print_dyn_rule_flags(&args->f_id,
+ cmd->o.opcode,
+ LOG_SECURITY | LOG_DEBUG,
+ sbuf, "too many entries");
}
IPFW_DYN_UNLOCK();
return (1);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
