Some of the LOG_NOTICE messages from PF were seen in normal operations

with certain rulesets and excessively noisy; move them to LOG_INFO (which was
previously unused).  ok benno@

diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c
index f2509a4..74acc53 100644 (file)
--- a/sys/net/pf_lb.c
+++ b/sys/net/pf_lb.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf_lb.c,v 1.59 2017/02/08 01:20:40 jsg Exp $ */
+/*     $OpenBSD: pf_lb.c,v 1.60 2017/04/23 11:37:11 sthen Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -619,9 +619,9 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
                        return (1);
        }
 
-       if (pf_status.debug >= LOG_NOTICE &&
+       if (pf_status.debug >= LOG_INFO &&
            (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
-               log(LOG_NOTICE, "pf: pf_map_addr: selected address ");
+               log(LOG_INFO, "pf: pf_map_addr: selected address ");
                pf_print_host(naddr, 0, af);
                if ((rpool->opts & PF_POOL_TYPEMASK) ==
                    PF_POOL_LEASTSTATES)
@@ -707,8 +707,8 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd,
        u_int16_t       nport;
        int             prefixlen = 96;
 
-       if (pf_status.debug >= LOG_NOTICE) {
-               log(LOG_NOTICE, "pf: af-to %s %s, ",
+       if (pf_status.debug >= LOG_INFO) {
+               log(LOG_INFO, "pf: af-to %s %s, ",
                    pd->naf == AF_INET ? "inet" : "inet6",
                    r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr");
                pf_print_host(&pd->nsaddr, pd->nsport, pd->af);
@@ -815,8 +815,8 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd,
        PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf);
        PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf);
 
-       if (pf_status.debug >= LOG_NOTICE) {
-               log(LOG_NOTICE, "pf: af-to %s %s done, prefixlen %d, ",
+       if (pf_status.debug >= LOG_INFO) {
+               log(LOG_INFO, "pf: af-to %s %s done, prefixlen %d, ",
                    pd->naf == AF_INET ? "inet" : "inet6",
                    r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr",
                    prefixlen);
@@ -904,8 +904,8 @@ pf_postprocess_addr(struct pf_state *cur)
                }
        }
        if (slbcount > -1) {
-               if (pf_status.debug >= LOG_NOTICE) {
-                       log(LOG_NOTICE, "pf: %s: selected address ", __func__);
+               if (pf_status.debug >= LOG_INFO) {
+                       log(LOG_INFO, "pf: %s: selected address ", __func__);
                        pf_print_host(&lookup_addr, sks->port[0],
                            sks->af);
                        addlog(" decreased state count to %u\n",

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index ce020ef..3dfa98a 100644 (file)
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf_norm.c,v 1.202 2017/03/17 17:19:16 mpi Exp $ */
+/*     $OpenBSD: pf_norm.c,v 1.203 2017/04/23 11:37:11 sthen Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -286,7 +286,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent,
                goto bad_fragment;
        }
 
-       DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ?
+       DPFPRINTF(LOG_INFO, key->fr_af == AF_INET ?
            "reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d",
            key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len);
 
@@ -456,7 +456,7 @@ pf_isfull_fragment(struct pf_fragment *frag)
                        return (0);
                }
        }
-       DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total);
+       DPFPRINTF(LOG_INFO, "%d < %d?", off, total);
        if (off < total)
                return (0);
        KASSERT(off == total);
@@ -569,7 +569,7 @@ pf_reassemble(struct mbuf **m0, int dir, u_short *reason)
                return (PF_DROP);
        }
 
-       DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len));
+       DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip->ip_len));
        return (PF_PASS);
 }
 
@@ -676,7 +676,7 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr,
                return (PF_DROP);
        }
 
-       DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
+       DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip6->ip6_plen));
        return (PF_PASS);
 
 fail:

diff --git a/sys/net/pf_osfp.c b/sys/net/pf_osfp.c
index d0c5939..5e04d37 100644 (file)
--- a/sys/net/pf_osfp.c
+++ b/sys/net/pf_osfp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf_osfp.c,v 1.39 2016/11/22 19:29:54 procter Exp $ */
+/*     $OpenBSD: pf_osfp.c,v 1.40 2017/04/23 11:37:11 sthen Exp $ */
 
 /*
  * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
@@ -238,7 +238,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6,
                optlen = MAX(optlen, 1);        /* paranoia */
        }
 
-       DPFPRINTF(LOG_NOTICE,
+       DPFPRINTF(LOG_INFO,
            "fingerprinted %s:%d  %d:%d:%d:%d:%llx (%d) "
            "(TS=%s,M=%s%d,W=%s%d)",
            srcname, ntohs(tcp->th_sport),
@@ -269,7 +269,7 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os)
        if (os == PF_OSFP_ANY)
                return (1);
        if (list == NULL) {
-               DPFPRINTF(LOG_NOTICE, "osfp no match against %x", os);
+               DPFPRINTF(LOG_INFO, "osfp no match against %x", os);
                return (os == PF_OSFP_UNKNOWN);
        }
        PF_OSFP_UNPACK(os, os_class, os_version, os_subtype);
@@ -278,14 +278,14 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os)
                if ((os_class == PF_OSFP_ANY || en_class == os_class) &&
                    (os_version == PF_OSFP_ANY || en_version == os_version) &&
                    (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) {
-                       DPFPRINTF(LOG_NOTICE,
+                       DPFPRINTF(LOG_INFO,
                            "osfp matched %s %s %s  %x==%x",
                            entry->fp_class_nm, entry->fp_version_nm,
                            entry->fp_subtype_nm, os, entry->fp_os);
                        return (1);
                }
        }
-       DPFPRINTF(LOG_NOTICE, "fingerprint 0x%x didn't match", os);
+       DPFPRINTF(LOG_INFO, "fingerprint 0x%x didn't match", os);
        return (0);
 }